diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-07-16 18:34:17 +0200 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-07-16 18:34:17 +0200 |
| commit | 43b57a3c903669fc9de36c46e99773bac97a2102 (patch) | |
| tree | 1e5cd74c040f79709d0265acb134bb50085848e3 | |
| parent | 05d5c29bb3be38d40484f9c5bb5fdbdc131cba9f (diff) | |
| parent | 4ae32fabc822b3c8ed51d380969f7db682d1bfae (diff) | |
| download | moa-id-spss-43b57a3c903669fc9de36c46e99773bac97a2102.tar.gz moa-id-spss-43b57a3c903669fc9de36c46e99773bac97a2102.tar.bz2 moa-id-spss-43b57a3c903669fc9de36c46e99773bac97a2102.zip | |
Merge branch 'huge_refactoring' into development_preview
# Conflicts:
# id/server/doc/handbook/config/config.html
# id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
# id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
# id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
# id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
915 files changed, 19868 insertions, 31555 deletions
diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index 28c0a9fe4..7f503d533 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -67,6 +67,15 @@ </dependency> <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_pvp2_core</artifactId> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf-core</artifactId> + </dependency> + + <dependency> <groupId>MOA.id</groupId> <artifactId>moa-id-webgui</artifactId> <version>1.0</version> diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java index f17ec82cb..0d416b8c0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java @@ -28,16 +28,16 @@ import java.util.List; import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.metadata.RequestedAttribute; +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -public class AttributeListBuilder implements PVPConstants{ +public class AttributeListBuilder implements PVPAttributeDefinitions{ protected static RequestedAttribute buildReqAttribute(String name, String friendlyName, boolean required) { RequestedAttribute attribute = SAML2Utils.createSAMLObject(RequestedAttribute.class); attribute.setIsRequired(required); attribute.setName(name); - attribute.setFriendlyName(friendlyName); + attribute.setFriendlyName(friendlyName); attribute.setNameFormat(Attribute.URI_REFERENCE); return attribute; } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java index e3de84b0b..730dfe764 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java @@ -30,8 +30,8 @@ import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.xml.XMLObject; import org.opensaml.xml.security.x509.BasicX509Credential; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egovernment.moa.id.config.webgui.exception.SignatureValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier; public class MetaDataVerificationFilter implements MetadataFilter { @@ -51,9 +51,9 @@ public class MetaDataVerificationFilter implements MetadataFilter { throw new SignatureValidationException("Root element of metadata file has to be signed"); } try { - processEntitiesDescriptor(entitiesDescriptor); + processEntitiesDescriptor(entitiesDescriptor); - } catch (MOAIDException e) { + } catch (EAAFException e) { throw new SignatureValidationException("Invalid signature element in EntitiesDescriptor"); } @@ -66,13 +66,13 @@ public class MetaDataVerificationFilter implements MetadataFilter { else throw new SignatureValidationException("Root element of metadata file has to be signed", null); - } catch (MOAIDException e) { + } catch (EAAFException e) { throw new SignatureValidationException("Invalid signature element in EntityDescriptor", null); } } } - private void processEntitiesDescriptor(EntitiesDescriptor desc) throws MOAIDException { + private void processEntitiesDescriptor(EntitiesDescriptor desc) throws EAAFException { Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator(); if(desc.getSignature() != null) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java index a25cc44ef..27673eafd 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java @@ -32,8 +32,8 @@ import org.opensaml.ws.soap.soap11.Envelope; import org.opensaml.xml.XMLObject; import org.opensaml.xml.signature.SignatureTrustEngine; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.AbstractRequestSignedSecurityPolicyRule; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule; /** * @author tlenz @@ -42,8 +42,8 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSigned public class PVPSOAPRequestSecurityPolicy extends AbstractRequestSignedSecurityPolicyRule { - /** - * @param trustEngine + /** + * @param trustEngine * @param peerEntityRole */ public PVPSOAPRequestSecurityPolicy(SignatureTrustEngine trustEngine, diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index cfb39b15c..d249fa597 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -55,6 +55,7 @@ import org.springframework.context.ApplicationContext; import org.springframework.context.support.ClassPathXmlApplicationContext; import org.springframework.context.support.GenericApplicationContext; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; @@ -64,7 +65,6 @@ import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter; import at.gv.egovernment.moa.id.configuration.config.usermanagement.FileBasedUserConfiguration; import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import iaik.asn1.structures.AlgorithmID; import iaik.x509.X509Certificate; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/usermanagement/FileBasedUserConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/usermanagement/FileBasedUserConfiguration.java index 986dc0db5..6f9ce0e7d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/usermanagement/FileBasedUserConfiguration.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/usermanagement/FileBasedUserConfiguration.java @@ -17,9 +17,9 @@ import org.slf4j.LoggerFactory; import at.gv.egiz.components.configuration.api.Configuration; import at.gv.egiz.components.configuration.api.ConfigurationException; import at.gv.egiz.components.configuration.file.PropertiesBasedConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java index b3f7c1f79..ca0bb8ac4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java @@ -304,10 +304,10 @@ public class FormularCustomization implements IOnlineApplicationData { } if (authoa.getMandates() != null && - (authoa.getMandates().getProfileName() != null + ((authoa.getMandates().getProfileName() != null && authoa.getMandates().getProfileName().size() > 0) - || MiscUtil.isNotEmpty(authoa.getMandates().getProfiles())) - + || MiscUtil.isNotEmpty(authoa.getMandates().getProfiles()))) + bkuselectioncustom.setMandateLoginButton(true); else bkuselectioncustom.setMandateLoginButton(false); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index 82eb5592a..dc6e840d7 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -28,6 +28,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.ChainingModeType; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.ChainingModes; @@ -54,7 +55,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoT import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TrustAnchor; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java index ad99f5d22..e896bb80b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java @@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.BKUURLS; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfiguration; @@ -41,7 +42,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TemplateType; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TemplatesType; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TestCredentials; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoType; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; @@ -85,6 +85,11 @@ public class OAAuthenticationData implements IOnlineApplicationData { private boolean useTestIDLValidationTrustStore = false; private boolean useTestAuthblockValidationTrustStore = false; + + //SL2.0 + private boolean sl20Active = false; + private String sl20EndPoints = null; + /** * */ @@ -100,9 +105,9 @@ public class OAAuthenticationData implements IOnlineApplicationData { try { MOAIDConfiguration dbconfig = ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); - elgaServicesList = KeyValueUtils.getListOfCSVValues(dbconfig.getElgaMandateServiceURLs()); - + try { + elgaServicesList = KeyValueUtils.getListOfCSVValues(dbconfig.getElgaMandateServiceURLs()); misServicesList = KeyValueUtils.getListOfCSVValues( dbconfig.getAuthComponentGeneral().getOnlineMandates().getConnectionParameter().getURL()); } catch (NullPointerException e) {} @@ -253,6 +258,29 @@ public class OAAuthenticationData implements IOnlineApplicationData { useTestIDLValidationTrustStore = oaauth.getTestCredentials().isUseTestIDLTrustStore(); } + //parse SL2.0 information + if (oaauth.isSl20Active()) { + //parse SL2.0 endpoint information + if (oaauth.getSl20EndPoints() != null) { + if (KeyValueUtils.isCSVValueString(oaauth.getSl20EndPoints())) + sl20EndPoints = KeyValueUtils.normalizeCSVValueString(oaauth.getSl20EndPoints()); + + else { + if (oaauth.getSl20EndPoints().contains(KeyValueUtils.CSV_DELIMITER)) { + //remove trailing comma if exist + sl20EndPoints = oaauth.getSl20EndPoints().substring(0, + oaauth.getSl20EndPoints().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else + sl20EndPoints = oaauth.getSl20EndPoints(); + + } + } + sl20Active = oaauth.isSl20Active(); + + } + + return null; } @@ -392,7 +420,10 @@ public class OAAuthenticationData implements IOnlineApplicationData { testing.setUseTestIDLTrustStore(useTestIDLValidationTrustStore); - + //store SL2.0 information + authoa.setSl20Active(isSl20Active()); + authoa.setSl20EndPoints(getSl20EndPoints()); + return null; } @@ -768,6 +799,28 @@ public class OAAuthenticationData implements IOnlineApplicationData { public List<String> getSzrgwServicesList() { return szrgwServicesList; } + + + public boolean isSl20Active() { + return sl20Active; + } + + public void setSl20Active(boolean sl20Active) { + this.sl20Active = sl20Active; + } + + public String getSl20EndPoints() { + return sl20EndPoints; + } + + public void setSl20EndPoints(String sl20EndPoints) { + if (MiscUtil.isNotEmpty(sl20EndPoints)) + this.sl20EndPoints = + KeyValueUtils.removeAllNewlineFromString(sl20EndPoints); + else + this.sl20EndPoints = sl20EndPoints; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java index bb98d2e64..18bebf9d8 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java @@ -27,8 +27,8 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java index b4b3aaf13..381bf5cc7 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java @@ -27,6 +27,7 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; @@ -56,6 +57,8 @@ public class OATargetConfiguration implements IOnlineApplicationData { private String identificationNumber = null; private String identificationType = null; private static List<String> identificationTypeList = null; + + private String foreignbPKTargets = null; public OATargetConfiguration() { targetList = TargetValidator.getListOfTargets(); @@ -145,6 +148,26 @@ public class OATargetConfiguration implements IOnlineApplicationData { } } + + //parse foreign bPK sector list + if (dbOA.getForeignbPKTargetList() != null) { + if (KeyValueUtils.isCSVValueString(dbOA.getForeignbPKTargetList())) + foreignbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getForeignbPKTargetList()); + + else { + if (dbOA.getForeignbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) { + //remove trailing comma if exist + foreignbPKTargets = dbOA.getForeignbPKTargetList().substring(0, + dbOA.getForeignbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else + foreignbPKTargets = dbOA.getForeignbPKTargetList(); + + } + } + + + return null; } @@ -253,6 +276,9 @@ public class OATargetConfiguration implements IOnlineApplicationData { } } } + + dbOA.setForeignbPKTargetList(getForeignbPKTargets()); + return null; } @@ -401,6 +427,22 @@ public class OATargetConfiguration implements IOnlineApplicationData { public void setSubTargetSet(boolean subTargetSet) { this.subTargetSet = subTargetSet; } + + + public String getForeignbPKTargets() { + return foreignbPKTargets; + } + + + public void setForeignbPKTargets(String foreignbPKTargets) { + if (MiscUtil.isNotEmpty(foreignbPKTargets)) + this.foreignbPKTargets = + KeyValueUtils.removeAllNewlineFromString(foreignbPKTargets); + else + this.foreignbPKTargets = foreignbPKTargets; + } + + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java index 0fb41189d..8f3b8f479 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java @@ -43,11 +43,11 @@ import javax.mail.internet.MimeMultipart; import org.apache.commons.io.IOUtils; import org.apache.log4j.Logger; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; public class MailHelper { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java index 539deac9e..9e0b8b1cd 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java @@ -44,9 +44,11 @@ import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException; +import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.frontend.builder.AbstractServiceProviderSpecificGUIFormBuilderConfiguration; import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils; -import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; @@ -54,7 +56,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfigurat import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.STORK; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.Constants; @@ -66,7 +67,6 @@ import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; import iaik.utils.URLDecoder; @@ -512,17 +512,17 @@ public class BasicOAAction extends BasicAction { } else { //TODO: work-around for old config tool and new key/value configuration //see: NewConfigurationDBRead.java Line 81 - if (oa.getHjid() > 1000000) { - if (serviceIdentifier.equals(MOAIDConfigurationConstants.PREFIX_GATEWAY)) - oa.setHjid(oa.getHjid() - 1000000); - else if (serviceIdentifier.equals(MOAIDConfigurationConstants.PREFIX_IIDP)) - oa.setHjid(oa.getHjid() - 2000000); - else if (serviceIdentifier.equals(MOAIDConfigurationConstants.PREFIX_VIDP)) - oa.setHjid(oa.getHjid() - 3000000); - else - log.warn("Inconsistent state found! Service Identifier for OA found but Hjid is > 1000000."); - - } +// if (oa.getHjid() > 1000000) { +// if (serviceIdentifier.equals(MOAIDConfigurationConstants.PREFIX_GATEWAY)) +// oa.setHjid(oa.getHjid() - 1000000); +// else if (serviceIdentifier.equals(MOAIDConfigurationConstants.PREFIX_IIDP)) +// oa.setHjid(oa.getHjid() - 2000000); +// else if (serviceIdentifier.equals(MOAIDConfigurationConstants.PREFIX_VIDP)) +// oa.setHjid(oa.getHjid() - 3000000); +// else +// log.warn("Inconsistent state found! Service Identifier for OA found but Hjid is > 1000000."); +// +// } } @@ -538,7 +538,7 @@ public class BasicOAAction extends BasicAction { } catch (ConfigurationStorageException | at.gv.egiz.components.configuration.api.ConfigurationException e) { log.warn("MOAID Configuration can not be stored in Database", e); - throw new MOADatabaseException(e); + throw new MOADatabaseException(e.getMessage(), e); } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index cf5911b3a..c3e8c459e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -33,6 +33,8 @@ import org.apache.commons.lang3.StringUtils; import org.apache.log4j.Logger; import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS; @@ -62,7 +64,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TimeOuts; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoType; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; @@ -72,7 +73,6 @@ import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.StringHelper; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.MOAConfigValidator; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.StorkConfigValidator; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 85b8a8ea0..cfb74ebd2 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -29,6 +29,7 @@ import java.util.Map; import org.apache.log4j.Logger; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; @@ -52,7 +53,6 @@ import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; -import at.gv.egovernment.moa.id.util.Random; public class EditOAAction extends BasicOAAction { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java index a9889da9c..d72505c0f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java @@ -42,6 +42,7 @@ import org.apache.log4j.Logger; import org.springframework.beans.BeansException; import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.commons.config.ConfigurationUtil; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -50,7 +51,6 @@ import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; public class ImportExportAction extends BasicAction { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java index bf75a3068..6f9d233b1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java @@ -60,6 +60,8 @@ import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; import org.opensaml.xml.security.x509.X509Credential; import org.opensaml.xml.signature.Signature; +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -75,8 +77,6 @@ import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper; import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; public class IndexAction extends BasicAction { @@ -401,19 +401,19 @@ public class IndexAction extends BasicAction { { String strAttributeName = attributes.get(x).getDOM().getAttribute("Name"); - if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) { + if (strAttributeName.equals(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME)) { user.setFamilyName(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue()); } - if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) { + if (strAttributeName.equals(PVPAttributeDefinitions.GIVEN_NAME_NAME)) { user.setGivenName(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue()); } - if (strAttributeName.equals(PVPConstants.MANDATE_TYPE_NAME)) { + if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_TYPE_NAME)) { user.setIsmandateuser(true); } - if (strAttributeName.equals(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME)) { + if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME)) { user.setInstitut(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue()); } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java index 384f0662f..7fae5d40c 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java @@ -32,6 +32,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProvid import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; @@ -49,7 +50,6 @@ import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException; import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; /** diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java index 8be134442..26afb0205 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java @@ -34,6 +34,7 @@ import org.apache.log4j.Logger; import org.apache.struts2.interceptor.ServletRequestAware; import org.apache.struts2.interceptor.ServletResponseAware; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; @@ -47,7 +48,6 @@ import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; import com.opensymphony.xwork2.ActionSupport; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java index a758088b1..6b58a22b4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java @@ -30,6 +30,7 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData; @@ -187,7 +188,65 @@ public class OAAuthenticationDataValidation { } - + + if (form.isSl20Active()) { + if (MiscUtil.isNotEmpty(form.getSl20EndPoints())) { + log.debug("Validate SL2.0 configuration ... "); + List<String> sl20Endpoints = KeyValueUtils.getListOfCSVValues(form.getSl20EndPoints()); + if (sl20Endpoints.size() == 1) { + String value = sl20Endpoints.get(0); + + if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && + value.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { + log.warn("SL2.0 endpoint '" + value + "' has wrong format"); + errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", + new Object[] {value}, request )); + + } else if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && + !value.contains(KeyValueUtils.KEYVVALUEDELIMITER) ) { + log.info("Find one SL2.0 endpoint without 'default='. Start update ... "); + form.setSl20EndPoints(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER + value); + + } + + } else { + boolean findDefault = false; + for (String el : sl20Endpoints) { + if (!el.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { + log.warn("SL2.0 endpoint '" + el + "' has wrong format"); + errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", + new Object[] {el}, request )); + + } else { + if (el.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER)) { + log.debug("Find default endpoint."); + findDefault = true; + + } else { + String firstPart = el.split(KeyValueUtils.KEYVVALUEDELIMITER)[0]; + try { + Integer.valueOf(firstPart); + + } catch (NumberFormatException e) { + log.warn("SL2.0 endpoint '" + el + "' has wrong format", e); + errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", + new Object[] {el}, request )); + + } + } + } + } + + if (!findDefault) { + log.warn("SL2.0 endpoints contains NO default endpoint"); + errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.default", + new Object[] {}, request )); + + } + } + } + } + return errors; } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index 79e7e9252..8b41823e1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -47,13 +47,13 @@ import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; +import at.gv.egovernment.moa.id.config.webgui.exception.SchemaValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.SignatureValidationException; +import at.gv.egovernment.moa.id.config.webgui.validation.utils.SchemaValidationFilter; import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; import iaik.x509.X509Certificate; @@ -158,7 +158,7 @@ public class OAPVP2ConfigValidation { } catch (ConfigurationException e) { log.warn("Configuration access FAILED!", e); - + } MetadataFilterChain filter = new MetadataFilterChain(); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java index ca0231577..4807d479e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java @@ -161,6 +161,10 @@ public class OATargetConfigValidation { } } + + //foreign bPK configuration + + return errors; } } diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties index 4b29f901a..67ee294c9 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties @@ -152,7 +152,7 @@ webpages.moaconfig.moasp.url=URL zum MOA-SP Service webpages.moaconfig.identitylinksigners=IdentityLinkSigners webpages.moaconfig.services.header=Externe Services webpages.moaconfig.services.mandates=Online-Vollmachten Service URLs (CSV) -webpages.moaconfig.services.szrgw=SZR Gateway Service URLs (CSV) +webpages.moaconfig.services.szrgw=Zentraler nationaler eIDAS Connector URLs (CSV) webpages.moaconfig.services.elgamandateservice=ELGA Mandate Service EntityIDs (CSV) webpages.moaconfig.sso.header=Single Sign-On webpages.moaconfig.sso.PublicUrl=SSO Service URL-Prefix @@ -243,6 +243,7 @@ webpages.oaconfig.general.friendlyname=Name der Online-Applikation webpages.oaconfig.general.isbusinessservice=Privatwirtschaftliche Applikation webpages.oaconfig.general.isstorkservice=Stork Applikation webpages.oaconfig.general.public.header=Öffentlicher Bereich +webpages.oaconfig.general.foreignbpk.header=Fremd-bPK Konfiguration webpages.oaconfig.general.stork.header=STORK Bereich webpages.oaconfig.general.stork.countrycode=Landesvorwahl webpages.oaconfig.general.target.friendlyname=Bezeichnung des Bereichs (Frei w\u00E4hlbar) @@ -262,9 +263,11 @@ webpages.oaconfig.general.aditional.iframe=B\u00FCrgerkartenauswahl im IFrame webpages.oaconfig.general.aditional.useUTC=UTC Zeit verwenden webpages.oaconfig.general.aditional.calculateHPI="TODO!" webpages.oaconfig.general.isHideBPKAuthBlock=bPK/wbPK im AuthBlock ausblenden +webpages.oaconfig.general.foreign.sectors=Sektoren f\u00FCr Fremd-bPKs (CSV) -webpages.oaconfig.general.szrgw.header=SZR-Gateway Service -webpages.oaconfig.general.szrgw.selected=SZR-Gateway Service URL + +webpages.oaconfig.general.szrgw.header=Zentraler nationaler eIDAS Connector +webpages.oaconfig.general.szrgw.selected=URL zum zentralen eIDAS Connector webpages.oaconfig.menu.saml1.show=SAML1 Konfiguration einblenden webpages.oaconfig.menu.saml1.hidden=SAML1 Konfiguration ausblenden @@ -409,7 +412,7 @@ validation.general.IdentityLinkSigners.empty=Es wurde kein IdentityLinkSigner an validation.general.IdentityLinkSigners.valid=Der IdentityLinkSigner in der Zeile {0} enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {1} validation.general.mandateservice.valid=Die URL {0} zum Online-Vollmachten Service hat kein g\u00F6ltiges Format. validation.general.elga.mandateservice.valid=Die EntityID {0} zum ELGA Vertretungsservice hat kein g\u00F6ltiges Format. -validation.general.szrgw.url.valid=Die URL {0} des SZR Gateways hat kein g\u00F6ltiges Format. +validation.general.szrgw.url.valid=Die URL {0} des zentralen eIDAS Connectors hat kein g\u00F6ltiges Format. validation.general.moasp.auth.transformation.empty=Die Transformation f\u00F6r den Authentfizierungsblock ist leer. validation.general.moasp.auth.transformation.valid=Die Transformation f\u00F6r den Authentfizierungsblock in der Zeile {0} enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {1} validation.general.moasp.auth.trustprofile.empty=Das TrustProfile zur Pr\u00F6fung des Authentfizierungsblock ist leer. @@ -559,3 +562,11 @@ validation.general.form.appletredirecttarget=Der RedirectTarget beinhaltet einen validation.general.form.fonttype=Der BKU-Auswahl Schrifttyp enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} validation.general.form.applet.width=Die Appleth\u00F6he ist keine g\\u00FCltige Zahl. validation.general.form.applet.height=Die Appletbreite ist keine g\\u00FCltige Zahl. + + +###new +webpages.oaconfig.general.sl20.header=Security Layer für mobile Authententifizierung +webpages.oaconfig.general.sl20.enable=SL2.0 aktivieren +webpages.oaconfig.general.sl20.endpoints=VDA Endpunkt URLs +validation.general.sl20.endpoints.default=SL2.0 Endpunkt beinhaltet keinen 'default' Endpunkt. +validation.general.sl20.endpoints.wrong=SL2.0 Endpunkt ist ung\\u00FCltig formatiert {0}. diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties index d642994de..995fbb225 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties @@ -151,7 +151,7 @@ webpages.moaconfig.moasp.url=URL for MOA-SP Service webpages.moaconfig.identitylinksigners=IdentityLinkSigners webpages.moaconfig.services.header=External Services webpages.moaconfig.services.mandates=Online-Mandate Service URLs (CSV) -webpages.moaconfig.services.szrgw=SZR Gateway Service URLs (CSV) +webpages.moaconfig.services.szrgw=Central national eIDAS Conenctor URLs (CSV) webpages.moaconfig.services.elgamandateservice=ELGA Mandate Service EntityIDs (CSV) webpages.moaconfig.sso.header=Single Sign-On webpages.moaconfig.sso.PublicUrl=SSO Service URL-Prefix @@ -249,6 +249,7 @@ webpages.oaconfig.general.friendlyname=Name of the Online-Application webpages.oaconfig.general.isbusinessservice=Private sector application webpages.oaconfig.general.isstorkservice=Stork application webpages.oaconfig.general.public.header=Public sector +webpages.oaconfig.general.foreignbpk.header=Foreign sectors configuration webpages.oaconfig.general.stork.header=STORK sector webpages.oaconfig.general.stork.countrycode=Country code webpages.oaconfig.general.target.friendlyname=Name of the sector (arbitrary defined) @@ -268,9 +269,10 @@ webpages.oaconfig.general.aditional.iframe=Selection of citizen card in IFrame webpages.oaconfig.general.aditional.useUTC=Use UTC time webpages.oaconfig.general.aditional.calculateHPI="TODO!" webpages.oaconfig.general.isHideBPKAuthBlock=Hide bPK/wbPK from AuthBlock +webpages.oaconfig.general.foreign.sectors=Sectors for foreign pseudonyms (CSV) -webpages.oaconfig.general.szrgw.header=SZR-Gateway Service -webpages.oaconfig.general.szrgw.selected=SZR-Gateway Service URL +webpages.oaconfig.general.szrgw.header=Central national eIDAS Connector +webpages.oaconfig.general.szrgw.selected=URL to central eIDAS Connector webpages.oaconfig.menu.saml1.show=Show SAML1 configuration webpages.oaconfig.menu.saml1.hidden=Hide SAML1 configuration @@ -408,7 +410,7 @@ validation.general.IdentityLinkSigners.empty=There is no IdentityLinkSigner give validation.general.IdentityLinkSigners.valid=IdentityLinkSigner in the line {0} contains forbidden characters. The following characters are not allowed\: {1} validation.general.mandateservice.valid=URL {0} for Online-Mandating Service has invalid format. validation.general.elga.mandateservice.valid=EntityID {0} for ELGA Mandate-Service has invalid format. -validation.general.szrgw.url.valid=URL {0} for SZR Gateway has invalid format. +validation.general.szrgw.url.valid=URL {0} for central eIDAs Connector has invalid format. validation.general.moasp.auth.transformation.empty=Transformation for authentication block is blank. validation.general.moasp.auth.transformation.valid=Transformation for authentication block in the line {0} contians forbidden characters. The following characters are not allowed\: {1} validation.general.moasp.auth.trustprofile.empty=TrustProfile for checking of authentication block is blank. @@ -557,3 +559,11 @@ validation.general.form.appletredirecttarget=RedirectTarget contains invalud val validation.general.form.fonttype=Font type for CCE selection contains forbidden characters. The following characters are not allowed\: {0} validation.general.form.applet.width=The height of applet is invalid number. validation.general.form.applet.height=The width of applet is invalid number. + + +###new +webpages.oaconfig.general.sl20.header=Security Layer for mobile Authentication +webpages.oaconfig.general.sl20.enable=Activate SL2.0 +webpages.oaconfig.general.sl20.endpoints=VDA endPoint URLs +validation.general.sl20.endpoints.default=SL2.0 endpoint contains NO 'default'. +validation.general.sl20.endpoints.wrong=SL2.0 endpoint {0} is not valid.
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp index 59661091b..d2668e264 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp @@ -68,6 +68,27 @@ </s:if> <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.sl20.header", request) %></h3> + <s:checkbox name="authOA.sl20Active" + value="%{authOA.sl20Active}" + labelposition="left" + key="webpages.oaconfig.general.sl20.enable" + cssClass="checkbox"> + </s:checkbox> + + <s:textarea name="authOA.sl20EndPoints" + value="%{authOA.sl20EndPoints}" + labelposition="left" + key="webpages.oaconfig.general.sl20.endpoints" + cssClass="textfield_long" + rows="3" + requiredLabel="true" + style="height:120px;"> + </s:textarea> + </div> + + + <div class="oa_config_block"> <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.testing.header", request) %></h3> diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp index 76c8d069b..129b32508 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp @@ -22,7 +22,7 @@ labelposition="left" cssClass="textfield_long"/> - + <!-- <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.enabledcpeps", request) %></h4> <s:checkboxlist name="storkOA.enabledCitizenCountries" list="storkOA.availableCitizenCountries" value="storkOA.enabledCitizenCountries" /> <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.header", request) %></h4> @@ -39,6 +39,7 @@ </tr> </s:iterator> </table> + --> </div> </div> diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp index b8bd1dc02..a61ce3053 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp @@ -111,5 +111,20 @@ </s:else> </div> </s:if> + + <div id="oa_config_foreignbPKArea" class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.foreignbpk.header", request) %></h3> + <s:textarea name="targetConfig.foreignbPKTargets" + value="%{targetConfig.foreignbPKTargets}" + labelposition="left" + key="webpages.oaconfig.general.foreign.sectors" + cssClass="textfield_long" + rows="6" + requiredLabel="true" + style="height:120px;"> + </s:textarea> + + </div> + </html>
\ No newline at end of file diff --git a/id/history.txt b/id/history.txt index f3c995a5e..3ef96f1bc 100644 --- a/id/history.txt +++ b/id/history.txt @@ -1,5 +1,26 @@ Dieses Dokument zeigt die Veränderungen und Erweiterungen von MOA-ID auf.
+Version MOA-ID Release 3.4.0: Änderungen seit Version MOA-ID 3.3.2
+- Änderungen
+ - Unerstützung der Authentifizierung von ausländischen Bürgern via eIDAS
+ - Authentifizierung via neuer VDA Schnittstelle (Security-Layer 2.0)
+ (Im Betastatus, da die Schnittstellenspezifikation noch nicht final
+ zur Verfügung steht)
+ - Erweiterung zur Einschränkung des Authentifzierungsvorgangs auf bestimmte
+ Benutzer via bPK
+ - Überarbeitung der Bürgerkartenauswahl und weiterer Templates
+ - Bugfix - Probleme in Kombination mit postgreSQL Datenbanken behoben
+ - Update von Libraries
+ > MOA-SPSS 3.1.2
+ > org.springframework 4.3.18.RELEASE
+ > org.springframework.data.spring-data-jpa 1.11.13.RELEASE
+ > org.hibernate:hibernate-core 5.2.17.Final
+ > apache:cxf 3.2.5
+ > mysql:mysql-connector-java 6.0.6
+ > joda-time 2.10
+ > org.apache.httpcomponents:httpcore 4.4.10
+ > eIDAS-saml-engine 1.4.0
+
Version MOA-ID Release 3.3.2: Änderungen seit Version MOA-ID 3.3.1
- Änderungen
- Bugfix - if "hide bPK from AuthBlock" is used then the AuthBlock validation failes
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java index 59f36f475..6ea845b27 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java @@ -44,10 +44,10 @@ import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageExceptio import at.gv.egiz.components.configuration.meta.api.MetadataConfiguration; import at.gv.egiz.components.configuration.meta.api.SchemaEntry; import at.gv.egiz.components.configuration.meta.api.impl.BaseMetadataConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfigurationImpl; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationValidationException; import at.gv.egovernment.moa.id.config.webgui.validation.MOAIDConfigurationValidator; diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java index 0a3a9eef8..e9c8fa719 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java @@ -35,9 +35,9 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; /** diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java index 2bb33a9d7..93f490a28 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java @@ -35,9 +35,9 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationModulValidationException; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationValidationException; import at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator; diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java index c9ad63121..a28b762af 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java @@ -35,8 +35,8 @@ import org.slf4j.LoggerFactory; import at.gv.egiz.components.configuration.api.Configuration; import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; @@ -76,7 +76,7 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_REVOCATIONCHECKING, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_OVS_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); - temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_AUTHBLOCK_TEXT, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_SERVICENAME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); @@ -495,14 +495,14 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme } } - check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL, getKeyPrefix())); + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL, getKeyPrefix())); if (MiscUtil.isNotEmpty(check)) { String[] szrGWServiceURLs = check.split(","); for (String el : szrGWServiceURLs) { if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { log.info("SZRGW URL is not valid"); errors.add(new ValidationObjectIdentifier( - MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL, + MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL, "Services - SZR-GW URL", LanguageHelper.getErrorString("validation.general.szrgw.url.valid", new Object[]{el}))); } @@ -711,7 +711,7 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme //normalize CSV of SZR-GW service URLs String szrgwServiceURLs = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL, getKeyPrefix())); - List<String> currentSzrgwServiceURLs = KeyValueUtils.getListOfCSVValues(dbconfig.getStringValue(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL)); + List<String> currentSzrgwServiceURLs = KeyValueUtils.getListOfCSVValues(dbconfig.getStringValue(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL)); if (MiscUtil.isNotEmpty(szrgwServiceURLs)) { String normalizedSzrgwServiceURLs = KeyValueUtils.normalizeCSVValueString(szrgwServiceURLs); if (!normalizedSzrgwServiceURLs .equals(szrgwServiceURLs)) { @@ -732,7 +732,7 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme String[] servicesOAs = dbconfig.findConfigurationId( MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA + ".%." - + MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL); + + MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL); for (String service : servicesOAs) { String spElgaService = dbconfig.getStringValue(service); if (MiscUtil.isNotEmpty(spElgaService) && diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java index 35fed19a3..56c63efb4 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java @@ -29,8 +29,8 @@ import java.util.Map; import java.util.regex.Pattern; import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java index cdd2a7ce2..698654c9f 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java @@ -33,8 +33,8 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralRevisionLogTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralRevisionLogTask.java index 35f1e5228..a99907f13 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralRevisionLogTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralRevisionLogTask.java @@ -36,8 +36,8 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java index 309e0745b..4567afcba 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java @@ -37,9 +37,9 @@ import org.slf4j.LoggerFactory; import at.gv.egiz.components.configuration.api.Configuration; import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java index 25855dcb6..98aa4cd66 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java @@ -33,8 +33,8 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; @@ -269,16 +269,92 @@ public class ServicesAuthenticationInformationTask extends AbstractTaskValidator LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", new Object[]{check}))); } - check = input.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL); + check = input.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL); if (MiscUtil.isNotEmpty(check) && !ValidationHelper.validateURL(check)) { log.info("Not valid SZR-GW Service URL"); errors.add(new ValidationObjectIdentifier( - MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL, + MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL, "SZR-Gateway - Service URL", LanguageHelper.getErrorString("validation.general.szrgw.url.valid", new Object[]{check}))); } + + + + + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS); + if (input.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED) != null && + Boolean.valueOf(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED))) { + if (MiscUtil.isNotEmpty(check)) { + log.debug("Validate SL2.0 configuration ... "); + List<String> sl20Endpoints = KeyValueUtils.getListOfCSVValues(check); + if (sl20Endpoints.size() == 1) { + String value = sl20Endpoints.get(0); + + if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && + value.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { + log.warn("SL2.0 endpoint '" + value + "' has wrong format"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, + "SL2.0 - EndPoint URLs", + LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", new Object[]{value}))); + + } else if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && + !value.contains(KeyValueUtils.KEYVVALUEDELIMITER) ) { + log.info("Find one SL2.0 endpoint without 'default='. Start updateing ... "); + sl20Endpoints.remove(0); + sl20Endpoints.add(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER + value); + + } + + } else { + boolean findDefault = false; + for (String el : sl20Endpoints) { + if (!el.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { + log.warn("SL2.0 endpoint '" + el + "' has wrong format"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, + "SL2.0 - EndPoint URLs", + LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", new Object[]{el}))); + + } else { + if (el.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER)) { + log.debug("Find default endpoint."); + findDefault = true; + + } else { + String firstPart = el.split(KeyValueUtils.KEYVVALUEDELIMITER)[0]; + try { + Integer.valueOf(firstPart); + + } catch (NumberFormatException e) { + log.warn("SL2.0 endpoint '" + el + "' has wrong format", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, + "SL2.0 - EndPoint URLs", + LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", new Object[]{el}))); + + } + } + } + } + + if (!findDefault) { + log.warn("SL2.0 endpoints contains NO default endpoint"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, + "SL2.0 - EndPoint URLs", + LanguageHelper.getErrorString("validation.general.sl20.endpoints.default", new Object[]{}))); + + } + } + } + } + + + if (!errors.isEmpty()) throw new ConfigurationTaskValidationException(errors); diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java index 7f5e93ff9..7e269fe17 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java @@ -37,9 +37,9 @@ import org.slf4j.LoggerFactory; import at.gv.egiz.components.configuration.api.Configuration; import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java index eb881d465..63fd70b78 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java @@ -37,8 +37,8 @@ import org.slf4j.LoggerFactory; import at.gv.egiz.components.configuration.api.Configuration; import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesReversionLogTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesReversionLogTask.java index da441de4b..34ce4f25a 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesReversionLogTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesReversionLogTask.java @@ -36,8 +36,8 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java index e8d49a391..27b45fa78 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java @@ -206,7 +206,15 @@ public class ServicesTargetTask extends AbstractTaskValidator implements ITaskVa } } } - + + + //validate foreign bPK targets + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN); + if (MiscUtil.isNotEmpty(check)) { + log.debug("Find foreign bPK targets, but no validation is required"); + + } + if (!errors.isEmpty()) throw new ConfigurationTaskValidationException(errors); diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml index d66a09621..1a2a5750d 100644 --- a/id/moa-spss-container/pom.xml +++ b/id/moa-spss-container/pom.xml @@ -47,7 +47,7 @@ <dependency> <groupId>MOA.spss.server</groupId> <artifactId>moa-sig-lib</artifactId> - <version>3.1.1</version> + <version>3.1.2</version> <exclusions> <exclusion> <groupId>commons-logging</groupId> @@ -65,12 +65,12 @@ <dependency> <groupId>MOA.spss</groupId> <artifactId>common</artifactId> - <version>3.1.1</version> + <version>3.1.2</version> </dependency> <dependency> <groupId>MOA.spss</groupId> <artifactId>tsl_lib</artifactId> - <version>2.0.0</version> + <version>2.0.1</version> </dependency> <dependency> <groupId>iaik.prod</groupId> @@ -201,36 +201,36 @@ <version>${jaxb.version}</version> </dependency> - <dependency> +<!-- <dependency> <groupId>xalan-bin-dist</groupId> <artifactId>xalan</artifactId> - <!-- should be provided by the container or jre --> - <!-- <scope>provided</scope> --> + should be provided by the container or jre + <scope>provided</scope> <exclusions> <exclusion> <artifactId>serializer</artifactId> <groupId>xalan</groupId> </exclusion> </exclusions> - </dependency> - <dependency> + </dependency> --> +<!-- <dependency> <groupId>xerces</groupId> <artifactId>xercesImpl</artifactId> - <!-- should be provided by the container or jre --> - <!-- <scope>provided</scope> --> - </dependency> - <dependency> + should be provided by the container or jre + <scope>provided</scope> + </dependency> --> +<!-- <dependency> <groupId>xalan-bin-dist</groupId> <artifactId>xml-apis</artifactId> - <!-- should be provided by the container or jre --> - <!-- <scope>provided</scope> --> + should be provided by the container or jre + <scope>provided</scope> </dependency> <dependency> <groupId>xalan-bin-dist</groupId> <artifactId>serializer</artifactId> - <!-- should be provided by the container or jre --> - <!-- <scope>provided</scope> --> - </dependency> + should be provided by the container or jre + <scope>provided</scope> + </dependency> --> </dependencies> diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java index 93622f828..aeb4d8eac 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java @@ -78,12 +78,12 @@ import org.opensaml.xml.security.x509.X509Credential; import org.opensaml.xml.signature.Signature; import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.demoOA.Configuration; import at.gv.egovernment.moa.id.demoOA.Constants; import at.gv.egovernment.moa.id.demoOA.PVPConstants; import at.gv.egovernment.moa.id.demoOA.utils.ApplicationBean; import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils; -import at.gv.egovernment.moa.util.DOMUtils; public class DemoApplication extends HttpServlet { Logger log = Logger.getLogger(DemoApplication.class); diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java index 28003528b..bac3e1949 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java @@ -83,11 +83,11 @@ import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.demoOA.Configuration; import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException; import at.gv.egovernment.moa.id.demoOA.utils.ApplicationBean; import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/readme_3.4.0.txt b/id/readme_3.4.0.txt new file mode 100644 index 000000000..bc1b864b2 --- /dev/null +++ b/id/readme_3.4.0.txt @@ -0,0 +1,311 @@ +=============================================================================== +MOA ID Version Release 3.4.0 - Wichtige Informationen zur Installation +=============================================================================== + +------------------------------------------------------------------------------- +A. Neuerungen/Änderungen +------------------------------------------------------------------------------- + +Mit MOA ID Version 3.4.0 wurden folgende Neuerungen und Änderungen eingeführt, +die jetzt erstmals in der Veröffentlichung enthalten sind (siehe auch +history.txt im gleichen Verzeichnis). + +- Änderungen + - Unerstützung der Authentifizierung von ausländischen Bürgern via eIDAS + - Authentifizierung via neuer VDA Schnittstelle (Security-Layer 2.0) + (Im Betastatus, da die Schnittstellenspezifikation noch nicht final + zur Verfügung steht) + - Erweiterung zur Einschränkung des Authentifzierungsvorgangs auf bestimmte + Benutzer via bPK + - Überarbeitung der Bürgerkartenauswahl und weiterer Templates + - Bugfix - Probleme in Kombination mit postgreSQL Datenbanken behoben + - Update von Libraries + +------------------------------------------------------------------------------- +B. Durchführung eines Updates +------------------------------------------------------------------------------- + +Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch +eine Aktualisierung bestehender Installationen möglich. Je nachdem von welcher +MOA-ID Version ausgegangen wird ergibt sich eine Kombination der nachfolgend +angebebenen Updateschritte. + +Hinweis: Wenn Sie die bestehende Konfiguration von MOA-ID 2.x.x in MOA-ID 3.4.x +reimportieren möchten, so muss diese vor dem Update mit Hilfe der import/export +Funktion der grafischen Konfigurationsoberfläche in eine Datei exportiert werden. +Diese Datei dient dann als Basis für den Import in MOA-ID 3.4.x. + +............................................................................... +B.1 Durchführung eines Updates von Version 3.3.x auf Version 3.4.0 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-3.4.0.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +6. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +6.1 Anbindung an zentralen nationalen eIDAS Connector + > modules.eidascentralauth.keystore.path= + > modules.eidascentralauth.keystore.password= + > modules.eidascentralauth.metadata.sign.alias= + > modules.eidascentralauth.metadata.sign.password= + > modules.eidascentralauth.request.sign.alias= + > modules.eidascentralauth.request.sign.password= + > modules.eidascentralauth.response.encryption.alias= + > modules.eidascentralauth.response.encryption.password= + > modules.eidascentralauth.node.trustprofileID=centralnode_metadata + +7. Update der MOA-SPSS Konfiguration + a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse: + - CATALINA_HOME\conf\moa-spss + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\centralnode_metadata + in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\centralnode_metadata + c.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\profiles\SL20.* + in das Verzeichnis CATALINA_HOME\conf\moa-spss\profiles\ + d.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml + in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell + verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt: + ... + <cfg:Id>centralnode_metadata</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/centralnode_metadata</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + ... + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>SL20Authblock_v1.0</cfg:Id> + <cfg:Location>profiles/SL20_authblock_v1.0.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>SL20Authblock_v1.0_SIC</cfg:Id> + <cfg:Location>profiles/SL20_authblock_v1.0_SIC.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + ... + +8. HTML Template updates +8.1 Update der HTML Templates für Auswahl des zentralen nationalen eIDAS Connectors + Sollten Sie eigene Modifikationen an den bestehenden Templates vorgenommen + haben müssen die Anpassungen manuell in die neuen Templates übertragen werden. + MOA-ID 3.4.0 kann jedoch auch mit den bestehenden Templates betrieben werden, sofern + keine Unterstützung für eIDAS benötigt wird. + a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse: + - CATALINA_HOME\conf\moa-id\htmlTemplates + - CATALINA_HOME\conf\moa-id-configuration\htmlTemplates + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates + in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates + d.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates + in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates. + +9. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool + Diese Schitte können erst nach der Installation und dem Start der Applikation + moa-id-configuration.war durchgeführt werden +9.1 Anbindung an zentralen nationalen eIDAS Connector + a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der verwendbaren + zentralen nationalen eIDAS Connectoren. + + b.) Auswahl des gewünschten zentraler nationaler eIDAS Connector je Online-Applikation + sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde. + Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet + +10. Optionale Updates: +10.1 Unterstützung der neuen VDA Schnittstelle via Security-Layer 2.0: + Hierbei handelt es sich um eine Authentifizierungsschnittstelle im Beta Status + da die Spezifikation der Schnittstelle noch nicht Final ist. Die Schnittstelle ist in + MOA-ID funktional umgesetzt, es kann jedoch noch offene Punkte bezüglich Fehlerhändlung + und Logging geben. + a.) Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties + > modules.sl20.security.keystore.path=keys/sl20.jks + > modules.sl20.security.keystore.password=password + > modules.sl20.security.sign.alias=signing + > modules.sl20.security.sign.password=password + > modules.sl20.security.encryption.alias=encryption + > modules.sl20.security.encryption.password=password + + b.) Aktivierung je Online-Applikation im Web-basierten Konfigurationstool + Die neue VDA-Schnittstelle muss je Online-Applikation aktiviert werden, wobei + die Aktivierung im Abschnitt "Security Layer für mobile Authententifizierung" + der Online-Applikationskonfiguration erfolgt. + +10.2 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + +11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +################################################################################################################ + +............................................................................... +B.1 Durchführung eines Updates von Version 3.2.x auf Version 3.4.0 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-3.3.2.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +6. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + +7. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +8. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis + CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach. + +9. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\endorsed in das + Verzeichnis CATALINA_HOME_ID\endorsed. + +10. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +10.1 Anbindung an zentralen nationalen eIDAS Connector + > modules.eidascentralauth.keystore.path= + > modules.eidascentralauth.keystore.password= + > modules.eidascentralauth.metadata.sign.alias= + > modules.eidascentralauth.metadata.sign.password= + > modules.eidascentralauth.request.sign.alias= + > modules.eidascentralauth.request.sign.password= + > modules.eidascentralauth.response.encryption.alias= + > modules.eidascentralauth.response.encryption.password= + > modules.eidascentralauth.node.trustprofileID=centralnode_metadata + +11. Update der MOA-SPSS Konfiguration + a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse: + - CATALINA_HOME\conf\moa-spss + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\centralnode_metadata + in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\centralnode_metadata + c.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\profiles\SL20.* + in das Verzeichnis CATALINA_HOME\conf\moa-spss\profiles\ + d.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml + in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell + verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt: + ... + <cfg:Id>centralnode_metadata</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/centralnode_metadata</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + ... + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>SL20Authblock_v1.0</cfg:Id> + <cfg:Location>profiles/SL20_authblock_v1.0.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>SL20Authblock_v1.0_SIC</cfg:Id> + <cfg:Location>profiles/SL20_authblock_v1.0_SIC.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + ... + +12. HTML Template updates +12.1 Update der HTML Templates für Auswahl des zentralen nationalen eIDAS Connectors + Sollten Sie eigene Modifikationen an den bestehenden Templates vorgenommen + haben müssen die Anpassungen manuell in die neuen Templates übertragen werden. + MOA-ID 3.4.0 kann jedoch auch mit den bestehenden Templates betrieben werden, sofern + keine Unterstützung für eIDAS benötigt wird. + a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse: + - CATALINA_HOME\conf\moa-id\htmlTemplates + - CATALINA_HOME\conf\moa-id-configuration\htmlTemplates + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates + in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates + d.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates + in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates. + +13. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool + Diese Schitte können erst nach der Installation und dem Start der Applikation + moa-id-configuration.war durchgeführt werden +13.1 Anbindung an zentralen nationalen eIDAS Connector + a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der verwendbaren + zentralen nationalen eIDAS Connectoren. + + b.) Auswahl des gewünschten zentraler nationaler eIDAS Connector je Online-Applikation + sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde. + Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet + +14. Optionale Updates: +14.1. Unterstützung der neuen VDA Schnittstelle via Security-Layer 2.0: + Hierbei handelt es sich um eine Authentifizierungsschnittstelle im Beta Status + da die Spezifikation der Schnittstelle noch nicht Final ist. Die Schnittstelle ist in + MOA-ID funktional umgesetzt, es kann jedoch noch offene Punkte bezüglich Fehlerhändlung + und Logging geben. + a.) Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties + > modules.sl20.security.keystore.path=keys/sl20.jks + > modules.sl20.security.keystore.password=password + > modules.sl20.security.sign.alias=signing + > modules.sl20.security.sign.password=password + > modules.sl20.security.encryption.alias=encryption + > modules.sl20.security.encryption.password=password + + b.) Aktivierung je Online-Applikation im Web-basierten Konfigurationstool + Die neue VDA-Schnittstelle muss je Online-Applikation aktiviert werden, wobei + die Aktivierung im Abschnitt "Security Layer für mobile Authententifizierung" + der Online-Applikationskonfiguration erfolgt. + +14.2. Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + +14.3. Das BKU Auswahltemplate von MOA-ID wurde um eine Detection der lokalen BKU + erweitert und mocca Online wurde entfernt. + a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates + in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates + in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates. +14.4. Die mySQL Treiber 'com.mysql.jdbc.Drive' und 'org.hibernate.dialect.MySQLDialect' + sind deprecated für aktuelle mySQL DB Versionen. Der neue Treiber + für mySQL Datenbanken lautet 'com.mysql.cj.jdbc.Driver' und ein aktuellerer + Hibernate Dialect lautet 'org.hibernate.dialect.MySQL5Dialect'. + Sollte es zu Problemen kommen ersetzen Sie entsprechenden Zeilen durch: + a.) Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties + moasession.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + moasession.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + configuration.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + configuration.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + advancedlogging.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + advancedlogging.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + b.) Konfigurationsdatei CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties + hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + +15. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.2 Durchführung eines Updates von Version < 3.2.0 +............................................................................... + +Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen +Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter +Zuhilfenahme Ihrer bisherigen Konfiguration an. + diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml index 3c400a635..a1901177e 100644 --- a/id/server/auth-edu/pom.xml +++ b/id/server/auth-edu/pom.xml @@ -206,11 +206,20 @@ <dependency> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-module-bkaMobilaAuthSAML2Test</artifactId> - <version>${moa-id-version}</version> </dependency> - - -<!-- <dependency> + + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-sl20_authentication</artifactId> + </dependency> + + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-AT_eIDAS_connector</artifactId> + </dependency> + +<!-- + <dependency> <groupId>org.apache.santuario</groupId> <artifactId>xmlsec</artifactId> </dependency> --> @@ -240,18 +249,18 @@ <!-- should be in the ext directory of the jre --> <!-- <scope>provided</scope> --> </dependency> - <dependency> +<!-- <dependency> <groupId>xalan-bin-dist</groupId> <artifactId>xalan</artifactId> - <!-- should be provided by the container or jre --> - <!-- <scope>provided</scope> --> + should be provided by the container or jre + <scope>provided</scope> <exclusions> <exclusion> <groupId>xalan</groupId> <artifactId>serializer</artifactId> </exclusion> </exclusions> - </dependency> + </dependency> --> <dependency> <groupId>xerces</groupId> <artifactId>xercesImpl</artifactId> @@ -264,12 +273,12 @@ <!-- should be provided by the container or jre --> <!-- <scope>provided</scope> --> </dependency> - <dependency> +<!-- <dependency> <groupId>xalan-bin-dist</groupId> <artifactId>serializer</artifactId> - <!-- should be provided by the container or jre --> - <!-- <scope>provided</scope> --> - </dependency> + should be provided by the container or jre + <scope>provided</scope> + </dependency> --> <dependency> <groupId>org.springframework</groupId> diff --git a/id/server/auth-edu/src/main/resources/log4j.properties b/id/server/auth-edu/src/main/resources/log4j.properties index ecdfad165..2914fcff1 100644 --- a/id/server/auth-edu/src/main/resources/log4j.properties +++ b/id/server/auth-edu/src/main/resources/log4j.properties @@ -2,26 +2,61 @@ org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory # define log4j root loggers -log4j.rootLogger=info, stdout, R -log4j.logger.at.gv.egovernment.moa=info, R -log4j.logger.at.gv.egovernment.moa.spss=info, R -log4j.logger.iaik.server=info, R -log4j.logger.at.gv.egovernment.moa.id=info, R -log4j.logger.at.gv.egovernment.moa.id.proxy=info, R -log4j.logger.eu.stork=info, R -log4j.logger.org.hibernate=warn, R +log4j.rootLogger=warn,stdout +### MOA-ID process log ### +log4j.logger.at.gv.egiz.eaaf=info,moaid +log4j.logger.at.gv.egovernment.moa.id=info,moaid +log4j.logger.at.gv.egovernment.moa.spss=info,moaid + +### process revision log with event-codes ### +log4j.logger.at.gv.egiz.eventlog.plain.all=info,reversion + +### Signature verification and certificate proofing #### +log4j.logger.at.gv.egovernment.moa.spss=info,moaspss +log4j.logger.iaik.server=info,moaspss +log4j.logger.pki=info,moaspss + +### ConfigTool Logs #### +log4j.logger.at.gv.egiz.components.configuration=info,CONFIGTOOL +log4j.logger.at.gv.egovernment.moa.id.commons=info,CONFIGTOOL +log4j.logger.at.gv.egovernment.moa.id.config.webgui=info,CONFIGTOOL +log4j.logger.at.gv.egovernment.moa.id.configuration=info,CONFIGTOOL + + +### Log Appender #### # configure the stdout appender log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.layout=org.apache.log4j.PatternLayout -#log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n -log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20.20c | %10t | %m%n +log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n + +# configure the rolling file appender (moaid) +log4j.appender.moaid=org.apache.log4j.RollingFileAppender +log4j.appender.moaid.File=${catalina.base}/logs/moa-id.log +log4j.appender.moaid.MaxFileSize=10000KB +log4j.appender.moaid.MaxBackupIndex=1 +log4j.appender.moaid.layout=org.apache.log4j.PatternLayout +log4j.appender.moaid.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n + +# configure the rolling file appender (moaid) +log4j.appender.moaspss=org.apache.log4j.RollingFileAppender +log4j.appender.moaspss.File=${catalina.base}/logs/moa-spss.log +log4j.appender.moaspss.MaxFileSize=10000KB +log4j.appender.moaspss.MaxBackupIndex=1 +log4j.appender.moaspss.layout=org.apache.log4j.PatternLayout +log4j.appender.moaspss.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n -# configure the rolling file appender (R) -log4j.appender.R=org.apache.log4j.RollingFileAppender -log4j.appender.R.File=${catalina.base}/logs/moa-id.log -log4j.appender.R.MaxFileSize=10000KB -log4j.appender.R.MaxBackupIndex=1 -log4j.appender.R.layout=org.apache.log4j.PatternLayout -log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n +log4j.appender.reversion=org.apache.log4j.RollingFileAppender +log4j.appender.reversion.File=${catalina.base}/moa-id-reversion.log +log4j.appender.reversion.MaxFileSize=10000KB +log4j.appender.reversion.MaxBackupIndex=9999 +log4j.appender.reversion.layout=org.apache.log4j.PatternLayout +log4j.appender.reversion.layout.ConversionPattern=%5p | %d{ISO8601} | %t | %m%n +# configure the rolling file appender (configtool) +log4j.appender.CONFIGTOOL=org.apache.log4j.RollingFileAppender +log4j.appender.CONFIGTOOL.File=${catalina.base}/logs/moa-id-webgui.log +log4j.appender.CONFIGTOOL.MaxFileSize=10000KB +log4j.appender.CONFIGTOOL.MaxBackupIndex=1 +log4j.appender.CONFIGTOOL.layout=org.apache.log4j.PatternLayout +log4j.appender.CONFIGTOOL.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n
\ No newline at end of file diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml index 4f5f219a1..504adb486 100644 --- a/id/server/auth-final/pom.xml +++ b/id/server/auth-final/pom.xml @@ -165,6 +165,16 @@ <artifactId>moa-id-modul-citizencard_authentication</artifactId> </dependency> + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-sl20_authentication</artifactId> + </dependency> + + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-AT_eIDAS_connector</artifactId> + </dependency> + <!--dependency> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-modules-federated_authentication</artifactId> @@ -181,7 +191,7 @@ <groupId>iaik.prod</groupId> <artifactId>iaik_jce_full</artifactId> <!-- should be in the ext directory of the jre --> - <scope>provided</scope> + <!-- <scope>provided</scope> --> </dependency> <!-- <dependency> <groupId>iaik.prod</groupId> @@ -201,10 +211,10 @@ <!-- should be in the ext directory of the jre --> <scope>provided</scope> </dependency> - <dependency> +<!-- <dependency> <groupId>xalan-bin-dist</groupId> <artifactId>xalan</artifactId> - <!-- should be provided by the container or jre --> + should be provided by the container or jre <scope>provided</scope> <exclusions> <exclusion> @@ -212,25 +222,25 @@ <artifactId>serializer</artifactId> </exclusion> </exclusions> - </dependency> + </dependency> --> <dependency> <groupId>xerces</groupId> <artifactId>xercesImpl</artifactId> <!-- should be provided by the container or jre --> - <scope>provided</scope> +<!-- <scope>provided</scope> --> </dependency> <dependency> <groupId>xalan-bin-dist</groupId> <artifactId>xml-apis</artifactId> <!-- should be provided by the container or jre --> - <scope>provided</scope> + <!-- <scope>provided</scope> --> </dependency> - <dependency> +<!-- <dependency> <groupId>xalan-bin-dist</groupId> <artifactId>serializer</artifactId> - <!-- should be provided by the container or jre --> + should be provided by the container or jre <scope>provided</scope> - </dependency> + </dependency> --> <dependency> <groupId>org.springframework</groupId> diff --git a/id/server/auth-final/src/main/resources/log4j.properties b/id/server/auth-final/src/main/resources/log4j.properties index ecdfad165..2914fcff1 100644 --- a/id/server/auth-final/src/main/resources/log4j.properties +++ b/id/server/auth-final/src/main/resources/log4j.properties @@ -2,26 +2,61 @@ org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory # define log4j root loggers -log4j.rootLogger=info, stdout, R -log4j.logger.at.gv.egovernment.moa=info, R -log4j.logger.at.gv.egovernment.moa.spss=info, R -log4j.logger.iaik.server=info, R -log4j.logger.at.gv.egovernment.moa.id=info, R -log4j.logger.at.gv.egovernment.moa.id.proxy=info, R -log4j.logger.eu.stork=info, R -log4j.logger.org.hibernate=warn, R +log4j.rootLogger=warn,stdout +### MOA-ID process log ### +log4j.logger.at.gv.egiz.eaaf=info,moaid +log4j.logger.at.gv.egovernment.moa.id=info,moaid +log4j.logger.at.gv.egovernment.moa.spss=info,moaid + +### process revision log with event-codes ### +log4j.logger.at.gv.egiz.eventlog.plain.all=info,reversion + +### Signature verification and certificate proofing #### +log4j.logger.at.gv.egovernment.moa.spss=info,moaspss +log4j.logger.iaik.server=info,moaspss +log4j.logger.pki=info,moaspss + +### ConfigTool Logs #### +log4j.logger.at.gv.egiz.components.configuration=info,CONFIGTOOL +log4j.logger.at.gv.egovernment.moa.id.commons=info,CONFIGTOOL +log4j.logger.at.gv.egovernment.moa.id.config.webgui=info,CONFIGTOOL +log4j.logger.at.gv.egovernment.moa.id.configuration=info,CONFIGTOOL + + +### Log Appender #### # configure the stdout appender log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.layout=org.apache.log4j.PatternLayout -#log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n -log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20.20c | %10t | %m%n +log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n + +# configure the rolling file appender (moaid) +log4j.appender.moaid=org.apache.log4j.RollingFileAppender +log4j.appender.moaid.File=${catalina.base}/logs/moa-id.log +log4j.appender.moaid.MaxFileSize=10000KB +log4j.appender.moaid.MaxBackupIndex=1 +log4j.appender.moaid.layout=org.apache.log4j.PatternLayout +log4j.appender.moaid.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n + +# configure the rolling file appender (moaid) +log4j.appender.moaspss=org.apache.log4j.RollingFileAppender +log4j.appender.moaspss.File=${catalina.base}/logs/moa-spss.log +log4j.appender.moaspss.MaxFileSize=10000KB +log4j.appender.moaspss.MaxBackupIndex=1 +log4j.appender.moaspss.layout=org.apache.log4j.PatternLayout +log4j.appender.moaspss.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n -# configure the rolling file appender (R) -log4j.appender.R=org.apache.log4j.RollingFileAppender -log4j.appender.R.File=${catalina.base}/logs/moa-id.log -log4j.appender.R.MaxFileSize=10000KB -log4j.appender.R.MaxBackupIndex=1 -log4j.appender.R.layout=org.apache.log4j.PatternLayout -log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n +log4j.appender.reversion=org.apache.log4j.RollingFileAppender +log4j.appender.reversion.File=${catalina.base}/moa-id-reversion.log +log4j.appender.reversion.MaxFileSize=10000KB +log4j.appender.reversion.MaxBackupIndex=9999 +log4j.appender.reversion.layout=org.apache.log4j.PatternLayout +log4j.appender.reversion.layout.ConversionPattern=%5p | %d{ISO8601} | %t | %m%n +# configure the rolling file appender (configtool) +log4j.appender.CONFIGTOOL=org.apache.log4j.RollingFileAppender +log4j.appender.CONFIGTOOL.File=${catalina.base}/logs/moa-id-webgui.log +log4j.appender.CONFIGTOOL.MaxFileSize=10000KB +log4j.appender.CONFIGTOOL.MaxBackupIndex=1 +log4j.appender.CONFIGTOOL.layout=org.apache.log4j.PatternLayout +log4j.appender.CONFIGTOOL.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n
\ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html index fe9bc2166..4e548e58c 100644 --- a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html +++ b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html @@ -4,7 +4,7 @@ <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <!-- MOA-ID 2.x BKUSelection Layout CSS --> - <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=$pendingReqID" /> + <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=$pendingReqID"/> <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions--> <script src="$contextPath/js/buildJS?pendingid=$pendingReqID"></script> @@ -26,8 +26,8 @@ <div id="mandateLogin" class="$MANDATEVISIBLE"> <div> <input tabindex="1" type="checkbox" name="Mandate" - id="mandateCheckBox" class="verticalcenter" role="checkbox" $MANDATECHECKED> - <label for="mandateCheckBox" class="verticalcenter">in + id="mandateCheckBox" class="mandate" role="checkbox" $MANDATECHECKED> + <label for="mandateCheckBox" class="mandate">in Vertretung anmelden</label> <!--a href="info_mandates.html" target="_blank" @@ -37,31 +37,41 @@ </div> <div id="bkuselectionarea"> <div id="bkukarte"> - <img id="bkuimage" class="bkuimage" src="$contextPath/img/karte.png" alt="OnlineBKU" /> + <img id="bkuimage" class="bkuimage" src="$contextPath/img/karte.png" alt="OnlineBKU"/> - <!-- Remove support for Online BKU and swith the card button to local BKU--> - <!--input name="bkuButtonOnline" type="button" onClick="bkuOnlineClicked();" tabindex="2" role="button" value="Karte" /--> + <!-- Remove support for Online BKU and swith the card button to local BKU--> + <!--input name="bkuButtonOnline" type="button" onClick="bkuOnlineClicked();" tabindex="2" role="button" value="Karte" /--> - <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent"> - <input type="hidden" name="bkuURI" value="$bkuLocal" /> - <input type="hidden" name="useMandate" id="useMandate" /> - <input type="hidden" name="SSO" id="useSSO" /> - <input type="hidden" name="ccc" id="ccc" /> - <input type="hidden" name="pendingid" value="$pendingReqID" /> - <input type="submit" value=" Karte " tabindex="4" role="button"> - </form> + <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent"> + <input type="hidden" name="bkuURI" value="$bkuLocal" /> + <input type="hidden" name="useMandate" id="useMandate" /> + <input type="hidden" name="SSO" id="useSSO" /> + <input type="hidden" name="ccc" id="ccc" /> + <input type="hidden" name="pendingid" value="$pendingReqID" /> + <input type="submit" value=" Karte " tabindex="5" role="button" /> + </form> - <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/feature/bkuDetection?pendingid=$pendingReqID"></iframe> + <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/feature/bkuDetection?pendingid=$pendingReqID"></iframe> - <!-- BKU detection with static template--> - <!--iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/iframeLBKUdetect.html"></iframe--> - - </div> - <div id="bkuhandy"> - <img class="bkuimage" src="$contextPath/img/handysign.png" alt="HandyBKU" /> - <input name="bkuButtonHandy" type="button" tabindex="3" role="button" value="HANDY" /> - </div> - </div> + <!-- BKU detection with static template--> + <!--iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/iframeLBKUdetect.html"></iframe--> + </div> + + <div id="bkuhandy"> + <img class="bkuimage" src="$contextPath/img/handysign.png" alt="HandyBKU" /> + <input name="bkuButtonHandy" type="button" tabindex="3" role="button" value="HANDY" /> + </div> + + + <div id="bkueulogin" class="$eIDASVisible"> + <img id="eIDASImage" class="bkuimage" src="$contextPath/img/eIDAS_small.png" alt="EULogin" /> + <form method="get" id="moaideIDASform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent"> + <input type="hidden" name="useeIDAS" value="true" /> + <input type="hidden" name="useMandate" id="useMandate" /> + <input type="hidden" name="pendingid" value="$pendingReqID" /> + <input id="buttonEULogin" name="bkuButtonEULogin" type="submit" role="button" value="EULogin" /> + </form> + </div> <!--div id="localBKU"> <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent"> @@ -80,7 +90,11 @@ <!--div id="ssoSessionTransferBlock"> <a href="$contextPath$submitEndpoint?pendingid=$pendingReqID&restoreSSOSession=true">>Restore SSO Session from Smartphone</a> </div--> - + + + + + <!-- <div id="stork" align="center" class="$STORKVISIBLE"> <h2 id="tabheader" class="dunkel">Home Country Selection</h2> <p> @@ -88,9 +102,9 @@ $countryList </select> <button id="eIDASButton" name="bkuButton" type="button">Proceed</button> - <!--a href="info_stork.html" target="_blank" class="infobutton">i</a--> + a href="info_stork.html" target="_blank" class="infobutton">i</a </p> - </div> + </div>--> <div id="metroDetected" class="unvisible"> <p>Anscheinend verwenden Sie Internet Explorer im diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css index c8de82c50..40e8eae7a 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css @@ -1,687 +1,368 @@ @charset "utf-8"; - @media screen and (min-width: 650px) { - - body { - margin:0; - padding:0; - color : #000; - background-color : #fff; - text-align: center; - background-color: #6B7B8B; - } - - .browserInfoButton{ - color: rgb(128, 128, 128); - } - - #localBKU p { - font-size: 0.7em; - } - - #localBKU input{ - font-size: 0.85em; - /*border-radius: 5px;*/ - } - - #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit]{ - font-size: 0.85em; - /*border-radius: 7px;*/ - margin-bottom: 25px; - min-width: 80px; - } - - #mandateLogin { - font-size: 0.85em; - } - - #bku_header h2 { - font-size: 0.8em; - } - - - #page { - display: block; - border: 2px solid rgb(0,0,0); - width: 650px; - height: 460px; - margin: 0 auto; - margin-top: 5%; - position: relative; - border-radius: 25px; - background: rgb(255,255,255); - } - - #page1 { - text-align: center; - } + body { + margin:0; + padding:0; + color : #000; + background-color : #fff; + text-align: left; + background-color: #E6E6E6; + } + + .browserInfoButton{ + color: rgb(128, 128, 128); + } + + #page { + display: block; + margin: 0 auto; + margin-top: 5%; + position: relative; + background: rgb(255,255,255); + } - #main { - /* clear:both; */ - position:relative; - margin: 0 auto; - /*width: 250px;*/ - text-align: center; - } + #page1 { + padding-top: 1%; + text-align: center; + } - .OA_header { - /* background-color: white;*/ - font-size: 20pt; - margin-bottom: 25px; - margin-top: 25px; - } - #alert_area { - width: 500px; - padding-left: 80px; - } - #leftcontent { - /*float:left; */ - width:250px; - margin-bottom: 25px; - text-align: left; - border: 1px solid rgb(0,0,0); - } - - #selectArea { - font-size: 15px; - padding-bottom: 65px; - } - - #leftcontent { - width: 300px; - /*margin-top: 30px;*/ - margin: auto; - } - - #bku_header { - height: 5%; - padding-bottom: 3px; - padding-top: 3px; - } - - #bkulogin { - overflow:hidden; - min-width: 190px; - min-height: 180px; - /*height: 260px;*/ - } - - h2#tabheader{ - font-size: 1.1em; - padding-left: 2%; - padding-right: 2%; - position: relative; - } - - #stork h2 { - font-size: 1.0em; - margin-bottom: 2%; - } - - .setAssertionButton_full { - background: #efefef; - cursor: pointer; - margin-top: 15px; - width: 100px; - height: 30px - } - - #leftbutton { - width: 30%; - float:left; - margin-left: 40px; - } - - #rightbutton { - width: 30%; - float:right; - margin-right: 45px; - text-align: right; - } - - button { - height: 25px; - width: 75px; - margin-bottom: 10px; - } - - - - #validation { - position: absolute; - bottom: 0px; - margin-left: 270px; - padding-bottom: 10px; - } - + #main { + float:left; + width: 100%; + text-align: center; + } + + h2#tabheader{ + font-size: 1.0em; + padding-left: 2%; + padding-right: 2%; + position: relative; + } + + #bkulogin { + min-width: 200px; + min-height: 155px; + margin-bottom: 5%; + } + #mandateLogin { + padding-bottom: 1%; + padding-top: 2%; + position: relative; + text-align: left; } - @media screen and (max-width: 205px) { - #localBKU p { - font-size: 0.6em; - } - .browserInfoButton{ - color: rgb(128, 128, 128); - } - - #localBKU input { - font-size: 0.6em; - min-width: 60px; - /* max-width: 65px; */ - min-height: 1.0em; - /* border-radius: 5px; */ - } - - #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit]{ - font-size: 0.7em; - min-width: 55px; - /*min-height: 1.1em; - border-radius: 5px;*/ - margin-bottom: 2% - } - - #mandateLogin { - font-size: 0.65em; - } - - #bku_header h2 { - font-size: 0.8em; - margin-top: -0.4em; - padding-top: 0.4em; - } - - #bkulogin { - min-height: 150px; - } + .unvisible { + visibility: hidden; } - @media screen and (max-width: 249px) and (min-width: 206px) { - #localBKU p { - font-size: 0.7em; - } - .browserInfoButton{ - color: rgb(128, 128, 128); - } - - #localBKU input { - font-size: 0.7em; - min-width: 70px; - /* max-width: 75px; */ - min-height: 0.95em; - /* border-radius: 6px; */ - } - - #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit] { - font-size: 0.75em; - min-width: 60px; - /* min-height: 0.95em; - border-radius: 6px; */ - margin-bottom: 5% - } - - #mandateLogin { - font-size: 0.75em; - } - - #bku_header h2 { - font-size: 0.9em; - margin-top: -0.45em; - padding-top: 0.45em; - } - - #bkulogin { - min-height: 180px; - } - } + .OA_header { + /* background-color: white;*/ + font-size: 2.1em; + margin-bottom: 1%; + margin-top: 1%; + } - @media screen and (max-width: 299px) and (min-width: 250px) { - #localBKU p { - font-size: 0.9em; - } - .browserInfoButton{ - color: rgb(128, 128, 128); - } - - #localBKU input { - font-size: 0.8em; - min-width: 70px; - /* max-width: 75px; */ - /* border-radius: 6px; */ - } - - #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit] { - font-size: 0.85em; - /* min-height: 1.05em; - border-radius: 7px; */ - margin-bottom: 10%; - } - - #mandateLogin { - font-size: 1em; - } - - #bku_header h2 { - font-size: 1.0em; - margin-top: -0.50em; - padding-top: 0.50em; - } + #ssoSessionTransferBlock { + font-size: 0.8em; + margin-left: 1%; + margin-bottom: 1%; } - @media screen and (max-width: 399px) and (min-width: 300px) { - #localBKU p { - font-size: 0.9em; - } - .browserInfoButton{ - color: rgb(128, 128, 128); - } - #localBKU input { - font-size: 0.8em; - min-width: 70px; - /* max-width: 75px; */ - /* border-radius: 6px; */ - } - - #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit] { - font-size: 0.9em; - /* min-height: 1.2em; - border-radius: 8px; */ - margin-bottom: 10%; - max-width: 80px; - } - - #mandateLogin { - font-size: 1em; - } - - #bku_header h2 { - font-size: 1.1em; - margin-top: -0.55em; - padding-top: 0.55em; - } + #processInfoArea { + margin-bottom: 4%; + margin-top: 4%; + } + + #processSelectionArea { + width: 550px; + margin-left: 25px; + margin-top: 35px; + } + + .processSelectionButtonArea { + float: none; + margin-bottom: 5%; + height: 35px; + } + + .processSelectionButton { + background: #ababab; + cursor: pointer; + height: 40px; + width: 200px; + float: right; + } + + .buttonDescription { + float: left; + margin-left: 10px; + padding-bottom: 0.4em; + text-align: left; + width: 60%; + } + + #processContent { + margin-top: 10%; } - - @media screen and (max-width: 649px) and (min-width: 400px) { - #localBKU p { - font-size: 0.9em; - } - .browserInfoButton{ - color: rgb(128, 128, 128); - } - #localBKU input { - font-size: 0.8em; - min-width: 70px; - /* max-width: 80px; */ - /* border-radius: 6px; */ - } - - #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit] { - font-size: 1.0em; - /* min-height: 1.3em; - border-radius: 10px; */ - margin-bottom: 10%; - max-width: 85px; - } - - #mandateLogin { - font-size: 1.2em; - } - - #bku_header h2 { - font-size: 1.3em; - margin-top: -0.65em; - padding-top: 0.65em; - } + + #eIDASSelection { + width: 120px; + margin-right: 5px; } + #bkukarte { + float:left; + width:33%; + text-align:center; + margin-top: 2%; + } - - @media screen and (max-width: 649px) { - - body { - margin:0; - padding:0; - color : #000; - text-align: center; - font-size: 100%; - background-color: $MAIN_BACKGOUNDCOLOR; - } - .browserInfoButton{ - color: rgb(128, 128, 128); - } - #page { - visibility: hidden; - margin-top: 0%; - } - - #page1 { - visibility: hidden; - } - - #main { - visibility: hidden; - } - - #validation { - visibility: hidden; - display: none; - } - - .OA_header { - margin-bottom: 0px; - margin-top: 0px; - font-size: 0pt; - visibility: hidden; - } - - #alert_area { - visibility: visible; - width: 250px; - } - #alert_area > p:first-child { - display: none; - visibility: hidden; - } - - #leftcontent { - visibility: visible; - margin-bottom: 0px; - text-align: left; - border:none; - vertical-align: middle; - min-height: 173px; - min-width: 204px; - - } - - #bku_header { - height: 10%; - min-height: 1.2em; - margin-top: 1%; - } - - h2#tabheader{ - padding-left: 2%; - padding-right: 2%; - position: relative; - top: 50%; - } - - #stork h2 { - font-size: 0.9em; - margin-bottom: 2%; - } - - #bkulogin { - min-width: 190px; - min-height: 155px; - } + #bkuhandy { + float:left; + width:33%; + text-align:center; + margin-top: 2%; + } + + #bkueulogin { + display:block; + float:left; + text-align:center; + width:33%; + margin-top: 2%; + } + + .bkuimage { + width: 55%; + } + + input { + width:auto; + cursor: pointer; - .setAssertionButton_full { - background: #efefef; - cursor: pointer; - margin-top: 15px; - width: 70px; - height: 25px; - } - - input[type=button],input[type=submit] { -/* height: 11%; */ - width: 70%; - } - } - - * { - margin: 0; - padding: 0; - #if($FONTTYPE) - font-family: $FONTTYPE; - #end - } - - #selectArea { - padding-top: 10px; - padding-bottom: 55px; - padding-left: 10px; - } - - .setAssertionButton { - background: #efefef; - cursor: pointer; - margin-top: 15px; - width: 70px; - height: 25px; - } - - #leftbutton { - width: 35%; - float:left; - margin-left: 15px; - } + } + + #localBKU input { + display: inline-block; + + } - #rightbutton { - width: 35%; - float:right; - margin-right: 25px; - text-align: right; - } + #localBKU input:hover, #localBKU input:focus, #localBKU input:active { + /*text-decoration: underline;*/ + } + + #installJava, #BrowserNOK { + clear:both; + font-size:0.8em; + padding:4px; + } + - #ssoSessionTransferBlock { + #ssoSessionTransferBlock { clear: both; - } - - #stork { - /*margin-bottom: 10px;*/ - /* margin-top: 5px; */ - clear: both; - } + } + + #stork { + clear: both; + } - #mandateLogin { - padding-bottom: 4%; - padding-top: 4%; - height: 10%; - position: relative; - text-align: center; - } + - .verticalcenter { + .verticalcenter { vertical-align: middle; } + + .mandate{ + float: left; + margin-left: 2%; + font-size: 1.3em; + } - #mandateLogin div { + #mandateLogin div { clear: both; margin-top: -1%; position: relative; top: 50%; - } - - #bkuselectionarea { - position: relative; - display: block; - } - - #localBKU { + } + + #localBKU { padding-bottom: 4%; /*padding-top: 4%;*/ position: relative; clear: both; text-align: center; - } - - #bkukarte { - float:left; - text-align:center; - width:40%; - min-height: 70px; - padding-left: 5%; - padding-top: 2%; - } - - #bkuhandy { - float:right; - text-align:center; - width:40%; - min-height: 90px; - padding-right: 5%; - padding-top: 2%; - } - - .bkuimage { - width: 60%; - height: auto; - margin-bottom: 10%; - } - - #mandate{ - text-align:center; - padding : 5px 5px 5px 5px; - } - -/* input[type=button], .sendButton { - background: $BUTTON_BACKGROUNDCOLOR; - color: $BUTTON_COLOR; -/* border:1px solid #000; */ -/* cursor: pointer; -/* box-shadow: 3px 3px 3px #222222; */ -/* } - -/* button:hover, button:focus, button:active, - .sendButton:hover , .sendButton:focus, .sendButton:active, - #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active { - background: $BUTTON_BACKGROUNDCOLOR_FOCUS; - color: $BUTTON_COLOR; -/* border:1px solid #000; */ -/* cursor: pointer; -/* box-shadow: -1px -1px 3px #222222; */ -/* } - -*/ - input { - /*border:1px solid #000;*/ - cursor: pointer; - } - - #localBKU input { -/* color: $BUTTON_COLOR; */ - /*border: 0px;*/ - display: inline-block; - - } - - #localBKU input:hover, #localBKU input:focus, #localBKU input:active { - /*text-decoration: underline;*/ - } - - #installJava, #BrowserNOK { - clear:both; - font-size:0.8em; - padding:4px; - } - - .selectText{ - - } - + } + + #selectArea { + width:90%; + padding-left: 4% + } - .selectTextHeader{ - - } - - .sendButton { - width: 30%; - margin-bottom: 1%; - } - - #leftcontent a { - text-decoration:none; - color: #000; - /* display:block;*/ - padding:4px; - } - - #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active { - text-decoration:underline; - color: #000; - } - - .infobutton { - background-color: #005a00; - color: white; - font-family: serif; - text-decoration: none; - padding-top: 2px; - padding-right: 4px; - padding-bottom: 2px; - padding-left: 4px; - font-weight: bold; - } - - .hell { - background-color : $MAIN_BACKGOUNDCOLOR; + .setAssertionButton { + background: #efefef; + cursor: pointer; + margin-top: 15px; + width: 70px; + height: 25px; + } + #leftcontent { + width: 70%; + margin-bottom: 4%; + text-align: left; + border: 1px solid rgb(0,0,0); + margin:auto; + } + .hell { + background-color : $MAIN_BACKGOUNDCOLOR; color: $MAIN_COLOR; - } + } - .dunkel { - background-color: $HEADER_BACKGROUNDCOLOR; + .dunkel { + background-color: $HEADER_BACKGROUNDCOLOR; color: $HEADER_COLOR; - } - - .main_header { - color: black; - font-size: 32pt; - position: absolute; - right: 10%; - top: 40px; - - } - - #ssoSessionTransferBlock { - font-size: 0.8em; - margin-left: 5px; - margin-bottom: 5px; + } + + +@media screen and (min-width: 650px) { + + #page { + width: 650px; + height: 460px; + } + + #localBKU p { + font-size: 0.7em; + } + + #localBKU input{ + font-size: 0.85em; + /*border-radius: 5px;*/ + } + + #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit]{ + font-size: 0.85em; + width:65% + } + + #mandateLogin { + font-size: 0.85em; + } + + #alert_area { + width: 500px; + padding-left: 80px; + } + + #selectArea { + font-size: 15px; + padding-bottom: 65px; } - #processInfoArea { - margin-bottom: 15px; + + #stork h2 { + font-size: 1.0em; + margin-bottom: 2%; + } + + .setAssertionButton_full { + background: #efefef; + cursor: pointer; margin-top: 15px; - } - #processSelectionArea { - width: 550px; - margin-left: 25px; - margin-top: 35px; - } - .processSelectionButtonArea { - float: none; - margin-bottom: 20px; - height: 35px; - } - .processSelectionButton { - background: #ababab; - cursor: pointer; - height: 30px; - width: 200px; - float: right; - border-style: solid; - border-bottom-width: 2px; - border-right-width: 2px; - border-left-width: 1px; - border-top-width: 1px; - border-color: #000000; - } - .buttonDescription { - float: left; - margin-left: 10px; - padding-top: 4px; - text-align: left; - width: 330px; - } - #processContent { - margin-top: 25px; - } - #eIDASButton { - /*color:#FFF;*/ - } - #eIDASSelection { - width: 120px; - margin-right: 5px; - } - .unvisible { + width: 100px; + height: 30px + } + + + #validation { + position: absolute; + bottom: 0px; + margin-left: 270px; + padding-bottom: 10px; + } +} + + + +@media screen and (max-width: 649px) { + + body { + background-color:#fff; + } + + #page { + visibility: hidden; + margin-top: 0%; + } + + #page1 { + visibility: hidden; + } + + #main { + visibility: hidden; + } + + #validation { + visibility: hidden; display: none; - }
\ No newline at end of file + } + + .OA_header { + margin-bottom: 0%; + margin-top: 0%; + font-size: 0pt; + visibility: hidden; + } + + #alert_area { + visibility: visible; + width: 250px; + } + + #alert_area > p:first-child { + display: none; + visibility: hidden; + } + + + h2#tabheader{ + font-size: 1.5em; + position: relative; + } + .mandate{ + font-size: 1.0em; + } + + #leftcontent { + float: left; + width:auto; + border:none; + visibility:visible; + margin-bottom: 2%; + } + .bkuimage { + width: 40%; + } + + #bkukarte { + box-sizing: border-box; + } + + #bkuhandy { + box-sizing: border-box; + } + + #bkueulogin { + box-sizing: border-box; + } + + .setAssertionButton_full { + background: #efefef; + cursor: pointer; + margin-top: 15px; + width: 70px; + height: 25px; + } + + input[type=button],input[type=submit] { + width:65%; + } +}
\ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/javascript_tempalte.js b/id/server/data/deploy/conf/moa-id/htmlTemplates/javascript_tempalte.js index 313f14b4a..15b82614c 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/javascript_tempalte.js +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/javascript_tempalte.js @@ -84,9 +84,9 @@ function isIE() { /* setSSOSelection(); */ var ccc = "AT"; - var countrySelection = document.getElementById("eIDASSelection"); + var countrySelection = document.getElementById("cccSelection"); if (countrySelection != null) { - ccc = document.getElementById("eIDASSelection").value; + ccc = document.getElementById("cccSelection").value; } var iFrameURL = "$contextPath$submitEndpoint" + "?"; iFrameURL += "&pendingid=" + "$pendingReqID"; @@ -238,7 +238,22 @@ function isIE() { } function setUseMandateFlag(e) { /*document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);*/ - e.setAttribute("aria-checked", e.checked); + e.target.setAttribute("aria-checked", e.target.checked); + if (e.target.checked) { + var image = document.getElementById("eIDASImage"); + var srcatt = image.getAttribute("src"); + var last = srcatt.substring(srcatt.lastIndexOf('/')+1); + srcatt = srcatt.replace(last,'eIDAS_small_deactivated.png'); + image.setAttribute("src",srcatt); + document.getElementById("buttonEULogin").disabled=true; + } else { + var image = document.getElementById("eIDASImage"); + var srcatt = image.getAttribute("src"); + var last = srcatt.substring(srcatt.lastIndexOf('/')+1); + srcatt = srcatt.replace(last,'eIDAS_small.png'); + image.setAttribute("src",srcatt); + document.getElementById("buttonEULogin").disabled=false + } } document.addEventListener('resize', onChangeChecks); @@ -246,7 +261,7 @@ function isIE() { document.querySelector('#mandateCheckBox').addEventListener('click', setUseMandateFlag); document.querySelector('#moaidform>input[type=submit]').addEventListener('click', setMandateSelection); document.querySelector('#bkuhandy>input[type=button]').addEventListener('click', bkuHandyClicked); - document.querySelector('#stork button[type=button]').addEventListener('click', storkClicked); + document.querySelector('#moaideIDASform>input[type=submit]').addEventListener('click', setMandateSelection); onChangeChecks(); }); diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html index fe9bc2166..4e548e58c 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html @@ -4,7 +4,7 @@ <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <!-- MOA-ID 2.x BKUSelection Layout CSS --> - <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=$pendingReqID" /> + <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=$pendingReqID"/> <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions--> <script src="$contextPath/js/buildJS?pendingid=$pendingReqID"></script> @@ -26,8 +26,8 @@ <div id="mandateLogin" class="$MANDATEVISIBLE"> <div> <input tabindex="1" type="checkbox" name="Mandate" - id="mandateCheckBox" class="verticalcenter" role="checkbox" $MANDATECHECKED> - <label for="mandateCheckBox" class="verticalcenter">in + id="mandateCheckBox" class="mandate" role="checkbox" $MANDATECHECKED> + <label for="mandateCheckBox" class="mandate">in Vertretung anmelden</label> <!--a href="info_mandates.html" target="_blank" @@ -37,31 +37,41 @@ </div> <div id="bkuselectionarea"> <div id="bkukarte"> - <img id="bkuimage" class="bkuimage" src="$contextPath/img/karte.png" alt="OnlineBKU" /> + <img id="bkuimage" class="bkuimage" src="$contextPath/img/karte.png" alt="OnlineBKU"/> - <!-- Remove support for Online BKU and swith the card button to local BKU--> - <!--input name="bkuButtonOnline" type="button" onClick="bkuOnlineClicked();" tabindex="2" role="button" value="Karte" /--> + <!-- Remove support for Online BKU and swith the card button to local BKU--> + <!--input name="bkuButtonOnline" type="button" onClick="bkuOnlineClicked();" tabindex="2" role="button" value="Karte" /--> - <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent"> - <input type="hidden" name="bkuURI" value="$bkuLocal" /> - <input type="hidden" name="useMandate" id="useMandate" /> - <input type="hidden" name="SSO" id="useSSO" /> - <input type="hidden" name="ccc" id="ccc" /> - <input type="hidden" name="pendingid" value="$pendingReqID" /> - <input type="submit" value=" Karte " tabindex="4" role="button"> - </form> + <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent"> + <input type="hidden" name="bkuURI" value="$bkuLocal" /> + <input type="hidden" name="useMandate" id="useMandate" /> + <input type="hidden" name="SSO" id="useSSO" /> + <input type="hidden" name="ccc" id="ccc" /> + <input type="hidden" name="pendingid" value="$pendingReqID" /> + <input type="submit" value=" Karte " tabindex="5" role="button" /> + </form> - <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/feature/bkuDetection?pendingid=$pendingReqID"></iframe> + <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/feature/bkuDetection?pendingid=$pendingReqID"></iframe> - <!-- BKU detection with static template--> - <!--iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/iframeLBKUdetect.html"></iframe--> - - </div> - <div id="bkuhandy"> - <img class="bkuimage" src="$contextPath/img/handysign.png" alt="HandyBKU" /> - <input name="bkuButtonHandy" type="button" tabindex="3" role="button" value="HANDY" /> - </div> - </div> + <!-- BKU detection with static template--> + <!--iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/iframeLBKUdetect.html"></iframe--> + </div> + + <div id="bkuhandy"> + <img class="bkuimage" src="$contextPath/img/handysign.png" alt="HandyBKU" /> + <input name="bkuButtonHandy" type="button" tabindex="3" role="button" value="HANDY" /> + </div> + + + <div id="bkueulogin" class="$eIDASVisible"> + <img id="eIDASImage" class="bkuimage" src="$contextPath/img/eIDAS_small.png" alt="EULogin" /> + <form method="get" id="moaideIDASform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent"> + <input type="hidden" name="useeIDAS" value="true" /> + <input type="hidden" name="useMandate" id="useMandate" /> + <input type="hidden" name="pendingid" value="$pendingReqID" /> + <input id="buttonEULogin" name="bkuButtonEULogin" type="submit" role="button" value="EULogin" /> + </form> + </div> <!--div id="localBKU"> <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent"> @@ -80,7 +90,11 @@ <!--div id="ssoSessionTransferBlock"> <a href="$contextPath$submitEndpoint?pendingid=$pendingReqID&restoreSSOSession=true">>Restore SSO Session from Smartphone</a> </div--> - + + + + + <!-- <div id="stork" align="center" class="$STORKVISIBLE"> <h2 id="tabheader" class="dunkel">Home Country Selection</h2> <p> @@ -88,9 +102,9 @@ $countryList </select> <button id="eIDASButton" name="bkuButton" type="button">Proceed</button> - <!--a href="info_stork.html" target="_blank" class="infobutton">i</a--> + a href="info_stork.html" target="_blank" class="infobutton">i</a </p> - </div> + </div>--> <div id="metroDetected" class="unvisible"> <p>Anscheinend verwenden Sie Internet Explorer im diff --git a/id/server/data/deploy/conf/moa-id/keys/sl20.jks b/id/server/data/deploy/conf/moa-id/keys/sl20.jks Binary files differnew file mode 100644 index 000000000..e1896b9e5 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/keys/sl20.jks diff --git a/id/server/data/deploy/conf/moa-id/log4j.properties b/id/server/data/deploy/conf/moa-id/log4j.properties index 2c3b8a311..2914fcff1 100644 --- a/id/server/data/deploy/conf/moa-id/log4j.properties +++ b/id/server/data/deploy/conf/moa-id/log4j.properties @@ -5,6 +5,7 @@ org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFacto log4j.rootLogger=warn,stdout ### MOA-ID process log ### +log4j.logger.at.gv.egiz.eaaf=info,moaid log4j.logger.at.gv.egovernment.moa.id=info,moaid log4j.logger.at.gv.egovernment.moa.spss=info,moaid diff --git a/id/server/data/deploy/conf/moa-id/logback_config.xml b/id/server/data/deploy/conf/moa-id/logback_config.xml index c00e62e52..fa221fbc2 100644 --- a/id/server/data/deploy/conf/moa-id/logback_config.xml +++ b/id/server/data/deploy/conf/moa-id/logback_config.xml @@ -8,14 +8,11 @@ <!-- http://www.qos.ch/shop/products/professionalSupport --> <!-- --> <configuration> - <!-- Errors were reported during translation. --> - <!-- No class found for appender CONFIGTOOL R --> - <!-- Could not find transformer for null --> - <appender name="R" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <appender name="moaid" class="ch.qos.logback.core.rolling.RollingFileAppender"> <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> <File>${catalina.base}/logs/moa-id.log</File> <encoder> - <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %t | %m%n</pattern> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n</pattern> </encoder> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> <maxIndex>1</maxIndex> @@ -25,14 +22,25 @@ <MaxFileSize>10000KB</MaxFileSize> </triggeringPolicy> </appender> - <appender name="CONFIGTOOL R"> - <!--No layout specified for appender named [CONFIGTOOL R] of class [null]--> + <appender name="moaspss" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <File>${catalina.base}/logs/moa-spss.log</File> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n</pattern> + </encoder> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <maxIndex>1</maxIndex> + <FileNamePattern>${catalina.base}/logs/moa-spss.log.%i</FileNamePattern> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <MaxFileSize>10000KB</MaxFileSize> + </triggeringPolicy> </appender> <appender name="CONFIGTOOL" class="ch.qos.logback.core.rolling.RollingFileAppender"> <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> <File>${catalina.base}/logs/moa-id-webgui.log</File> <encoder> - <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %t | %m%n</pattern> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n</pattern> </encoder> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> <maxIndex>1</maxIndex> @@ -42,30 +50,56 @@ <MaxFileSize>10000KB</MaxFileSize> </triggeringPolicy> </appender> + <appender name="reversion" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <File>${catalina.base}/moa-id-reversion.log</File> + <encoder> + <pattern>%5p | %d{ISO8601} | %t | %m%n</pattern> + </encoder> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <maxIndex>9999</maxIndex> + <FileNamePattern>${catalina.base}/moa-id-reversion.log.%i</FileNamePattern> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <MaxFileSize>10000KB</MaxFileSize> + </triggeringPolicy> + </appender> <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender"> <encoder> - <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} |%20.20c | %10t | %m%n</pattern> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n</pattern> </encoder> </appender> - <logger name="eu.stork" level="info"/> - <logger name="iaik.server" level="info"/> - <logger name="at.gv.egovernment.moa.id" level="info"> - <appender-ref ref="R"/> + <logger name="at.gv.egiz.eaaf" level="info"> + <appender-ref ref="moaid"/> + </logger> + <logger name="at.gv.egovernment.moa.spss" level="info"> + <appender-ref ref="moaspss"/> + </logger> + <logger name="pki" level="info"> + <appender-ref ref="moaspss"/> </logger> <logger name="at.gv.egovernment.moa.id.commons" level="info"> - <appender-ref ref="CONFIGTOOL R"/> + <appender-ref ref="CONFIGTOOL"/> </logger> - <logger name="org.hibernate" level="warn"/> - <logger name="at.gv.egiz.components.configuration" level="info"> + <logger name="at.gv.egovernment.moa.id.configuration" level="info"> <appender-ref ref="CONFIGTOOL"/> </logger> - <logger name="at.gv.egovernment.moa.id.proxy" level="info"/> + <logger name="at.gv.egiz.eventlog.plain.all" level="info"> + <appender-ref ref="reversion"/> + </logger> <logger name="at.gv.egovernment.moa.id.config.webgui" level="info"> <appender-ref ref="CONFIGTOOL"/> </logger> - <logger name="at.gv.egovernment.moa.spss" level="info"/> - <logger name="at.gv.egovernment.moa" level="info"/> - <root level="info"> + <logger name="at.gv.egiz.components.configuration" level="info"> + <appender-ref ref="CONFIGTOOL"/> + </logger> + <logger name="at.gv.egovernment.moa.id" level="info"> + <appender-ref ref="moaid"/> + </logger> + <logger name="iaik.server" level="info"> + <appender-ref ref="moaspss"/> + </logger> + <root level="warn"> <appender-ref ref="stdout"/> </root> </configuration> diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties index 24fe78261..6dddb454a 100644 --- a/id/server/data/deploy/conf/moa-id/moa-id.properties +++ b/id/server/data/deploy/conf/moa-id/moa-id.properties @@ -29,21 +29,26 @@ configuration.monitoring.test.identitylink.url=$PATH_TO_CONFIG$/conf/moa-id/moni #MOA-ID 3.x Advanced Logging configuration.advancedlogging.active=false -##Webservice Client Configuration -#MOA-SP webservice -#service.moasp.acceptedServerCertificates= -#service.moasp.clientKeyStore= -#service.moasp.clientKeyStorePassword= +######################## Externe Services ############################################ -#Online mandates webservice (MIS) +######## Online mandates webservice (MIS) ######## service.onlinemandates.acceptedServerCertificates= service.onlinemandates.clientKeyStore=keys/.... service.onlinemandates.clientKeyStorePassword= -#Foreign Identities (SZRGW) -service.foreignidentities.acceptedServerCertificates= -service.foreignidentities.clientKeyStore=keys/.... -service.foreignidentities.clientKeyStorePassword= +######## central eIDAS-node connector module ########## +modules.eidascentralauth.keystore.path=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 +modules.eidascentralauth.keystore.password=password +modules.eidascentralauth.metadata.sign.alias=pvp_metadata +modules.eidascentralauth.metadata.sign.password=password +modules.eidascentralauth.request.sign.alias=pvp_assertion +modules.eidascentralauth.request.sign.password=password +modules.eidascentralauth.response.encryption.alias=pvp_assertion +modules.eidascentralauth.response.encryption.password=password +modules.eidascentralauth.node.trustprofileID=centralnode_metadata + + +######################## Protokolle am IDP ############################################ ##Protocol configuration## #PVP2 @@ -63,9 +68,9 @@ protocols.oauth20.jwt.ks.password=password protocols.oauth20.jwt.ks.key.name=oauth protocols.oauth20.jwt.ks.key.password=password -##Database configuration## -configuration.database.byteBasedValues=false +######################## Datenbankkonfiguration ############################################ +configuration.database.byteBasedValues=false #Hibnerate configuration for MOA-ID 3.x session store moasession.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect @@ -147,11 +152,38 @@ advancedlogging.dbcp.testWhileIdle=false advancedlogging.dbcp.validationQuery=select 1 -################ Additonal eID-modul configuration #################################### -## This additional eID moduls add special functionality to MOA-ID-Auth. -## The configuration of this modules is only needed if this modules are in use. -######## -### eIDAS protocol configuration ### +################ Additonal eID-modul configuration ################################ +## This additional eID moduls add special functionality to MOA-ID-Auth. # +## The configuration of this modules is only needed if this modules are in use. # +################################################################################### + +######## SL2.0 authentication module ######## +modules.sl20.vda.urls.qualeID.endpoint.default=https://www.handy-signatur.at/securitylayer2 +modules.sl20.vda.urls.qualeID.endpoint.1=https://hs-abnahme.a-trust.at/securitylayer2 +modules.sl20.vda.urls.qualeID.endpoint.2=https://test1.a-trust.at/securitylayer2 +modules.sl20.security.keystore.path=keys/sl20.jks +modules.sl20.security.keystore.password=password +modules.sl20.security.sign.alias=signing +modules.sl20.security.sign.password=password +modules.sl20.security.encryption.alias=encryption +modules.sl20.security.encryption.password=password +modules.sl20.vda.authblock.id=default +modules.sl20.vda.authblock.transformation.id=SL20Authblock_v1.0,SL20Authblock_v1.0_SIC +modules.sl20.security.eID.validation.disable=false +modules.sl20.security.eID.signed.result.required=true +modules.sl20.security.eID.encryption.enabled=true +modules.sl20.security.eID.encryption.required=true + +######## user-restriction ########## +configuration.restrictions.sp.entityIds= +configuration.restrictions.sp.users.url= +configuration.restrictions.sp.users.sector= + +####### Direkte Fremd-bPK Berechnung ######## +configuration.foreignsectors.pubkey.xxxxTargetxxx= xxx BASE64-Cert xxx + +######## eIDAS protocol configuration ######## +######## This is ONLY required, if MOA-ID operates as an eIDAS node!!! ######## moa.id.protocols.eIDAS.samlengine.config.file=eIDAS/SamlEngine_basics.xml moa.id.protocols.eIDAS.samlengine.sign.config.file=eIDAS/SignModule.xml moa.id.protocols.eIDAS.samlengine.enc.config.file=eIDAS/EncryptModule.xml @@ -160,7 +192,7 @@ moa.id.protocols.eIDAS.node.country=Austria moa.id.protocols.eIDAS.node.countrycode=AT moa.id.protocols.eIDAS.node.LoA=http://eidas.europa.eu/LoA/high -### HBV Mandate-Service client module ### +######## HBV Mandate-Service client module ######## modules.elga_mandate.nameID.target=urn:publicid:gv.at:cdid+GH modules.elga_mandate.service.metadata.trustprofileID= modules.elga_mandate.service.mandateprofiles= @@ -173,7 +205,7 @@ modules.elga_mandate.request.sign.password=password modules.elga_mandate.response.encryption.alias=pvp_assertion modules.elga_mandate.response.encryption.password=password -### SSO Interfederation client module ### +######## SSO Interfederation client module ######## modules.federatedAuth.keystore.path=keys/moa_idp[password].p12 modules.federatedAuth.keystore.password=password modules.federatedAuth.metadata.sign.alias=pvp_metadata @@ -183,8 +215,8 @@ modules.federatedAuth.request.sign.password=password modules.federatedAuth.response.encryption.alias=pvp_assertion modules.federatedAuth.response.encryption.password=password -#Redis Settings, if Redis is used as a backend for session data. -#has to be enabled with the following parameter +######## Redis Settings, if Redis is used as a backend for session data. +# has to be enabled with the following parameter #redis.active=true redis.use-pool=true redis.host-name=localhost diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml index 31fc8a16c..9dede486d 100644 --- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml +++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml @@ -64,6 +64,10 @@ <cfg:Id>PVP_metadata</cfg:Id> <cfg:TrustAnchorsLocation>trustProfiles/PVP_metadata</cfg:TrustAnchorsLocation> </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>centralnode_metadata</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/centralnode_metadata</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> </cfg:PathValidation> <cfg:RevocationChecking> <cfg:EnableChecking>true</cfg:EnableChecking> @@ -125,5 +129,16 @@ <cfg:Id>MOAIDTransformAuthBlockTable_EN</cfg:Id> <cfg:Location>profiles/MOAIDTransformAuthBlockTable_EN.xml</cfg:Location> </cfg:VerifyTransformsInfoProfile> + + <!-- AuthBlock transformations for Security Layer v2.0 --> + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>SL20Authblock_v1.0</cfg:Id> + <cfg:Location>profiles/SL20_authblock_v1.0.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>SL20Authblock_v1.0_SIC</cfg:Id> + <cfg:Location>profiles/SL20_authblock_v1.0_SIC.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + </cfg:SignatureVerification> </cfg:MOAConfiguration> diff --git a/id/server/data/deploy/conf/moa-spss/profiles/SL20_authblock_v1.0.xml b/id/server/data/deploy/conf/moa-spss/profiles/SL20_authblock_v1.0.xml new file mode 100644 index 000000000..e67b1f5ce --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/profiles/SL20_authblock_v1.0.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="saml2" version="1.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xsl:output method="xml" xml:space="default" /><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signatur der Anmeldedaten</title><style media="screen" type="text/css"> + .normalstyle { font-size: medium; } + .italicstyle { font-size: medium; font-style: italic; } + .titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; } + .h4style { font-size: large; } + .hidden {display: none; } + </style></head><body><h4 class="h4style">Anmeldedaten:</h4><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)"><tr><td class="italicstyle">Vorname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)"><tr><td class="italicstyle">Nachname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">Vollmacht: </td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Identifikator: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderUniqueId']/saml2:AttributeValue" /></td></tr><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)"><tr><td class="italicstyle">Name: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)"><tr><td class="italicstyle">Staat: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue" /></td></tr></xsl:if></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,9,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,6,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,1,4)" /></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,12,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,15,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,18,2)" /></td></tr><tr><td class="italicstyle">TransaktionsToken: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/@ID" /></td></tr><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle"> + Vollmachten-Referenz: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue" /></td></tr></xsl:if><tr class="hidden"><td class="italicstyle">DataURL: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience" /></td></tr><xsl:if test="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"><tr class="hidden"><td class="italicstyle">AuthBlockValidTo: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter" /></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></dsig:Transforms></VerifyTransformsInfoProfile> diff --git a/id/server/data/deploy/conf/moa-spss/profiles/SL20_authblock_v1.0_SIC.xml b/id/server/data/deploy/conf/moa-spss/profiles/SL20_authblock_v1.0_SIC.xml new file mode 100644 index 000000000..741013cd1 --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/profiles/SL20_authblock_v1.0_SIC.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="saml2" version="1.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xsl:output method="xml" xmlns:xml="http://www.w3.org/XML/1998/namespace" xml:space="default"/><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signatur der Anmeldedaten</title><style media="screen" type="text/css"> + .normalstyle { font-size: medium; } + .italicstyle { font-size: medium; font-style: italic; } + .titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; } + .h4style { font-size: large; } + .hidden {display: none; } + </style></head><body><h4 class="h4style">Anmeldedaten:</h4><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)"><tr><td class="italicstyle">Vorname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)"><tr><td class="italicstyle">Nachname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">Vollmacht: </td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Identifikator: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderUniqueId']/saml2:AttributeValue"/></td></tr><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)"><tr><td class="italicstyle">Name: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)"><tr><td class="italicstyle">Staat: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue"/></td></tr></xsl:if></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,18,2)"/></td></tr><tr><td class="italicstyle">TransaktionsTokken: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/@ID"/></td></tr><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle"> + Vollmachten-Referenz: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"/></td></tr></xsl:if><tr class="hidden"><td class="italicstyle">DataURL: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience"/></td></tr><xsl:if test="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"><tr class="hidden"><td class="italicstyle">AuthBlockValidTo: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"/></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms></VerifyTransformsInfoProfile> diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/centralnode_metadata/national_central_eIDAS_node_-_testsystem.crt b/id/server/data/deploy/conf/moa-spss/trustProfiles/centralnode_metadata/national_central_eIDAS_node_-_testsystem.crt new file mode 100644 index 000000000..2babcef6a --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/centralnode_metadata/national_central_eIDAS_node_-_testsystem.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEFTCCAn0CBFtIcMwwDQYJKoZIhvcNAQELBQAwTzELMAkGA1UEBhMCQVQxDTAL +BgNVBAoMBEVHSVoxMTAvBgNVBAMMKG5hdGlvbmFsIGNlbnRyYWwgZUlEQVMgbm9k +ZSAtIHRlc3RzeXN0ZW0wHhcNMTgwNzEzMDkyODQ0WhcNMjEwNDA3MDkyODQ0WjBP +MQswCQYDVQQGEwJBVDENMAsGA1UECgwERUdJWjExMC8GA1UEAwwobmF0aW9uYWwg +Y2VudHJhbCBlSURBUyBub2RlIC0gdGVzdHN5c3RlbTCCAaIwDQYJKoZIhvcNAQEB +BQADggGPADCCAYoCggGBALK4bdf5OremKkj0+xCjU0eN7RUd1A2VqoGnvFUst7xj +LQ1PspHiDf9Pm2cwOIJabSnuZ01hYAGz9X+lU3Z3fwhVc+tEsuzsaAml/LPw3i3+ +ppoSTJDMiDvhCoUKTzJ8HBQj2gTvXNlqPljyGneuCJ+uBMr7Okq/XjMTJj2xzvut +rHS3qIO+/w+OkY967QLVRXh0bdFqYqnyAnlYcWJPIwjanOJtE2difPYqers7ZW1F +9djP0+IZRoyaook5rpLYvuQTHuvulgIE3zGlTuOx3sk8zMyInMndqi75Eh+ROnnd +SZE7gN3u5CfFpuO5pxFa2jj1h/AnR39Tg8/sU+Se+AwHrNvee3IWhxk5LkelYevf +eCQos7Dv2ASE9XMCCs7FoE47w8fDalECh09MFKDiotpklbq3OrPg9NQ4D//k0GXl +W5jYUKP/Wq/+suAI6mfhSnNkjOGMcMlzNTmwxGD/v7Py6OVA+YcJQsqYalLrqbvT +2tXVmYBVO3oqafg+kfevfwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQCioM8k0EEB +FtY4QyxOYFufPDLw9PNPct01ltnTVjNEEt/L6/8zYlDwrDeULEkJS7mV9zV3657N +PQ5IPT/Ib93Uk/RPi0iOA2CGWIMaDQIODN3BUYr+zPUqhbKS6OWOhTgV8GiRCUbx +rT1uc1AiacP63pga3TJX8k8WFnfW+Dqm2MfWWlxr4X2YB9VUW55X5sBNy035jYhE +pp8NCK/fTAhoEQNCG+rm3T9qhT6YyOnbW2kXU747+ZwXT2qA5o4ya/9+6dDc+LUl +HCEm4X7c6bcGvCfNezB4k56FzbAJlOLf2VDGzvEQBf0hsB+kElezm1VBlEkZ4Mjz +pBpHBMoR21SwTpcvrbR4ig0Bk1eEHNK44sw0F32K5yww3gnJftMIZtPhjhk8UdG2 +/H6vs9s/to2Vj4V6wN4o79RTULoQ8RjL6MPWEWzwOvOZXJAo2XJEECvDivSjIJvN +C0lfrK3zI3LH3c1JR6q2EfeCZ50wTJMFoChSaqunJQXKo81g6wNhP00= +-----END CERTIFICATE----- diff --git a/id/server/data/deploy/tomcat/unix/tomcat-start.sh b/id/server/data/deploy/tomcat/unix/tomcat-start.sh index 9e292540a..d717ecd25 100644 --- a/id/server/data/deploy/tomcat/unix/tomcat-start.sh +++ b/id/server/data/deploy/tomcat/unix/tomcat-start.sh @@ -4,6 +4,9 @@ export JAVA_HOME= <insert java home directory (no trailing path separator)> export CATALINA_HOME= <insert Tomcat home directory (no trailing path separator)>
export CATALINA_BASE=$CATALINA_HOME
+FILE_ENCODING=-Dfile.encoding=UTF-8
+RAND_FILE=-Djava.security.egd=file:///dev/urandom
+
LOGGING_OPT=-Dlog4j.configuration=file:$CATALINA_BASE/conf/moa-id/log4j.properties
LOGGING_LOGBACK_OPT=-Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback_config.xml
@@ -21,7 +24,7 @@ PROXY_OPT=-Dmoa.id.proxy.configuration=$CATALINA_BASE/conf/moa-id-proxy/MOAIDCon #TRUST_STORE_PASS_OPT=-Djavax.net.ssl.trustStorePassword=changeit
#TRUST_STORE_TYPE_OPT=-Djavax.net.ssl.trustStoreType=jks
-export CATALINA_OPTS="$CONFIG_OPT $LOGGING_OPT $LOGGING_LOGBACK_OPT $SPSS_OPT $TRUST_STORE_OPT $TRUST_STORE_PASS_OPT $TRUST_STORE_TYPE_OPT $CONFIGTOOL_OPT $CONFIGTOOL_USER_OPT $DEMOOA_OPT $STORK_OPT $PROXY_OPT -Xms512m -Xmx1536m -XX:PermSize=256m"
+export CATALINA_OPTS="$FILE_ENCODING $RAND_FILE $CONFIG_OPT $LOGGING_OPT $LOGGING_LOGBACK_OPT $SPSS_OPT $TRUST_STORE_OPT $TRUST_STORE_PASS_OPT $TRUST_STORE_TYPE_OPT $CONFIGTOOL_OPT $CONFIGTOOL_USER_OPT $DEMOOA_OPT $STORK_OPT $PROXY_OPT -Xms512m -Xmx1536m -XX:PermSize=256m"
echo CATALINA_HOME: $CATALINA_HOME
echo CATALINA_BASE: $CATALINA_BASE
diff --git a/id/server/data/deploy/tomcat/win32/startTomcat.bat b/id/server/data/deploy/tomcat/win32/startTomcat.bat index 325ae1f20..afdd907c8 100644 --- a/id/server/data/deploy/tomcat/win32/startTomcat.bat +++ b/id/server/data/deploy/tomcat/win32/startTomcat.bat @@ -9,6 +9,9 @@ set CATALINA_HOME=<Tomcat home directory> rem ----------------------------------------------------------------------------------------------
+set FILE_ENCODING=-Dfile.encoding=UTF-8
+set RAND_FILE=-Djava.security.egd=file:///dev/urandom
+
set LOGGING_OPT=-Dlog4j.configuration=file:%CATALINA_HOME%/conf/moa-id/log4j.properties
set LOGGING_LOGBACK_OPT=-Dlogback.configurationFile=%CATALINA_HOME%/conf/moa-id/logback_config.xml
@@ -20,7 +23,7 @@ set DEMOOA_OPT=-Dmoa.id.demoOA=%CATALINA_HOME%/conf/moa-id-oa/oa.properties set STORK_OPT=-Deu.stork.samlengine.config.location=%CATALINA_HOME%/conf/moa-id/stork/
set PROXY_OPT=-Dmoa.id.proxy.configuration=%CATALINA_HOME%/conf/moa-id-proxy/MOAIDConfiguration.xml
-set PARAMS_MOA=%CONFIG_OPT_SPSS% %CONFIG_OPT_ID% %LOGGING_OPT% %LOGGING_LOGBACK_OPT% %CONFIGTOOL_OPT% %CONFIGTOOL_USER_OPT% %DEMOOA_OPT% %STORK_OPT% %PROXY_OPT% -Xms512m -Xmx1536m -XX:PermSize=256m
+set PARAMS_MOA=%FILE_ENCODING %RAND_FILE %CONFIG_OPT_SPSS% %CONFIG_OPT_ID% %LOGGING_OPT% %LOGGING_LOGBACK_OPT% %CONFIGTOOL_OPT% %CONFIGTOOL_USER_OPT% %DEMOOA_OPT% %STORK_OPT% %PROXY_OPT% -Xms512m -Xmx1536m -XX:PermSize=256m
rem set PARAM_TRUST_STORE=-Djavax.net.ssl.trustStore=truststore.jks
rem set PARAM_TRUST_STORE_PASS=-Djavax.net.ssl.trustStorePassword=changeit
diff --git a/id/server/doc/handbook/additional/additional.html b/id/server/doc/handbook/additional/additional.html index 9e3cdf11e..557f3d528 100644 --- a/id/server/doc/handbook/additional/additional.html +++ b/id/server/doc/handbook/additional/additional.html @@ -610,6 +610,31 @@ <td valign="top"> </td> <td valign="top">Personenbindung für Authentifizierung über eIDAS Node erstellt</td> </tr> + <tr> + <td valign="top">6200</td> + <td valign="top"> </td> + <td valign="top">Anmeldung via nationalen zentralen eIDAS Knoten gestartet</td> + </tr> + <tr> + <td valign="top">6201</td> + <td valign="top">RequestID</td> + <td valign="top">Weiterleitung an zentralen eIDAS Knoten mit RequestID</td> + </tr> + <tr> + <td valign="top">6202</td> + <td valign="top">ResponseID</td> + <td valign="top">Antwort von zentralem eIDAS Knoten mit ResponseID erhalten</td> + </tr> + <tr> + <td valign="top">6203</td> + <td valign="top"> </td> + <td valign="top">Antwort von zentralem eIDAS Knoten enthält einen Fehler</td> + </tr> + <tr> + <td valign="top">6204</td> + <td valign="top"> </td> + <td valign="top">Antwort von zentralem eIDAS Knoten vollständig und gültig</td> + </tr> </table> <p> </p> <p>Einzelne Events werden um einen Transaktionsparameter ergänzt, welcher in der Spalte Wert beschrieben ist. <br> diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html index 9e70c073d..116e9a078 100644 --- a/id/server/doc/handbook/config/config.html +++ b/id/server/doc/handbook/config/config.html @@ -59,7 +59,7 @@ <ol> <li><a href="#basisconfig_moa_id_auth_param_services_moasp">MOA-SP</a></li> <li><a href="#basisconfig_moa_id_auth_param_services_mandates">Online-Vollmachen</a></li> - <li><a href="#">Foreign Identities</a></li> + <li><a href="#">Zentraler eIDAS Knoten</a></li> </ol> </li> <li><a href="#basisconfig_moa_id_auth_param_protocol">Protokolle</a> @@ -76,8 +76,9 @@ </ol> </li> <li> <a href="#basisconfig_moa_id_auth_param_testing">Testing</a></li> + <li><a href="#basisconfig_moa_id_auth_sl20">Security Layer für mobile Authententifizierung</a></li> <li><a href="#basisconfig_moa_id_auth_szrclient">SZR Client für STORK <-> PVP Gateway Betrieb</a></li> - <li><a href="#basisconfig_moaid_stork2">STORK 2.0</a></li> + <li><a href="#basisconfig_moa_id_auth_others">Weitere optionale Konfigurationsparameter</a></li> </ol> </li> </ol> @@ -98,9 +99,8 @@ <li><a href="#konfigurationsparameter_allgemein_moasp">MOA-SP</a></li> <li><a href="#konfigurationsparameter_allgemein_services">Externe Services</a></li> <li><a href="#konfigurationsparameter_allgemein_sso">Single-Sign On (SSO)</a></li> - <li><a href="#konfigurationsparameter_allgemein_stork">Secure idenTity acrOss boRders linKed (STORK)</a></li> <li><a href="#konfigurationsparameter_allgemein_protocol">Protokolle</a> -<ol> + <ol> <li><a href="#konfigurationsparameter_allgemein_protocol_allowed">Protkolle aktivieren</a></li> <li><a href="#konfigurationsparameter_allgemein_protocol_legacy">Legacy Modus</a></li> <li><a href="#konfigurationsparameter_allgemein_protocol_saml1">SAML1 Konfiguration</a></li> @@ -120,11 +120,12 @@ </ol> </li> <li><a href="#konfigurationsparameter_oa_bku">BKU Konfiguration</a></li> + <li><a href="#konfigurationsparameter_oa_sl20">Security Layer für mobile Authententifizierung</a></li> <li><a href="#konfigurationsparameter_oa_testcredentials">Test Credentials</a></li> <li><a href="#konfigurationsparameter_oa_mandates">Vollmachten</a></li> - <li><a href="#konfigurationsparameter_oa_szr-gw-service">SZR-Gateway Service</a></li> + <li><a href="#konfigurationsparameter_oa_szr-gw-service">Zentraler eIDAS Connector</a></li> <li><a href="#konfigurationsparameter_oa_sso">Single Sign-On (SSO)</a></li> - <li><a href="#konfigurationsparameter_oa_stork">Secure idenTity acrOss boRders linKed (STORK)</a></li> + <li><a href="#konfigurationsparameter_oa_stork">Authentifizierung via eIDAS</a></li> <li><a href="#konfigurationsparameter_oa_protocol">Authentifizierungsprotokolle</a> <ol> <li><a href="#konfigurationsparameter_oa_protocol_saml1">SAML 1</a></li> @@ -460,32 +461,7 @@ UNIX: moa.id.configuration=file:C:/Programme/apache/tomcat-8.x.x/conf/moa-id/moa https://<host>:<port>/moa-id-auth/MonitoringServlet</pre> <p>Nach einem erfolgreichen Testdurchlauf Antwortet das Monitoring mit einen http Statuscode 200 und der oben definierten Statusmeldung aus dem Parameter <em>configuration.monitoring.message.success</em>. Im Falle eines Fehlers antwortet das Monitoring mit einem http Statuscode 500 und die Statusmeldung enthält eine Beschreibung des aufgetretenen Fehlers.</p> <h5><a name="basisconfig_moa_id_auth_param_services" id="uebersicht_bekanntmachung5"></a>2.2.2.2 Externe Services</h5> -<p>Für den Aufbau von Verbindungen zu anderen Komponenten werden in manchen Fällen spezielle Client-Zertifikate oder Sicherheitseinstellungen benötigt. In diesem Abschnitt erfolgt die Konfiguration der für den Verbindungsaufbau benötigten Parameter. Die Konfiguration der URL zum jeweiligen Service wird jedoch über die Web-Oberfläche des Modules MOA-ID-Configuration vorgenommen (siehe <a href="#konfigurationsparameter_allgemein_services">Kapitel 3.1.7</a>).</p> -<h6><a name="basisconfig_moa_id_auth_param_services_moasp" id="uebersicht_bekanntmachung6"></a>2.2.2.2.1 MOA-SP</h6> -<p>Wird MOA-SP über ein Web-Service, welches Client Authentifizierung voraussetzt, angesprochen müssen in diesem Abschnitt die erforderlichen Schlüssel hinterlegt werden.</p> -<table class="configtable"> - <tr> - <th>Name</th> - <th>Beispielwert</th> - <th>Beschreibung</th> - </tr> - <tr> - <td>service.moasp.clientKeyStore</td> - <td>keys/moa_sp.p12</td> - <td>Dateiname des PKCS#12 Keystores, relativ zur MOA-ID Konfigurationsdatei. Diesem Keystore wird der private Schlüssel für die TLS-Client-Authentisierung entnommen.</td> - </tr> - <tr> - <td>service.moasp.clientKeyStorePassword</td> - <td>pass1234</td> - <td>Passwort zum Keystore</td> - </tr> - <tr> - <td>service.moasp.acceptedServerCertificates</td> - <td>certs/moa-sp-server/</td> - <td>Hier kann ein Verzeichnisname (relativ zur MOA-ID Konfigurationsdatei) angegeben werden, in dem die akzeptierten Zertifikate der TLS-Verbindung hinterlegt sind. In diesem Verzeichnis werden nur Serverzertifikate abgelegt. Fehlt dieser Parameter wird lediglich überprüft ob ein Zertifikatspfad zu den im Element <TrustedCACertificates> (siehe <a href="#konfigurationsparameter_allgemein_certvalidation">Kapitel 3.1.4</a>) angegebenen Zertifikaten erstellt werden kann.</td> - </tr> -</table> -<p> </p> +<p>Für den Aufbau von Verbindungen zu anderen Komponenten werden in manchen Fällen spezielle Client-Zertifikate oder Sicherheitseinstellungen benötigt. In diesem Abschnitt erfolgt die Konfiguration der für den Verbindungsaufbau benötigten Parameter. Die Konfiguration der URL zum jeweiligen Service wird jedoch über die Web-Oberfläche des Modules MOA-ID-Configuration vorgenommen (siehe <a href="#konfigurationsparameter_allgemein_services">Kapitel 3.1.7</a>)</p> <h6><a name="basisconfig_moa_id_auth_param_services_mandates" id="uebersicht_bekanntmachung7"></a>2.2.2.2.2 Online-Vollmachen</h6> <p>MOA-ID-Auth bietet die Möglichkeit der Nutzung von Online-Vollmachten für Anwendungen aus dem öffentlichen Bereich. Hierfür ist ein Online-Vollmachten-Service nötig, wobei die Zugangsdaten zum Online-Vollmachten-Service konfiguriert werden müssen. Der Zugang zum Online-Vollmachten-Service ein Client-Zertifikat für die SSL-Verbindung zum Service. Voraussetzung dafür ist ein Zertifikat von A-Trust bzw. A-CERT mit Verwaltungseigenschaft oder Dienstleistereigenschaft. Wenn ihr MOA-ID-Auth Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. </p> <table class="configtable"> @@ -511,8 +487,8 @@ https://<host>:<port>/moa-id-auth/MonitoringServlet</pre> </tr> </table> <p> </p> -<h6><a name="basisconfig_moa_id_auth_param_services_foreign" id="uebersicht_bekanntmachung8"></a>2.2.2.2.3 Foreign Identities</h6> -<p>MOA-ID-Auth bietet die Möglichkeit der Nutzung von ausländischen Karten oder die Anmeldung ausländischer Personen mittels STORK. Hierfür ist eine Verbindung zum Stammzahlenregister-Gateway nötig, das einen entsprechenden Zugang zum Stammzahlenregister bereitstellt. Für diesen Zugriff muss das Client-Zertifikat für die SSL-Verbindung zum Gateway angegeben werden. Voraussetzung dafür ist ein Zertifikat von A-Trust bzw. A-CERT mit Verwaltungseigenschaft oder Dienstleistereigenschaft. Wenn ihr MOA-ID-Auth Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben.</p> +<h6><a name="basisconfig_moa_id_auth_param_services_foreign" id="uebersicht_bekanntmachung8"></a>2.2.2.2.3 Zentraler eIDAS Knoten</h6> +<p>MOA-ID-Auth bietet die Möglichkeit die Anmeldung ausländischer Personen mittels eIDAS. Hierfür ist eine Verbindung zum österreichischen zentralen eIDAS Knoten notwendig. Für diesen Zugriff muss der Zugriff auf den zentralen eIDAS Knoten wie unten angegeben konfiguriert werden. Der Zugriff auf den zentralen eIDAS Knoten erfolgt via PVP2 S-Profil wobei das Signaturzertifikat für die PVP2 Metadaten beim Betreiber des zentralen eIDAS Knoten registriert werden muss.</p> <table class="configtable"> <tr> <th>Name</th> @@ -520,19 +496,55 @@ https://<host>:<port>/moa-id-auth/MonitoringServlet</pre> <th>Beschreibung</th> </tr> <tr> - <td>service.foreignidentities.clientKeyStore</td> + <td>modules.eidascentralauth.keystore.path</td> <td>keys/szrgw.p12</td> - <td>Dateiname des PKCS#12 Keystores, relativ zur MOA-ID Konfigurationsdatei. Diesem Keystore wird der private Schlüssel für die TLS-Client-Authentisierung entnommen.</td> + <td>Dateiname des Java Keystore oder PKCS12 Keystore zur Signierung von PVP 2.1 spezifischen Inhalten. (PVP 2.1 Metadaten, PVP 2.1 Assertion)</td> </tr> <tr> - <td>service.foreignidentities.clientKeyStorePassword</td> + <td>modules.eidascentralauth.keystore.password</td> <td>pass1234</td> <td>Passwort zum Keystore</td> </tr> <tr> - <td>service.foreignidentities.acceptedServerCertificates</td> - <td>certs/szrgw-server/</td> - <td>Hier kann ein Verzeichnisname (relativ zur MOA-ID Konfigurationsdatei) angegeben werden, in dem die akzeptierten Zertifikate der TLS-Verbindung hinterlegt sind. In diesem Verzeichnis werden nur Serverzertifikate abgelegt. Fehlt dieser Parameter wird lediglich überprüft ob ein Zertifikatspfad zu den im Element <TrustedCACertificates> (siehe <a href="#konfigurationsparameter_allgemein_certvalidation">Kapitel 3.1.4</a>) angegebenen Zertifikaten erstellt werden kann.</td> + <td>modules.eidascentralauth.metadata.sign.alias</td> + <td> </td> + <td>Name des Schlüssels der zur Signierung der PVP 2.1 Metadaten des eIDAS Authentifizierungsmoduls</td> + </tr> + <tr> + <td>modules.eidascentralauth.metadata.sign.password</td> + <td> </td> + <td>Passwort des Schlüssels der zur Signierung der PVP 2.1 Metadaten des eIDAS Authentifizierungsmoduls</td> + </tr> + <tr> + <td>modules.eidascentralauth.request.sign.alias</td> + <td> </td> + <td>Name des Schlüssels mit dem der PVP 2.1 Authn. Request durch MOA-ID-Auth unterschieben wird</td> + </tr> + <tr> + <td>modules.eidascentralauth.request.sign.password</td> + <td> </td> + <td>Passwort des Schlüssels mit dem der PVP 2.1 Authn. Request durch MOA-ID-Auth unterschieben wird</td> + </tr> + <tr> + <td>modules.eidascentralauth.response.encryption.alias</td> + <td> </td> + <td>Name des Schlüssels mit dem die PVP 2.1 Assertion für MOA-ID-Auth verschlüsselt werden soll</td> + </tr> + <tr> + <td>modules.eidascentralauth.response.encryption.password</td> + <td> </td> + <td>Passwort des Schlüssels mit dem PVP 2.1 Assertion für MOA-ID-Auth verschlüsselt werden soll</td> + </tr> + <tr> + <td>modules.eidascentralauth.node.trustprofileID</td> + <td> </td> + <td>MOA-SP TrustProfil welches die vertrauenswürdigen Zertifikate zur Validierung der Metadaten des zentralen eIDAS Knoten beinhaltet</td> + </tr> + <tr> + <td>modules.eidascentralauth.required.additional.attributes.x</td> + <td> </td> + <td><p><strong>Optional:</strong> zusätzliche Attribute welche vom zentralen eIDAS Knoten angefordert werden</p> + <p>Attribute werden entspechend PVP2 Attribute-Profil angegeben. Beispiele für die Konfiguration finden Sie in der Beispielkonfiguration</p></td> </tr> </table> <p> </p> @@ -623,6 +635,21 @@ https://<host>:<port>/moa-id-auth/MonitoringServlet</pre> <p> </p> <h5><a name="basisconfig_moa_id_auth_param_database" id="uebersicht_bekanntmachung3"></a>2.2.2.4 Datenbank </h5> <p>Das Modul MOA-ID-Auth benötigt für den Betrieb zwei (optional drei) separate Datenbank Schema, welche in der Basiskonfiguration konfiguriert werden. Für Beispielkonfiguration wurde mySQL als Datenbank verwendet wodurch sich die Konfigurationsparameter auf mySQL beziehen. Das Modul MOA-ID-Auth kann jedoch auch mit Datenbanken anderer Hersteller oder einer InMemory Datenbank betrieben werden. Hierfür wird jedoch auf die <a href="http://docs.jboss.org/hibernate/core/4.2/manual/en-US/html/">Hibernate Dokumention</a> verwiesen. </p> +<table class="configtable"> + <tr> + <th width="21%">Name</th> + <th width="11%">Beispielwert</th> + <th width="68%">Beschreibung</th> + </tr> + <tr> + <td>configuration.database.byteBasedValues</td> + <td><p>true / false</p></td> + <td><p>Definiert ob Konfigurationswerte als Text oder als Bytes in der Datenbank abgelegt werden. <br> + <strong>Hinweis:</strong> Testbasierte Speicherung kann bei manchen Datenbanksystemen zur problemen führen (z.B. postgreSQL)</p> + <p><strong>Defaultwert:</strong> false</p></td> + </tr> +</table> +<p> </p> <h6><a name="basisconfig_moa_id_auth_param_database_conf" id="uebersicht_bekanntmachung12"></a>2.2.2.4.1 Konfiguration</h6> <p>Alle Parameter aus der Basiskonfiguration welche als Prefix <em>configuration.hibernate</em>. im Parameternamen aufweisen konfigurieren den Zugriff auf das Datenbank Schema welches die Konfiguration von MOA-ID-Auth beinhaltet. Eine Konfiguration dieser Parameter ist nicht optional.</p> <table class="configtable"> @@ -794,7 +821,97 @@ https://<host>:<port>/moa-id-auth/MonitoringServlet</pre> <p><strong>Defaultwert:</strong> true</p></td> </tr> </table> - <h5><a name="basisconfig_moa_id_auth_szrclient" id="uebersicht_bekanntmachung16"></a>2.2.2.6 SZR Client für STORK <-> PVP Gateway Betrieb</h5> + <h5><a name="basisconfig_moa_id_auth_sl20" id="uebersicht_bekanntmachung17"></a>2.2.2.6 Security Layer für mobile Authententifizierung</h5> +<p>Diese Parameter dienen zur Konfiguration der neuen Authentifizierungsschnittstelle via Security-Layer 2.0</p> + <table class="configtable"> + <tr> + <th width="23%">Name</th> + <th width="15%">Beispielwert</th> + <th width="62%">Beschreibung</th> + </tr> + <tr> + <td>modules.sl20.vda.urls.qualeID.endpoint.default</td> + <td>https://www.handy-signatur.at/securitylayer2</td> + <td>Defaultendpunkt für die Anbindung an einen VDA mittels Security-Layer 2.0</td> + </tr> + <tr> + <td>modules.sl20.vda.urls.qualeID.endpoint.x</td> + <td> </td> + <td>Über diese Parameter können weitere Endpunkte konfiguriert werden, wobei das 'x' im Namen durch einen Identifier ersetzt werden muss (z.B.: modules.sl20.vda.urls.qualeID.endpoint.1=https://test1.a-trust.at/securitylayer2) Die Auwahl des Endpunkts erfolgt via http Header im Request an MOA-ID, wobei der Headername '<em>X-MOA-VDA</em>' lautet und der Headerwert dem Identifier (z.B. '<em>1</em>') entsprechen muss. <br> + <strong>Hinweis:</strong> Hiebei handelt es sich primär um eine Funktion zu Testzwecken im aktuellen Beta-Status</td> + </tr> + <tr> + <td>modules.sl20.security.keystore.path</td> + <td>keys/sl20.jks</td> + <td>Dateiname des Java Keystore welcher die Schlüssel zum Signieren und Verschlüsseln von Security-Layer 2.0 Nachrichten beinhaltet. Des weiteren dient dieser KeyStore als TrustStore zur Validierung von signierten Security-Layer 2.0 Nachrichten. Somit müssen Signaturzertifikate von SL2.0 Teilnehmern in diesem TrustStore hinterlegt sein.</td> + </tr> + <tr> + <td>modules.sl20.security.keystore.password</td> + <td>password</td> + <td>Passwort zum Keystore</td> + </tr> + <tr> + <td>modules.sl20.security.sign.alias</td> + <td>signing</td> + <td>Name des Schlüssels der zur Signierung von SL2.0 Nachrichten</td> + </tr> + <tr> + <td>modules.sl20.security.sign.password</td> + <td> </td> + <td>Passwort des Schlüssels zur Signierung von SL2.0 Nachrichten</td> + </tr> + <tr> + <td>modules.sl20.security.encryption.alias</td> + <td>encryption</td> + <td>Name des Schlüssels zur Verschlüsselung von SL2.0 Nachrichten</td> + </tr> + <tr> + <td>modules.sl20.security.encryption.password</td> + <td> </td> + <td>Passwort des Schlüssels zur Verschlüsselung von SL2.0 Nachrichten</td> + </tr> + <tr> + <td>modules.sl20.vda.authblock.id</td> + <td>default</td> + <td><p>Identifier für den AuthBlock, welcher der Benutzer im Authentifizierungsprozess unterschreiben muss</p> + <p><strong>Default:</strong> default</p></td> + </tr> + <tr> + <td>modules.sl20.vda.authblock.transformation.id</td> + <td>SL20Authblock_v1.0,<br> + SL20Authblock_v1.0_SIC</td> + <td><p>Identifier der erlaubten AuthBlock-Transformationen als CSV für die visuelle Darstellung des AuthBlocks</p> + <p><strong>Default:</strong> SL20Authblock_v1.0,SL20Authblock_v1.0_SIC</p></td> + </tr> + <tr> + <td>modules.sl20.security.eID.validation.disable</td> + <td>true / false</td> + <td><p>Deaktivierung der eID Daten validierung.</p> + <p><strong>Default:</strong> false</p></td> + </tr> + <tr> + <td>modules.sl20.security.eID.signed.result.required</td> + <td>true / false</td> + <td><p>Aktivierung von verpflichtend signierten Kommandos</p> + <p><strong>Default:</strong> true</p></td> + </tr> + <tr> + <td>modules.sl20.security.eID.encryption.enabled</td> + <td>true / false</td> + <td><p>Aktivierung von Verschlüsselung, wodurch signierte Kommandos Schlüsselmaterial zur Verschlüsselung beinhalten.</p> + <p><strong>Default:</strong>true</p></td> + </tr> + <tr> + <td>modules.sl20.security.eID.encryption.required</td> + <td>true / false</td> + <td><p>Aktivierung von verpflichtender Verschlüsselung. eID Daten müssen durch den VDA verschlüsselt übertragen werden.</p> + <p><strong>Default:</strong>true</p></td> + </tr> + </table> + <p> </p> + <p> </p> + <p> </p> + <h5><a name="basisconfig_moa_id_auth_szrclient" id="uebersicht_bekanntmachung16"></a>2.2.2.7 SZR Client für STORK <-> PVP Gateway Betrieb</h5> <p>Die Konfiguration des Stammzahlenregister (SZR) Clients ist nur erforderlich wenn das Modul MOA-ID-Auth als STORK <-> PVP Gateway betrieben wird. Da in diesem Fall die Benutzerin oder der Benutzer über ein PVP Stammportal authentifiziert wird ist eine direkte Generierung der STORK eID während des Anmeldevorgangs nicht möglich. Somit erfolgt für diese Personen einen Stammzahlenregisterabfrage zur Bestimmung der STORK eID.</p> <p>Für den in MOA-ID-Auth verwendeten SZR Client sind folgende Konfigurationsparameter erforderlich.</p> <table class="configtable"> @@ -918,39 +1035,47 @@ https://<host>:<port>/moa-id-auth/MonitoringServlet</pre> </table> <p> </p> <p><strong>Hinweis:</strong> Detaillierte Informationen zu den einzelnen PVP spezifischen Konfigurationsparametern finden Sie in der entsprechenden PVP Spezifikation.</p> - <h5><a name="basisconfig_moaid_stork2" id="uebersicht_bekanntmachung17"></a>2.2.2.6 STORK 2</h5> - <p>Dieses Abschnitt beschreibt Konfigurationswerte welche nur für den <strong>Testbetrieb von STORK 2</strong> erforderlich sind.</p> + <h5><a name="basisconfig_moa_id_auth_others" id="uebersicht_bekanntmachung18"></a>2.2.2.8 Weitere optionale Konfigurationsparameter</h5> + <p>Hierbei handelt es sich um weitere optionale Parameter.</p> <table class="configtable"> <tr> - <th>Name</th> - <th>Beispielwert</th> - <th>Beschreibung</th> + <th width="26%">Name</th> + <th width="18%">Beispielwert</th> + <th width="56%">Beschreibung</th> </tr> <tr> - <td>stork.fakeIdL.active</td> - <td>true / false</td> - <td><p>Im Produktivbetrieb ist eine Anmeldung nur für jene Länder mittels STORK 2 möglich welche in der <em>Gleichwertigkeitsverordnung</em> aufgelistet sind. Um einen Testbetrieb mit weiteren Ländern zu ermöglichen bietet das Modul MOA-ID-Auth die Möglichkeit zur Ausstellung eines Fake-Identititlink, welcher im Testbetrieb für die Anmeldung an einer österreichischen Test Online Applikation verwendet werden kann.</p> - <p><strong>Hinweis:</strong> Diese Funktion ist standardmäßig <strong>deaktiviert</strong>. Eine Aktivierung ist nur im Testbetrieb für STORK 2 empfohlen.</p></td> + <td>configuration.restrictions.sp.entityIds</td> + <td><p>https://demo.egiz.gv.at/demologin/</p></td> + <td><p>Liste von eindeutigen Online-Applikationsidentifikatioren als Comma Separatet Values (CSV) für welche die Einschränkung auf bestimmte Benutzer aktiviert werden soll. Für alle OAs in dieser Liste ist eine Anmeldung nur dann möglich wenn die bPK des Benutzers in der Whitelist eingetragen ist.</p> + <p> </p></td> </tr> <tr> - <td>stork.fakeIdL.countries</td> - <td>DE,CH</td> - <td>Kürzel jener Länder für welche ein Fake-Identitilink ausgestellt werden soll.</td> + <td>configuration.restrictions.sp.users.url</td> + <td>whitelist/users.csv</td> + <td><p>Whitelist von bPKs als Comma Separatet Values (CSV) für welche eine Anmeldung erlaubt ist.</p> + <p>z.B.: ZP:xm1zT43arrfTRLnDsxYoFk3XwDU=,ZP:gr99V4hH5KLlarBCcCAbKJNMF18=</p></td> </tr> <tr> - <td>stork.fakeIdL.keygroup</td> - <td>IDL_signing</td> - <td>MOA-SS Schlüsselgruppe, welche für die Signatur des Fake-Identitilinks verwendet werden soll.</td> + <td>configuration.restrictions.sp.users.sector</td> + <td>urn:publicid:gv.at:cdid+ZP</td> + <td>bPK Berecih welcher in der Whitelist verwendet wird</td> </tr> <tr> - <td>stork.documentservice.url</td> - <td>http://testvidp.buergerkarte.at/<br> - DocumentService/DocumentService?wsdl</td> - <td>URL zum STORK 2 Dokumentenservice</td> + <td>configuration.foreignsectors.pubkey.xxxxTargetxxx</td> + <td>configuration.foreignsectors.pubkey.wbpk+FN+468924i=<br> + MIIDCzCCAfMCBFr9aB4wDQYJKoZI....</td> + <td><p>MOA-ID bietet die Möglichkeit verschlüsselte bPKs entsprechend der Berechnungsvorschrift für Fremd-bPKs zu generieren. Die hierfür benötigen öffentlichen Schlüssel müssen als Base64 kodierte X509 Zertifikate je bPK / wbPK Bereich hinterlegt werden.<br> + Der bPK / wbPK Bereich muss als Teil des Konfigurationsschlüssels (z.B. wbpk+FN+468924i, BMI+T1, ...) angegeben werden.</p> + <ul> + <li>Für öffentliche Bereiche: VKZ+Target (VKZ ... Verfahrenskennzeichen)</li> + <li>Für private Bereiche: wbpk+Stammzahl der juristischen Person (z.B. FN+468924i)</li> + </ul> + <p> <br> + </p></td> </tr> </table> <p> </p> -<h3><a name="uebersicht_logging" id="uebersicht_logging"></a>2.3 Konfiguration des Loggings</h3> + <h3><a name="uebersicht_logging" id="uebersicht_logging"></a>2.3 Konfiguration des Loggings</h3> <p>Die Module MOA-ID-Auth und MOA-ID-Configuration verwendet als Framework für Logging-Information die Open Source Software <code>log4j</code>. Die Konfiguration der Logging-Information erfolgt nicht direkt durch die einzelnen Module, sondern über eine eigene Konfigurationsdatei, die der <span class="term">Java Virtual Machine</span> durch eine <span class="term">System Property </span> mitgeteilt wird. Der Name der <span class="term">System Property </span> lautet <code>log4j.configuration</code>; als Wert der <span class="term">System Property </span> ist eine URL anzugeben, die auf die <code>log4j</code>-Konfigurationsdatei verweist, z.B. </p> <pre>log4j.configuration=file:/C:/Programme/apache/tomcat-8.x.x/conf/moa-id/log4j.properties</pre> <p>Zustätzlich wird für einige Basiskomponenten, welche über Drittherstellerbibliotheken inkludiert sind, LogBack als Logging Framework verwendet. Die LogBack Konfiguration wird ebenfalls über den System Property angegeben</p> @@ -960,99 +1085,8 @@ https://<host>:<port>/moa-id-auth/MonitoringServlet</pre> <p>Weitere Informationen zur Konfiguration des Loggings erhalten Sie in <a href="../install/install.html#webservice_basisinstallation_logging">Abschnitt 2.1.3</a> des Installationshandbuchs. </p> <p></p> -<h3><a name="uebersicht_samlengine" id="uebersicht_samlengine"></a>2.4 Konfiguration des SamlEngines</h3> -<p>Für die Untestützung des STORK2 Protokols verwendet MOA-ID eine zusätzliche Bibliothek, die über gesonderte Dateien konfiguriert wird. Diese Dateien sind unter einem Verzeichnis gespeichert, das sich üblicherweise im MOA-ID-Auth Konfigurationsverzeichnis befindet. Der Name der <span class="term">System Property </span> lautet <code>eu.stork.samlengine.config.location</code>; als Wert der <span class="term">System Property </span> ist das Verzeichnis anzugeben, wo die entsprechende SamlEngine Konfigurationsdateien gespeichert werden, z.B. </p> -<pre>eu.stork.samlengine.config.location=file:/C:/Programme/apache/tomcat-8.x.x/conf/moa-id/conf/moa-id/stork</pre> -<p>Dieses Verzeichnis muss mindestens folgende Dateien enthalten:</p> -<table class="configtable"> - <tr> - <th>Datei</th> - <th>Beschreibung</th> - </tr> - <tr> - <td>SamlEngine.xml</td> - <td>Die Hauptdatei, in welcher die Konfigurationen von verschiedenen Instanzen des SamlEngines angegeben werden.</td> - </tr> - <tr> - <td>StorkSamlEngine_<span class="term">XXX</span>.xml</td> - <td>Enthält allgemeine Konfigurationsparametern einer spezifischen Instanz des SamlEngines.</td> - </tr> <tr> - <td>SignModule_<span class="term">XXX</span>.xml</td> - <td>Enthält Konfigurationsparametern für Trust- und Keystore einer spezifischen Instanz des SamlEngines.</td> - </tr> -</table> -<p></p> -<p>In der Hauptkonfigurations-Datei (<span class="term">SamlEngine.xml</span>) verweist auf alle Konfigurationsdateien für sie SamlEngine, welche für unterschiedliche Anwendungsszenarien verwendet werden können. Die Beispielkonfiguration dieser Datei sieht wie folgendes: -</p> -<pre> -<?xml version="1.0" encoding="UTF-8"?> -<instances> - <!-- Configuration name--> - <instance name="<span class="strongerterm">VIDP</span>"> - <!-- Configurations parameters StorkSamlEngine --> - <configuration name="SamlEngineConf"> - <parameter name="fileConfiguration" value="StorkSamlEngine_<span class="strongerterm">VIDP</span>.xml" /> - </configuration> - - <!-- Settings module signature--> - <configuration name="SignatureConf"> - <!-- Specific signature module --> - <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" /> - <!-- Settings specific module --> - <parameter name="fileConfiguration" value="SignModule_<span class="strongerterm">VIDP</span>.xml" /> - </configuration> - </instance> -</instances> -</pre> -<p>In diesem Beispiel ist nur eine Instanz <em>VIDP</em> definiert deren spezifischen Parametern in zwei Konfigurationsdateien aufgeteilt werden.</p> -<p>Die Datei <span class="strongerterm">StorkSamlEngine_VIDP.xml</span> enthält STORK-spezifische Parameter, die im Normalbetrieb nicht geändert werden müssen. Die zweite Datei, <span class="strongerterm">SignModule_VIDP.xml</span>, definiert den von der SamlEngine verwendeten Trust- und Keystore. Die Beispielkonfiguration dieser Datei sieht wie folgendes:</p> -<pre> -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> - -<properties> - <comment>SWModule sign with JKS.</comment> - <entry key="keystorePath">C:/Programme/apache/tomcat-4.1.30/conf/moa-id/keys/storkDemoKeys.jks</entry> - <entry key="keyStorePassword">local-demo</entry> - <entry key="keyPassword"><span class="strongerterm">XXX</span></entry> - <entry key="issuer">C=AT, L=Graz, OU=Institute for Applied Information Processing and Communications</entry> - <entry key="serialNumber">123AA2CDB1123</entry> - <entry key="keystoreType">JKS</entry> -</properties> -</pre> -<p>Diese Parameter müssen bei der Installation angepasst werden, um die Zugriff an Keystore und die Schlüssel zu ermöglichen. Die einzelne Parameter werden in folgender Tabelle erläutert:</p> -<table class="configtable"> - <tr> - <th>Name</th> - <th>Beschreibung</th> - </tr> - <tr> - <td>keystorePath</td> - <td>Keystore mit Schlüssel und Zertifikaten welche für das Signieren und Verschlüsseln von STORK Nachrichten verwendet werden sollen. </td> - </tr> - <tr> - <td>keyStorePassword</td> - <td>Passwort des Keystores. Keystore soll den Schlüssel für das Signieren von Nachrichten enthalten, ebenso wie die vertrauenswürdige Zertifikate von anderen Parteien, wie z.B. ausländische PEPSes. </td> - </tr> - <tr> - <td>keyPassword</td> - <td>Password des Schlüssels, der für das Signieren der STORK Nachrichten verwendet werden soll.</td> - </tr> - <tr> - <td>issuer</td> - <td>Issuer des Keypairs, der für das Signieren der STORK Nachrichten verwendet werden soll.</td> - </tr> - <tr> - <td>serialNumber</td> - <td>Nummer des Keypairs, der für das Signieren der STORK Nachrichten verwendet werden soll.</td> - </tr> - <tr> - <td>keystoreType</td> - <td>Typ und Format des Keystores. <span class="term">JKS</span> steht für <span class="term">Java Key Store</span>.</td> - </tr> -</table> -<h2><a name="konfigurationsparameter"></a>3 Konfiguration MOA-ID-Auth</h2> - <p>Dieser Abschnitt beschreibt die Konfiguration des Modules MOA-ID-Auth mithilfe der durch das Modul MOA-ID-Configuration zur Verfügung gestellten Web-Oberfläche. Hierzu muss das Konfigurationstool (Module MOA-ID-Konfiguration) bereits installiert und konfiguriert sein (siehe <a href="#uebersicht_zentraledatei_aktualisierung">Kapitel 2.1</a>). Nach erfolgreichem Login am Konfigurationstool kann das Modul MOA-ID-Auth über die Web-Oberfläche konfiguriert werden.</p> +<h3><a name="uebersicht_samlengine" id="uebersicht_samlengine"></a>3 Konfiguration MOA-ID-Auth</h3> +<p>Dieser Abschnitt beschreibt die Konfiguration des Modules MOA-ID-Auth mithilfe der durch das Modul MOA-ID-Configuration zur Verfügung gestellten Web-Oberfläche. Hierzu muss das Konfigurationstool (Module MOA-ID-Konfiguration) bereits installiert und konfiguriert sein (siehe <a href="#uebersicht_zentraledatei_aktualisierung">Kapitel 2.1</a>). Nach erfolgreichem Login am Konfigurationstool kann das Modul MOA-ID-Auth über die Web-Oberfläche konfiguriert werden.</p> <p>Die Konfiguration von MOA-ID-Auth ist in zwei Teilbereiche unterteilet. Diese behandeln die Allgemeine Konfiguration der MOA-ID-Auth Instanz und die Konfiguration von Online-Applikationen (Service Providern) welche dieser MOA-ID-Auth Instanz zugeordnet sind.</p> <h3><a name="konfigurationsparameter_allgemein" id="konfigurationsparameter_allgemein"></a>3.1 Allgemeine Konfiguration</h3> @@ -1219,9 +1253,9 @@ https://<host>:<port>/moa-id-auth/MonitoringServlet</pre> <p>Hiermit werden die URLs zum Online-Vollmachten Service und zum SZR-Gateway konfiguriert. Die Konfiguration der für den Zugriff benötigen Client-Zertifikate wurden bereits im Abschnitt <a href="#basisconfig_moa_id_auth_param_services">2.2.2.2</a> behandelt.</p> <table class="configtable"> <tr> - <th>Name</th> - <th>Beispielwert</th> - <th>Beschreibung</th> + <th width="10%">Name</th> + <th width="23%">Beispielwert</th> + <th width="67%">Beschreibung</th> </tr> <tr> <td><span id="wwlbl_loadGeneralConfig_moaconfig_mandateURL">Online-Vollmachten Service (CSV)</span></td> @@ -1236,16 +1270,15 @@ https://<host>:<port>/moa-id-auth/MonitoringServlet</pre> <p><strong>Hinweis:</strong> Erfolgt in der Online Applikation keine konkrete Auswahl wird Standardmäßig <strong>das erste eingetragen Service</strong> verwendet.</p></td> </tr> <tr> - <td>SZR-Gateway Service (CSV)</td> - <td>https://szrgw.egiz.gv.at:8443/szr-gateway_2.0/services/IdentityLinkCreation</td> - <td><p>URL(s) zum Stammzahlen-Register Gateway</p> - <p><strong>Hinweis:</strong> Der SZR-Gateway Service welcher in der MOA-ID 1.5.1 Konfiguration verwendet wurde ist nicht mehr kompatibel zu MOA-ID 2.0. Das aktualisierte Test SZR-Gateway Service für MOA-ID 2.x steht unter folgender URL zur Verfügung. <em>https://szrgw.egiz.gv.at:8443/szr-gateway_2.0/services/IdentityLinkCreation</em></p> + <td>Zentraler nationaler eIDAS Connector (CSV)</td> + <td>https://vidp.gv.at.at/ms_connector/pvp/metadata</td> + <td><p>URL(s) zum zentralen nationalen eIDAS Connector</p> <ul> - <li>Produktivsystem: <a href="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">https://szrgw.egiz.gv.at/services_2.0/IdentityLinkCreation</a></li> - <li>Testsystem: <a href="https://vollmachten.egiz.gv.at/mis-test/MandateIssueRequest">https://szrgw.egiz.gv.at:8443/services_2.0/IdentityLinkCreation</a></li> + <li>Produktivsystem: </li> + <li>Testsystem: <a href="https://vollmachten.egiz.gv.at/mis-test/MandateIssueRequest">https://vidp.gv.at.at/ms_connector/pvp/metadata</a></li> </ul> - <p><strong>Hinweis:</strong> Die URLs auf die unterschiedlichen Instanzen des SZR-Gateway Services können auch als Comma Separatet Value (CSV) eingetragen werden. Bei CSV werden die einzelnen URLs durch Beistrich (',') getrennt. Sind mehrere URLs hinterlegt kann das zu verwendeten Service je Online Applikation konfiguriert werden (siehe <a href="#konfigurationsparameter_oa_mandates">Kapitel 3.2.4</a>).<br> - (z.B.: <a href="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">https://szrgw.egiz.gv.at/services_2.0/IdentityLinkCreation</a>,<a href="https://vollmachten.egiz.gv.at/mis-test/MandateIssueRequest">https://szrgw.egiz.gv.at:8443/services_2.0/IdentityLinkCreation</a>)</p> + <p><strong>Hinweis:</strong> Die URLs auf die unterschiedlichen Instanzen des zentralen eIDAS Connectos können auch als Comma Separatet Value (CSV) eingetragen werden. Bei CSV werden die einzelnen URLs durch Beistrich (',') getrennt. Sind mehrere URLs hinterlegt kann das zu verwendeten Service je Online Applikation konfiguriert werden (siehe <a href="#konfigurationsparameter_oa_mandates">Kapitel 3.2.4</a>).<br> + (z.B.: <a href="https://vollmachten.egiz.gv.at/mis-test/MandateIssueRequest">https://vidp.gv.at.at/ms_connector/pvp/metadata</a><a href="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest"></a>,<a href="https://vollmachten.egiz.gv.at/mis-test/MandateIssueRequest">https://eid.gv.at/ms_connector/pvp/metadata</a>)</p> <p><strong>Hinweis:</strong> Erfolgt in der Online Applikation keine konkrete Auswahl wird Standardmäßig <strong>das erste eingetragen Service</strong> verwendet.</p></td> </tr> <tr> @@ -1315,166 +1348,6 @@ https://<host>:<port>/moa-id-auth/MonitoringServlet</pre> <p><em>Ich Max Mustermann, geboren am 01.01.1978 stimme am 05.02.2014 um 10:35 einer Anmeldung mittels Single Sign-On zu.</em></p></td> </tr> </table> -<h4><a name="konfigurationsparameter_allgemein_stork" id="konfigurationsparameter_allgemein_bku8"></a>3.1.8 Secure idenTity acrOss boRders linKed (STORK)</h4> -<p>Hierbei werden allgemeine Parameter für STORK Protokoll konfiguriert.</p> -<table class="configtable"> - <tr> - <th>Name</th> - <th>Beispielwerte</th> - <th>Beschreibung</th> - </tr> - <tr> - <td>Standard QAA-Level</td> - <td>4</td> - <td>QAA <span class="term">(Attribute Quality Authentication Assurance)</span> stellt Mindestanforderung von QAA fest. </td> - </tr> - <tr> - <td>Country Code</td> - <td>ES</td> - <td>Der zweistelligen Code vom unterstützten PEPS-Staat.</td> - </tr> - <tr> - <td>PEPS URL</td> - <td>https://prespanishpeps.redsara.es/PEPS/ColleagueRequest</td> - <td>Die Adresse von PEPS eines unterstützten PEPS-Staat.</td> - </tr> - <tr> - <td>Attributname</td> - <td>eIdentifier</td> - <td>Der Name des unterstützten Attributes. Die als <span class="term">zwingend</span> markierte Attribute müssen im Response von dem gegenstehendem PEPS enthalten sein. Jedes Attribut wird gesondert eingetragen. <br/>Die Liste von vorhandenen und unterstützen Attributes ist in Konfigurationsdatei von SamlEngine <span class="term">(StorkSamlEngine_XXX.xml)</span> vorhanden. </td> - </tr> -</table> -<p> </p> -<p>Folgende PEPS URLs stehen aktuell zur Verfügung:</p> -<table class="configtable"> - <tr> - <th>Ländercode</th> - <th>TestInstanz</th> - <th>URL</th> - </tr> - <tr> - <td>AT </td> - <td align="center">X</td> - <td><a href="https://testvidp.buergerkarte.at/moa-id-auth/stork2/SendPEPSAuthnRequest">https://testvidp.buergerkarte.at/moa-id-auth/stork2/SendPEPSAuthnRequest</a></td> - </tr> - <tr> - <td>EE </td> - <td align="center">X</td> - <td><a href="https://testpeps.sk.ee/PEPS/ColleagueRequest">https://testpeps.sk.ee/PEPS/ColleagueRequest</a></td> - </tr> - <tr> - <td>EE </td> - <td align="center"> </td> - <td><a href="https://peps.sk.ee/PEPS/ColleagueRequest">https://peps.sk.ee/PEPS/ColleagueRequest</a></td> - </tr> - <tr> - <td>ES </td> - <td align="center">X</td> - <td><a href="https://prespanishpeps.redsara.es/PEPS/ColleagueRequest">https://prespanishpeps.redsara.es/PEPS/ColleagueRequest</a></td> - </tr> - <tr> - <td>IS </td> - <td align="center">X</td> - <td><a href="https://storktest.advania.is/PEPS/ColleagueRequest">https://storktest.advania.is/PEPS/ColleagueRequest</a></td> - </tr> - <tr> - <td>IS </td> - <td align="center"> </td> - <td><a href="https://peps.island.is/PEPS/ColleagueRequest">https://peps.island.is/PEPS/ColleagueRequest</a></td> - </tr> - <tr> - <td>LT </td> - <td align="center">X</td> - <td><a href="https://testpeps.eid.lt/PEPS/ColleagueRequest">https://testpeps.eid.lt/PEPS/ColleagueRequest</a></td> - </tr> - <tr> - <td>PT</td> - <td align="center">X</td> - <td><a href="https://eu-id.teste.cartaodecidadao.gov.pt/PEPS/ColleagueRequest">https://eu-id.teste.cartaodecidadao.gov.pt/PEPS/ColleagueRequest</a></td> - </tr> - <tr> - <td>SI</td> - <td align="center">X</td> - <td><a href="https://peps-test.mju.gov.si/PEPS/ColleagueRequest">https://peps-test.mju.gov.si/PEPS/ColleagueRequest</a></td> - </tr> -</table> -<p> </p> -<p>Folgende Attribute müssen jedoch mindestens angefordert werden, wobei die erforderlichen Attribute je nach Anmeldeart unterschiedlich sind. Eine Liste mit weiteren möglichen Attribute finden Sie im Kapitel <a href="./../protocol/protocol.html#allgemeines_attribute">Protokolle</a> oder in der <a href="#referenzierte_spezifikation">STORK Spezifikation</a>.</p> -<table class="configtable"> - <tr> - <th>Name</th> - <th>natürliche Person</th> - <th>Anmeldung in Vertretung</th> - <th>Beschreibung</th> - </tr> - <tr> - <td>eIdentifier</td> - <td align="center">X</td> - <td align="center">X</td> - <td>Eindeutiger Identifier der Person für die die Anmeldung erfolgt.</td> - </tr> - <tr> - <td><p>givenName</p></td> - <td align="center">X</td> - <td align="center">X</td> - <td>Vorname der Person für die die Anmeldung erfolgt.</td> - </tr> - <tr> - <td><p>surname</p></td> - <td align="center"><br> - X</td> - <td align="center">X</td> - <td><p>Familienname der Person für die die Anmeldung erfolgt.</p></td> - </tr> - <tr> - <td>dateOfBirth</td> - <td align="center">X</td> - <td align="center">X</td> - <td>Geburtsdatum der Person für die die Anmeldung erfolgt.</td> - </tr> - <tr> - <td>gender</td> - <td align="center">X</td> - <td align="center">X</td> - <td>Geschlecht der Person für die die Anmeldung erfolgt.</td> - </tr> - <tr> - <td>signedDoc</td> - <td align="center">X</td> - <td align="center">X</td> - <td>Ein Dokument welches durch die Person, für die die Anmeldung erfolgt, signiert wurde.</td> - </tr> - <tr> - <td>fiscalNumber</td> - <td align="center">X</td> - <td align="center">X</td> - <td>Ein eindeutiger nationaler Identifier der Person.</td> - </tr> - <tr> - <td>canonicalResidenceAddress</td> - <td align="center"> </td> - <td align="center">X</td> - <td>Adresse der Person für welche die Anmeldung erfolgt</td> - </tr> - <tr> - <td>mandateContent</td> - <td align="center"> </td> - <td align="center">X</td> - <td>Elektronische Vollmacht, welche die Vertretungsverhältnisse widerspiegelt.</td> - </tr> - <tr> - <td>representative</td> - <td align="center"> </td> - <td align="center">X</td> - <td>Natürliche Person welche eine juristische oder natürliche Person im Rahmen einer Anmeldung mittels Vollmacht vertritt.</td> - </tr> - <tr> - <td>represented</td> - <td align="center"> </td> - <td align="center">X</td> - <td>Juristische oder natürliche Person welche im Rahmen einer Anmeldung mittels Vollmacht vertreten wird.</td> - </tr> -</table> <p></p> <h4><a name="konfigurationsparameter_allgemein_protocol" id="konfigurationsparameter_allgemein_bku9"></a>3.1.9 Protokolle</h4> <p>Hierbei handelt es ich um allgemeine Einstellungen zu den vom Modul MOA-ID-Auth unterstützen Authentifizierungsprotokollen.</p> @@ -1741,7 +1614,37 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der <td>Über diese Funktion können drei zusätzliche SecurtityLayer-Request Templates für diese Online-Applikation definiert werden. Diese hier definierten Templates dienen als zusätzliche WhiteList für Templates welche im „StartAuthentication“ Request mit dem Parameter „template“ übergeben werden. Sollte im „StartAuthentication“ Request der Parameter „template“ fehlen, es wurde jedoch eine „bkuURL“ übergeben, dann wird für den Authentifizierungsvorgang das erste Template in dieser Liste verwendet. Detailinformationen zum <a href="./../protocol/protocol.html#allgemeines_legacy">Legacy Request</a> finden Sie im Kapitel Protokolle.</td> </tr> </table> -<h4><a name="konfigurationsparameter_oa_testcredentials" id="uebersicht_zentraledatei_aktualisierung10"></a> 3.2.3 Test Identitäten</h4> +<h4><a name="konfigurationsparameter_oa_sl20" id="uebersicht_zentraledatei_aktualisierung31"></a> 3.2.3 Security Layer für mobile Authententifizierung</h4> +<p>Mit diesem Abschnitt kann der neue Security Layer für mobile Authentifzierung für diese Online Applikation aktiviert werden.<br> + Wird diese Schnittstelle aktiviert ist die Security-Layer 1.x Schnittstelle zur Bürgerkartenkommunikation deaktiviert und steht nicht mehr zur Verfügung.</p> +<table class="configtable"> + <tr> + <th width="13%">Name</th> + <th width="27%">Beispielwert</th> + <th width="5%">Admin</th> + <th width="6%">Optional</th> + <th width="49%">Beschreibung</th> + </tr> + <tr> + <td><p><span id="wwlbl_loadOA_authOA_sl20Active">SL2.0 aktiviere</span>n</p></td> + <td>true / false</td> + <td align="center">X</td> + <td align="center">X</td> + <td>Aktiviert den neuen Security Layer für mobile Authentifizierung für diese Online Applikation</td> + </tr> + <tr> + <td><p><span id="wwlbl_loadOA_authOA_sl20EndPoints">VDA Endpunkt URLs:</span></p></td> + <td><p>default=https://www.handy-signatur.at/securitylayer2,</p> + <p>1=https://test1.a-trust.at/securitylayer2,</p> +<p>2=https://hs-abnahme.a-trust.at/securitylayer2</p></td> + <td align="center">X</td> + <td align="center">X</td> + <td>Eine CSV Liste von VDA Endpunkten, welche für die Online Applikation verwendet werden können. Die Konfiguration erfolgt entsprechend den in <a href="#basisconfig_moa_id_auth_sl20">Kapitel 2.2.2.6</a> beschriebenen Regeln.<br> + Sind keine Parameter angegeben wird automatisch die Konfiguration aus <a href="#basisconfig_moa_id_auth_sl20">Kapitel 2.2.2.6</a> verwendet. </td> + </tr> +</table> +<p> </p> +<h4><a name="konfigurationsparameter_oa_testcredentials" id="uebersicht_zentraledatei_aktualisierung10"></a> 3.2.4 Test Identitäten</h4> <p>In diesem Abschnitt können für diese Online-Applikation Testidentitäten erlaubt werden. Diese Testidentitäten können auch bei produktiven Instanzen freigeschalten werden, da die Unterschiedung zwischen Produkt- und Testidentität anhand einer speziellen OID im Signaturzertifikat der Testidentität getroffen wird. Folgende Konfigurationsparameter stehen hierfür zur Verfügung.</p> <table class="configtable"> <tr> @@ -1783,7 +1686,7 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der </table> <p> </p> <p><strong>Hinweis:</strong> Diese Funktionalität steht jedoch nur Testidentitäten welchen bereits mit einer Test OID im Signaturzertifikat ausgestattet sind zur Verfügung.</p> -<h4><a name="konfigurationsparameter_oa_mandates" id="uebersicht_zentraledatei_aktualisierung21"></a>3.2.4 Vollmachten</h4> +<h4><a name="konfigurationsparameter_oa_mandates" id="uebersicht_zentraledatei_aktualisierung21"></a>3.2.5 Vollmachten</h4> <p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zur Anmeldung mittels Online-Vollmachen.</p> <table class="configtable"> <tr> @@ -1833,8 +1736,8 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der </table> <p> </p> <p><strong>Hinweis:</strong> Werden für die Online-Applikation eigene Templates für die Bürgerkartenauswahl oder die zusätzliche Anmeldeabfrage im SSO Fall (siehe <a href="#konfigurationsparameter_oa_bku">Abschnitt 3.2.2</a>) verwendet, stehen alle Konfigurationsparameter die Einfluss auf die BKU-Auswahl haben nicht zur Verfügung. Die Funktionalität der entsprechenden Parameter hat jedoch weiterhin Einfluss auf den Anmeldevorgang.</p> -<h4><a name="konfigurationsparameter_oa_szr-gw-service" id="uebersicht_zentraledatei_aktualisierung12"></a>3.2.5 SZR-Gateway Service</h4> -<p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zum Stammzahlenregistergateway der österreichischen Datenschutzbehörde.</p> +<h4><a name="konfigurationsparameter_oa_szr-gw-service" id="uebersicht_zentraledatei_aktualisierung12"></a>3.2.6 Zentraler nationaler eIDAS Connector</h4> +<p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zum Anknüpfung an den zentralen nationalen eIDAS Connector</p> <table class="configtable"> <tr> <th width="17%">Name</th> @@ -1844,16 +1747,16 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der <th width="64%">Beschreibung</th> </tr> <tr> - <td>SZR-Gateway Service URL</td> + <td> URL</td> <td> </td> <td align="center"> </td> <td align="center"> </td> - <td><p>Definiert das Stammzahlenregister-Gateway Service welches von dieser Online-Applikation verwendet werden soll. Hierfür stehen all jene Auswahlmöglichkeiten zur Verfügung welche in der Allgemeinen Konfiguration (siehe <a href="#konfigurationsparameter_allgemein_services">Kapitel 3.1.7</a>) festgelegt wurden. </p> + <td><p>Definiert dan zentralen nationalen eIDAS Connector welcher von dieser Online-Applikation verwendet werden soll. Hierfür stehen all jene Auswahlmöglichkeiten zur Verfügung welche in der Allgemeinen Konfiguration (siehe <a href="#konfigurationsparameter_allgemein_services">Kapitel 3.1.7</a>) festgelegt wurden. </p> <p><strong>Hinweis:</strong> Wird keine spezifische Auswahl getroffen wird automatisch <strong>das Erste in der allgemeinen Konfiguration eingetragene Service</strong> verwendet.</p></td> </tr> </table> <p> </p> -<h4><a name="konfigurationsparameter_oa_sso" id="uebersicht_zentraledatei_aktualisierung22"></a>3.2.6 Single Sign-On (SSO)</h4> +<h4><a name="konfigurationsparameter_oa_sso" id="uebersicht_zentraledatei_aktualisierung22"></a>3.2.7 Single Sign-On (SSO)</h4> <p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zu Single Sign-On</p> <table class="configtable"> <tr> @@ -1880,8 +1783,8 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der <p><strong>Hinweis:</strong> Diese Abfrage ist standardmäßig aktiviert und kann nur durch einen Benutzer mit der Role <em>admin</em> deaktiviert werden.</p></td> </tr> </table> -<h4><a name="konfigurationsparameter_oa_stork" id="uebersicht_zentraledatei_aktualisierung23"></a>3.2.7 Secure idenTity acrOss boRders linKed (STORK)</h4> -<p>Dieser Abschnitt behandelt Online-Applikationsspezifische Einstellungen zu STORK.</p> +<h4><a name="konfigurationsparameter_oa_stork" id="uebersicht_zentraledatei_aktualisierung23"></a>3.2.8 Authentifizierung mittels eIDAS</h4> +<p>Dieser Abschnitt behandelt Online-Applikationsspezifische Einstellungen zur Authentifizierung mittels eIDAS.</p> <table class="configtable"> <tr> <th>Name</th> @@ -1890,38 +1793,24 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der <th>Beschreibung</th> </tr> <tr> - <td>STORK verwenden</td> + <td>eIDAS verwenden</td> <td>ja</td> <td align="center">X</td> - <td>Definiert ob die Online-Applikation eine Anmeldung mittels STORK unterstützt. Wird STORK unterstützt wird in während der BKU-Auswahl die Option <em>Home Country Selection </em> für eine Anmeldung mittels STORK dargestellt.</td> + <td>Definiert ob die Online-Applikation eine Anmeldung mittels eIDAS unterstützt. Wird eIDAS unterstützt wird in während der BKU-Auswahl die Option <em>eIDAS LogIn </em> für eine Anmeldung mittels eIDAS dargestellt.</td> </tr> <tr> <td><p>QAA-Level</p></td> - <td>4</td> - <td align="center">X</td> - <td>Von der Online-Applikation geforderter mindest QAA-Level der Authentifizierung</td> - </tr> - <tr> - <td>aktivierte Zielländer</td> - <td> </td> + <td>high</td> <td align="center">X</td> - <td><p>Hier können jene STORK Länder konfiguriert werden für welche diese Online-Applikation eine Anmeldung mittels STORK unterstützt.</p> - <p><strong>Hinweis:</strong> Die zur Auswahl stehenden Länder werden aus den <a href="#konfigurationsparameter_allgemein_stork">PEPS Konfigurationen</a> generiert, welche im allgemeinen Konfigurationsbereich hinterlegt wurden.</p></td> - </tr> - <tr> - <td><p>angeforderte Attribute</p></td> - <td> </td> - <td align="center"> X</td> - <td align="center"><p>STORK Attribute welche die Online-Applikation anfordert</p> - <p>Bei den Attributen kann jedoch nur aus dem Set der in der allgemeinen Konfiguration hinterlegten STORK Attributen (siehe <a href="#konfigurationsparameter_allgemein_stork">Kapitel 3.1.8</a>) gewählt werden, wobei Attribute die in der allgemeinen Konfiguration als <span class="term">zwingend</span> markiert sind immer mitgeliefert werden.</p></td> + <td>Von der Online-Applikation geforderter mindest LoA-Level der Authentifizierung</td> </tr> </table> <p> </p> <p><strong>Hinweis:</strong> Werden für die Online-Applikation eigene Templates für die Bürgerkartenauswahl oder die zusätzliche Anmeldeabfrage im SSO Fall (siehe <a href="#konfigurationsparameter_oa_bku">Abschnitt 3.2.2</a>) verwendet, stehen alle Konfigurationsparameter die Einfluss auf die BKU-Auswahl haben nicht zur Verfügung.</p> -<h4><a name="konfigurationsparameter_oa_protocol" id="uebersicht_zentraledatei_aktualisierung24"></a>3.2.8 Authentifizierungsprotokolle</h4> +<h4><a name="konfigurationsparameter_oa_protocol" id="uebersicht_zentraledatei_aktualisierung24"></a>3.2.9 Authentifizierungsprotokolle</h4> <p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zu den von der Online-Applikation unterstützen Authentifizierungsprotokollen. Eine Verwendung aller zur Verfügung stehender Authentifizierungsprotokolle durch die Online-Applikation ist ebenfalls möglich. Hierfür müssen nur alle benötigten Protokolle konfiguriert werden. Nähere Informationen zu den unterstützten Protokollen finden sie im Kapitel <a href="./../protocol/protocol.html">Protokolle</a>.</p> <p>Aus Gründen der Übersichtlichkeit kann der Konfigurationsbereich für jeden Protokoll, in der Web-Oberfläche des Konfigurationstools, ein- oder ausgeblendet werden.</p> -<h5><a name="konfigurationsparameter_oa_protocol_saml1" id="uebersicht_zentraledatei_aktualisierung25"></a>3.2.8.1 SAML1</h5> +<h5><a name="konfigurationsparameter_oa_protocol_saml1" id="uebersicht_zentraledatei_aktualisierung25"></a>3.2.9.1 SAML1</h5> <p>Für das Protokoll SAML1 stehen folgende Konfigurationsparameter zur Verfügung.</p> <table class="configtable"> <tr> @@ -1976,7 +1865,7 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der </table> <p> </p> <p><strong>Hinweis: </strong>Das Modul MOA-ID-Auth in der Version 2.0 unterstützt SAML1 nur mehr zur Abwärtskompatibilität mit bereits bestehenden Online-Applikationen. Wir empfehlen den Umstieg auf ein anderes, von MOA-ID-Auth unterstütztes, Authentifizierungsprotokoll. Aus diesem Grund steht die Konfiguration des SAML1 Protokolls nur mehr einer Benutzerin oder einem Benutzer mit der Role <em>admin</em> zur Verfügung.</p> -<h5><a name="konfigurationsparameter_oa_protocol_pvp21" id="uebersicht_zentraledatei_aktualisierung26"></a>3.2.8.2 PVP 2.1</h5> +<h5><a name="konfigurationsparameter_oa_protocol_pvp21" id="uebersicht_zentraledatei_aktualisierung26"></a>3.2.9.2 PVP 2.1</h5> <p>In diesem Bereich erfolgt die applikationsspezifische Konfiguration für das Authentifizierungsprotokoll PVP 2.1.</p> <table class="configtable"> <tr> @@ -2017,7 +1906,7 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der <td>Pfad zum online-applikationsspezifischen Template für SAML2 (PVP2 S-Profil) http POST-Binding. Relative Pfadangaben werden dabei relativ zum Verzeichnis, in dem sich die MOA-ID-Auth Basiskonfigurationsdatei befindet, interpretiert. Das Template kann ausschließlich aus dem Dateisystem geladen werden.</td> </tr> </table> -<h5><a name="konfigurationsparameter_oa_protocol_openIDConnect" id="uebersicht_zentraledatei_aktualisierung27"></a>3.2.8.3 OpenID Connect</h5> +<h5><a name="konfigurationsparameter_oa_protocol_openIDConnect" id="uebersicht_zentraledatei_aktualisierung27"></a>3.2.9.3 OpenID Connect</h5> <p>In diesem Bereich erfolgt die applikationsspezifische Konfiguration für OpenID Connect (OAuth 2.0). </p> <table class="configtable"> <tr> @@ -2049,7 +1938,7 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der <td>OpenID Connect Redirect URL. Nach erfolgreicher Authentifizierung wird die Benutzerin oder der Benutzer an diese URL zurückgeleitet.</td> </tr> </table> -<h5><a name="konfigurationsparameter_oa_additional" id="uebersicht_zentraledatei_aktualisierung28"></a>3.2.9 Zusätzliche allgemeine Einstellungen</h5> +<h5><a name="konfigurationsparameter_oa_additional" id="uebersicht_zentraledatei_aktualisierung28"></a>3.2.10 Zusätzliche allgemeine Einstellungen</h5> <p>In Abschnitt ermöglicht eine erweiterte online-applikationsspezifische Individualisierung des AuthBlocks und der Bürgerkartenauswahl. Die Individualisierung des AuthBlocks steht jedoch dann zur Verfügung wenn die dem Module MOA-ID-Auth beigelegte Security-Layer Transformation verwendet wird oder wenn die individuelle Security-Layer Transformation den Formvorschriften der Spezifikation entspricht.</p> @@ -2107,7 +1996,7 @@ wenn die individuelle Security-Layer Transformation den Formvorschriften der Sp </table> <h5> </h5> <h5> </h5> -<h5><a name="konfigurationsparameter_oa_additional_formular" id="uebersicht_zentraledatei_aktualisierung29"></a>3.2.9.1 Login-Fenster Konfiguration</h5> +<h5><a name="konfigurationsparameter_oa_additional_formular" id="uebersicht_zentraledatei_aktualisierung29"></a>3.2.10.1 Login-Fenster Konfiguration</h5> <p>Diese Konfigurationsparameter bieten zusätzliche Einstellungen für eine Anpassung der Bürgerkartenauswahl welche von MOA-ID-Auth generiert wird. Zur besseren Handhabung werden die angegebenen Parameter direkt in einer Vorschau dargestellt. Alle in diesem Abschnitt angegebenen Parameter sind Optional und werden bei Bedarf durch Standardwerte ergänzt. @@ -2196,7 +2085,7 @@ Alle in diesem Abschnitt angegebenen Parameter sind Optional und werden bei Beda <p> </p> <p><strong>Hinweis:</strong> Bei Verwendung einer online-applikationsspezifischen Bürgerkartenauswahl stehen alle Parameter die die Bürgerkartenauswahl betreffen nicht zur Verfügung.</p> <p><strong>Hinweis:</strong> Bei Verwendung eines online-applikationsspezifischen Security-Layer-Request Templates stehen alle Parameter die das SL-Template betreffen nicht zur Verfügung.</p> -<h5><a name="service_revisionslogging" id="uebersicht_zentraledatei_aktualisierung11"></a>3.2.10 Revisionslogging</h5> +<h5><a name="service_revisionslogging" id="uebersicht_zentraledatei_aktualisierung11"></a>3.2.11 Revisionslogging</h5> <p>Ab MOA-ID 3.x steht ein erweitertes speziell für Revisionsaufgaben abgestimmtest Logging zur Verfügung. Über dieses Feld können die zu loggenden Events spezifisch nach Online Applikationen als CSV codierte Eventcodes konfiguriert werden. Hierfür muss die online-applikationsspezifische Konfiguration des Loggings mittels Checkbox aktiviert und zumindesdt ein Eventcode definiert werden. Werden keine Eventcodes konfiguriert oder wird das OA spezifische Verhalten nicht aktiviertwird eine in MOA-ID hinterlegte Defaultkonfiguration verwendet. Eine Liste aller möglichen Eventcodes finden Sie <a href="../additional/additional.html#revisionslog">hier</a>.</p> <h3><a name="import_export" id="uebersicht_zentraledatei_aktualisierung4"></a>3.3 Import / Export</h3> <p>Üer diese Funktionalität besteht die Möglichkeit eine bestehende MOA-ID 2.x.x @@ -2249,10 +2138,10 @@ Exportfunktion verwendet werden.</p> </ul> </td> </tr> <tr> - <td>MOASessionID</td> - <td>#SESSIONID#</td> + <td>pendingid</td> + <td>$pendingReqID</td> <td align="center"> </td> - <td>Internes Session-Token. Der Parameterwert wird durch MOA-ID-Auth automatisch in das Formular eingefügt. Hierfür MUSS jedoch der Parameterwert durch Platzhalter #SESSIONID# gekennzeichnet werden.</td> + <td>Internes Session-Token. Der Parameterwert wird durch MOA-ID-Auth automatisch in das Formular eingefügt. Hierfür MUSS jedoch der Parameterwert durch Platzhalter $pendingReqID gekennzeichnet werden.</td> </tr> <tr> <td>useMandate</td> @@ -2288,38 +2177,43 @@ Einige dieser Parameter werden jedoch nicht durch den Benutzer oder dem Service <th>Beschreibung</th> </tr> <tr> - <td>#AUTH_URL#</td> + <td>$contextPath</td> <td> </td> - <td>Dieser Platzhalter wird durch die URL, an welche die BKU Auswahl gesendet wird ersetzt. </td> + <td>Dieser Platzhalter wird durch die PublikURLPrefix der MOA-ID Instanz ersetzt</td> </tr> <tr> - <td>#SESSIONID#</td> + <td>$submitEndpoint</td> + <td> </td> + <td>Dieser Platzhalter wird durch den Endpunkt für die Annahme der BKU Auswahl ersetzt</td> + </tr> + <tr> + <td>$pendingReqID</td> <td> </td> <td>Dieser Platzhalter wird durch ein internes Session-Token ersetzt, welches als GET Parameter wieder an MOA-ID-Auth übergeben werden muss.</td> </tr> <tr> - <td>#LOCAL#</td> + <td>$bkuLocal</td> <td align="center">X</td> <td>Der Platzhalter wird durch den Parameterwert zur Auswahl der lokalen BKU ersetzt.</td> </tr> <tr> - <td>#ONLINE#</td> + <td>$bkuOnline</td> <td align="center">X</td> <td>Der Platzhalter wird durch den Parameterwert zur Auswahl der Online-BKU ersetzt.</td> </tr> <tr> - <td>#HANDY#</td> + <td>$bkuHandy</td> <td align="center">X</td> <td>Der Platzhalter wird durch den Parameterwert zur Auswahl der Handy-BKU ersetzt.</td> </tr> </table> <p><br> Die nachfolgende Form zeigt ein Beispiel für den Aufbau des im BKU-Auswahl Template zu verwendeten http GET Request Templates für die lokale BKU.</p> -<pre><form method="get" id="moaidform" action="#AUTH_URL#"><br> - <input type="hidden" name="bkuURI" value="#LOCAL#"> <br> +<pre><form method="get" id="moaidform" action="$contextPath$submitEndpoint"><br> + <input type="hidden" name="bkuURI" value="$bkuLocal"> <br> <input type="hidden" name="useMandate" id="useMandate"> <br> <input type="hidden" name="CCC" id="ccc"> <input type="hidden"<br> - <input type="hidden" name="MOASessionID" value="#SESSIONID#"><br> + <input type="hidden" name="pendingid" value="$pendingReqID"><br> <input type="submit" value=">lokale Bürgerkartenumgebung"><br> </form> </pre> @@ -2337,20 +2231,8 @@ Für die Übermittlung an das Modul MOA-ID-Auth ist ein http POST Reques <th>Beschreibung</th> </tr> <tr> - <td>mod</td> - <td>#MODUL#</td> - <td align="center"> </td> - <td><p>Internes Session-Token. Der Parameterwert wird durch MOA-ID-Auth automatisch in das Formular eingefügt. Hierfür MUSS jedoch der Parameterwert durch Platzhalter #MODUL# gekennzeichnet werden.</p></td> - </tr> - <tr> - <td>action</td> - <td>#ACTION#</td> - <td align="center"> </td> - <td>Internes Session-Token. Der Parameterwert wird durch MOA-ID-Auth automatisch in das Formular eingefügt. Hierfür MUSS jedoch der Parameterwert durch Platzhalter #ACTION# gekennzeichnet werden.</td> - </tr> - <tr> - <td>identifier</td> - <td>#ID#</td> + <td>pendingid</td> + <td>$pendingReqID</td> <td align="center"> </td> <td>Internes Session-Token. Der Parameterwert wird durch MOA-ID-Auth automatisch in das Formular eingefügt. Hierfür MUSS jedoch der Parameterwert durch Platzhalter #ID# gekennzeichnet werden.</td> </tr> @@ -2370,33 +2252,26 @@ Einige dieser Parameter werden jedoch nicht durch den Benutzer oder dem Service <th>Beschreibung</th> </tr> <tr> - <td>#URL#</td> + <td>$contextPath</td> <td> </td> - <td>Dieser Platzhalter wird durch die URL, an welche das Ergebnis der Single Sign-On Anmeldeabfrage gesendet wird ersetzt. </td> + <td>Dieser Platzhalter wird durch die PublikURLPrefix der MOA-ID Instanz ersetzt</td> </tr> <tr> - <td>#MODUL#</td> + <td>$submitEndpoint</td> <td> </td> - <td>Dieser Platzhalter wird durch das verwendete Authentifizierungsprotokoll ersetzt, welches als GET Parameter wieder an MOA-ID-Auth übergeben werden muss.</td> - </tr> - <tr> - <td>#ACTION#</td> - <td align="center"> </td> - <td>Dieser Platzhalter wird durch einen Subtyp des verwendeten Authentifizierungsprotokolls, welches als GET Parameter wieder an MOA-ID-Auth übergeben werden muss.</td> + <td>Dieser Platzhalter wird durch den Endpunkt für die Annahme der BKU Auswahl ersetzt</td> </tr> <tr> - <td>#ID#</td> - <td align="center"> </td> + <td>$pendingReqID</td> + <td> </td> <td>Dieser Platzhalter wird durch ein internes Session-Token ersetzt, welches als GET Parameter wieder an MOA-ID-Auth übergeben werden muss.</td> </tr> -</table> + </table> <p><br> Die nachfolgende Form zeigt ein Beispiel für den Aufbau des im BKU-Auswahl Template zu verwendeten http GET Request Templates für die lokale BKU.</p> -<pre><form method="post" id="moaidform_yes" action="#URL#"> +<pre><form method="post" id="moaidform_yes" action="$contextPath$submitEndpoint"> <input type="hidden" name="value" value="true"> - <input type="hidden" name="mod" value="#MODUL#"> - <input type="hidden" name="action" value="#ACTION#"> - <input type="hidden" name="identifier" value="#ID#"> + <input type="hidden" name="pendingid" value="$pendingReqID"> <input type="submit" size="400" value="Ja"> </form></pre> <p>Als Beispiel für ein Single Sign-On Anmeldeabfrage Template steht auch das bei MOA-ID-Auth hinterlegte Standardtemplate zur Verfügung. Dieses finden Sie <a href="../../htmlTemplates/sendAssertion.html">hier</a>.</p> diff --git a/id/server/doc/handbook/index.html b/id/server/doc/handbook/index.html index e72105816..73ece89e3 100644 --- a/id/server/doc/handbook/index.html +++ b/id/server/doc/handbook/index.html @@ -29,7 +29,7 @@ </div> <div class="container"> - <h2>Übersicht zur Dokumentation der Version 3.3.x </h2> + <h2>Übersicht zur Dokumentation der Version 3.4.x </h2> <dl> <dt><a href="./intro/intro.html">Einführung</a></dt> diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html index 7d3f8d627..5e38dddf5 100644 --- a/id/server/doc/handbook/protocol/protocol.html +++ b/id/server/doc/handbook/protocol/protocol.html @@ -621,6 +621,10 @@ Redirect Binding</td> <td>1110</td> <td>Ungültige Single Sign-On Session</td> </tr> + <tr> + <td>1111</td> + <td>Der Anmeldevorgang wurde automatisiert abgebrochten da dem Benutzer die nötigen Zugriffsrechte für diese Online Applikation fehlen.</td> + </tr> </table> <h5><a name="statuscodes_12xxx" id="allgemeines_zugangspunkte13"></a>1.3.1.3 STORK (12xxx)</h5> <table class="configtable"> @@ -1041,9 +1045,9 @@ https://<host>:<port>/moa-id-auth/LogOut <td><strong>Optional:</strong> Gibt an ob eine Anmeldung im Online-Vollmachten-Modus durchgeführt werden soll (=true) oder nicht (=false);</td> </tr> <tr> - <td>CCC=<ccc></td> - <td>BE, SI, </td> - <td><strong>Optional:</strong> Gibt an ob die Anmeldung mittels STORK im angegebenen Land erfolgen soll. Die Angabe erfolgt mit dem Ländercode (z.B.: PT, LU, ES, ...) des jeweiligen Landes.</td> + <td>useeIDAS=<true/false></td> + <td>true /false</td> + <td>Optional: Gibt an ob eine Anmeldung mittels eIDAS erfolgen soll. Wird der Parameter (=true) übergeben, startet der Anmeldeprozess mit einer Weiterleitung an den zentralen nationalen eIDAS Connector.</td> </tr> </tbody> </table> diff --git a/id/server/doc/htmlTemplates/BKU-selection.html b/id/server/doc/htmlTemplates/BKU-selection.html index fe9bc2166..4e548e58c 100644 --- a/id/server/doc/htmlTemplates/BKU-selection.html +++ b/id/server/doc/htmlTemplates/BKU-selection.html @@ -4,7 +4,7 @@ <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <!-- MOA-ID 2.x BKUSelection Layout CSS --> - <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=$pendingReqID" /> + <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=$pendingReqID"/> <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions--> <script src="$contextPath/js/buildJS?pendingid=$pendingReqID"></script> @@ -26,8 +26,8 @@ <div id="mandateLogin" class="$MANDATEVISIBLE"> <div> <input tabindex="1" type="checkbox" name="Mandate" - id="mandateCheckBox" class="verticalcenter" role="checkbox" $MANDATECHECKED> - <label for="mandateCheckBox" class="verticalcenter">in + id="mandateCheckBox" class="mandate" role="checkbox" $MANDATECHECKED> + <label for="mandateCheckBox" class="mandate">in Vertretung anmelden</label> <!--a href="info_mandates.html" target="_blank" @@ -37,31 +37,41 @@ </div> <div id="bkuselectionarea"> <div id="bkukarte"> - <img id="bkuimage" class="bkuimage" src="$contextPath/img/karte.png" alt="OnlineBKU" /> + <img id="bkuimage" class="bkuimage" src="$contextPath/img/karte.png" alt="OnlineBKU"/> - <!-- Remove support for Online BKU and swith the card button to local BKU--> - <!--input name="bkuButtonOnline" type="button" onClick="bkuOnlineClicked();" tabindex="2" role="button" value="Karte" /--> + <!-- Remove support for Online BKU and swith the card button to local BKU--> + <!--input name="bkuButtonOnline" type="button" onClick="bkuOnlineClicked();" tabindex="2" role="button" value="Karte" /--> - <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent"> - <input type="hidden" name="bkuURI" value="$bkuLocal" /> - <input type="hidden" name="useMandate" id="useMandate" /> - <input type="hidden" name="SSO" id="useSSO" /> - <input type="hidden" name="ccc" id="ccc" /> - <input type="hidden" name="pendingid" value="$pendingReqID" /> - <input type="submit" value=" Karte " tabindex="4" role="button"> - </form> + <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent"> + <input type="hidden" name="bkuURI" value="$bkuLocal" /> + <input type="hidden" name="useMandate" id="useMandate" /> + <input type="hidden" name="SSO" id="useSSO" /> + <input type="hidden" name="ccc" id="ccc" /> + <input type="hidden" name="pendingid" value="$pendingReqID" /> + <input type="submit" value=" Karte " tabindex="5" role="button" /> + </form> - <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/feature/bkuDetection?pendingid=$pendingReqID"></iframe> + <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/feature/bkuDetection?pendingid=$pendingReqID"></iframe> - <!-- BKU detection with static template--> - <!--iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/iframeLBKUdetect.html"></iframe--> - - </div> - <div id="bkuhandy"> - <img class="bkuimage" src="$contextPath/img/handysign.png" alt="HandyBKU" /> - <input name="bkuButtonHandy" type="button" tabindex="3" role="button" value="HANDY" /> - </div> - </div> + <!-- BKU detection with static template--> + <!--iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/iframeLBKUdetect.html"></iframe--> + </div> + + <div id="bkuhandy"> + <img class="bkuimage" src="$contextPath/img/handysign.png" alt="HandyBKU" /> + <input name="bkuButtonHandy" type="button" tabindex="3" role="button" value="HANDY" /> + </div> + + + <div id="bkueulogin" class="$eIDASVisible"> + <img id="eIDASImage" class="bkuimage" src="$contextPath/img/eIDAS_small.png" alt="EULogin" /> + <form method="get" id="moaideIDASform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent"> + <input type="hidden" name="useeIDAS" value="true" /> + <input type="hidden" name="useMandate" id="useMandate" /> + <input type="hidden" name="pendingid" value="$pendingReqID" /> + <input id="buttonEULogin" name="bkuButtonEULogin" type="submit" role="button" value="EULogin" /> + </form> + </div> <!--div id="localBKU"> <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent"> @@ -80,7 +90,11 @@ <!--div id="ssoSessionTransferBlock"> <a href="$contextPath$submitEndpoint?pendingid=$pendingReqID&restoreSSOSession=true">>Restore SSO Session from Smartphone</a> </div--> - + + + + + <!-- <div id="stork" align="center" class="$STORKVISIBLE"> <h2 id="tabheader" class="dunkel">Home Country Selection</h2> <p> @@ -88,9 +102,9 @@ $countryList </select> <button id="eIDASButton" name="bkuButton" type="button">Proceed</button> - <!--a href="info_stork.html" target="_blank" class="infobutton">i</a--> + a href="info_stork.html" target="_blank" class="infobutton">i</a </p> - </div> + </div>--> <div id="metroDetected" class="unvisible"> <p>Anscheinend verwenden Sie Internet Explorer im diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index ce1430aa0..fb977c071 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -1,12 +1,12 @@ -<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
<version>3.x</version>
</parent>
- <modelVersion>4.0.0</modelVersion>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-lib</artifactId>
<version>${moa-id-version}</version>
@@ -261,11 +261,71 @@ <dependency>
<groupId>httpsclient</groupId>
<artifactId>httpsclient</artifactId>
- </dependency>
- <dependency>
- <groupId>org.opensaml</groupId>
- <artifactId>opensaml</artifactId>
- <exclusions>
+ </dependency>
+ <dependency>
+ <groupId>at.gv.egiz.eaaf</groupId>
+ <artifactId>eaaf_module_pvp2_idp</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.xerces</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>xalan</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ <exclusion>
+ <artifactId>bcprov-jdk15on</artifactId>
+ <groupId>org.bouncycastle</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>at.gv.egiz.eaaf</groupId>
+ <artifactId>eaaf_module_pvp2_sp</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.xerces</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>xalan</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ <exclusion>
+ <artifactId>bcprov-jdk15on</artifactId>
+ <groupId>org.bouncycastle</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>at.gv.egiz.eaaf</groupId>
+ <artifactId>eaaf-core</artifactId>
+ <type>test-jar</type>
+ <classifier>tests</classifier>
+ <version>1.0.0</version>
+ <scope>test</scope>
+ </dependency>
+<!-- <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml</artifactId>
+ <exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
@@ -309,7 +369,7 @@ <dependency>
<groupId>org.apache.santuario</groupId>
<artifactId>xmlsec</artifactId>
- </dependency>
+ </dependency> -->
<!-- the core, which includes Streaming API, shared low-level abstractions (but NOT data-binding) -->
<dependency>
@@ -368,8 +428,7 @@ <dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
- <version>${org.apache.commons.lang3.version}</version>
- </dependency>
+ </dependency>
<!-- <dependency>
<groupId>org.jvnet.jaxb2_commons</groupId>
@@ -489,7 +548,15 @@ <plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
- <version>2.9.1</version>
+ <version>3.0.1</version>
+ <dependencies>
+ <dependency>
+ <groupId>javax.annotation</groupId>
+ <artifactId>javax.annotation-api</artifactId>
+ <version>1.3.1</version>
+ <scope>compile</scope>
+ </dependency>
+ </dependencies>
<configuration>
<charset>UTF-8</charset>
<docencoding>UTF-8</docencoding>
@@ -525,8 +592,9 @@ <goal>jar</goal>
</goals>
<configuration>
- <additionalparam>-Xdoclint:none</additionalparam>
- </configuration>
+ <additionalparam>-Xdoclint:none</additionalparam>
+ <additionalOptions>--add-modules ALL-MODULE-PATH</additionalOptions>
+ </configuration>
</execution>
</executions>
</plugin>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/DummyStatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/DummyStatisticLogger.java deleted file mode 100644 index 8fff6b20b..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/DummyStatisticLogger.java +++ /dev/null @@ -1,58 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.advancedlogging; - - -import org.springframework.stereotype.Service; - -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.logging.Logger; - -@Service("StatisticLogger") -public class DummyStatisticLogger implements IStatisticLogger{ - - @Override - public void logSuccessOperation(IRequest protocolRequest, - IAuthData authData, boolean isSSOSession) { - Logger.trace("Dummy-logSuccessOperation"); - } - - @Override - public void logErrorOperation(Throwable throwable) { - Logger.trace("Dummy-logErrorOperation"); - } - - @Override - public void logErrorOperation(Throwable throwable, IRequest errorRequest) { - Logger.trace("Dummy-logErrorOperation"); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger#testConnection() - */ - @Override - public void testConnection() throws Exception { - Logger.trace("Dummy-logErrorOperation"); - - }} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/IStatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/IStatisticLogger.java deleted file mode 100644 index e0f21c012..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/IStatisticLogger.java +++ /dev/null @@ -1,39 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.advancedlogging; - -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.data.IAuthData; - - -public interface IStatisticLogger { - - public void logSuccessOperation(IRequest protocolRequest, IAuthData authData, boolean isSSOSession); - - public void logErrorOperation(Throwable throwable); - - public void logErrorOperation(Throwable throwable, IRequest errorRequest); - - public void testConnection() throws Exception; - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java index 54e459db1..05d344fb6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java @@ -35,10 +35,7 @@ import at.gv.egiz.components.eventlog.api.EventConstants; public interface MOAIDEventConstants extends EventConstants { //auth protocol specific information - public static final int AUTHPROTOCOL_TYPE = 3000; - public static final int AUTHPROTOCOL_PVP_METADATA = 3100; - public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST = 3101; public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE = 3102; public static final int AUTHPROTOCOL_PVP_REQUEST_SLO = 3103; public static final int AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY = 3104; @@ -88,7 +85,13 @@ public interface MOAIDEventConstants extends EventConstants { public static final int AUTHPROCESS_PEPS_RECEIVED = 6102; public static final int AUTHPROCESS_PEPS_RECEIVED_ERROR = 6103; public static final int AUTHPROCESS_PEPS_IDL_RECEIVED = 6104; - + + public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_SELECTED = 6200; + public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_REQUESTED = 6201; + public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED = 6202; + public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR = 6203; + public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID = 6204; + //person information public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK = 5000; public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE = 5001; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java index b26c9c1a9..1c1cc4168 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java @@ -31,11 +31,15 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.modules.pvp2.PVPEventConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -45,7 +49,7 @@ import at.gv.egovernment.moa.util.MiscUtil; * */ @Service("MOAReversionLogger") -public class MOAReversionLogger { +public class MOAReversionLogger implements IRevisionLogger { @Autowired protected AuthConfiguration authConfig; @@ -60,8 +64,8 @@ public class MOAReversionLogger { MOAIDEventConstants.TRANSACTION_DESTROYED, MOAIDEventConstants.TRANSACTION_ERROR, MOAIDEventConstants.TRANSACTION_IP, - MOAIDEventConstants.AUTHPROTOCOL_TYPE, - MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA, + IRevisionLogger.AUTHPROTOCOL_TYPE, + PVPEventConstants.AUTHPROTOCOL_PVP_METADATA, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION, @@ -91,6 +95,12 @@ public class MOAReversionLogger { MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED, + + MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID, + MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED, + MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR, + MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_REQUESTED, + MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_SELECTED, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED, @@ -107,13 +117,20 @@ public class MOAReversionLogger { ); - public void logEvent(IOAAuthParameters oaConfig, + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, int, java.lang.String) + */ + @Override + public void logEvent(ISPConfiguration oaConfig, int eventCode, String message) { if (selectOASpecificEventCodes(oaConfig).contains(eventCode)) MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message)); } - public void logEvent(IOAAuthParameters oaConfig, IRequest pendingRequest, + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egiz.eaaf.core.api.IRequest, int) + */ + public void logEvent(ISPConfiguration oaConfig, IRequest pendingRequest, int eventCode) { if (selectOASpecificEventCodes(oaConfig).contains(eventCode)) MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, @@ -122,6 +139,9 @@ public class MOAReversionLogger { } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egiz.eaaf.core.api.IRequest, int, java.lang.String) + */ public void logEvent(IOAAuthParameters oaConfig, IRequest pendingRequest, int eventCode, String message) { if (selectOASpecificEventCodes(oaConfig).contains(eventCode)) @@ -133,37 +153,37 @@ public class MOAReversionLogger { } - /** - * @param sessionCreated - * @param uniqueSessionIdentifier + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(int, java.lang.String) */ + @Override public void logEvent(int eventCode, String message) { MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message)); } - /** - * @param sessionCreated - * @param uniqueSessionIdentifier + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(java.lang.String, java.lang.String, int, java.lang.String) */ + @Override public void logEvent(String sessionID, String transactionID, int eventCode, String message) { MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message, sessionID, transactionID)); } - /** - * @param sessionCreated - * @param uniqueSessionIdentifier + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(java.lang.String, java.lang.String, int) */ + @Override public void logEvent(String sessionID, String transactionID, int eventCode) { MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, sessionID, transactionID)); } - /** - * @param errorRequest - * @param transactionError + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(at.gv.egiz.eaaf.core.api.IRequest, int) */ + @Override public void logEvent(IRequest pendingRequest, int eventCode) { MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, pendingRequest.getUniqueSessionIdentifier(), @@ -171,8 +191,12 @@ public class MOAReversionLogger { } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(at.gv.egiz.eaaf.core.api.IRequest, int, java.lang.String) + */ + @Override public void logEvent(IRequest pendingRequest, int eventCode, String message) { - logEvent(pendingRequest.getOnlineApplicationConfiguration(), + logEvent(pendingRequest.getServiceProviderConfiguration(OAAuthParameterDecorator.class), pendingRequest, eventCode, message); } @@ -232,12 +256,13 @@ public class MOAReversionLogger { } - private List<Integer> selectOASpecificEventCodes(IOAAuthParameters oaConfig) { + private List<Integer> selectOASpecificEventCodes(ISPConfiguration oaConfig) { List<Integer> OASpecificEventCodes = null; - if (oaConfig != null && oaConfig.getReversionsLoggingEventCodes() != null) - OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes(); + if (oaConfig != null && oaConfig instanceof IOAAuthParameters && + ((IOAAuthParameters)oaConfig).getReversionsLoggingEventCodes() != null) { + OASpecificEventCodes = ((IOAAuthParameters)oaConfig).getReversionsLoggingEventCodes(); - else + } else OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes(); return OASpecificEventCodes; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java index 72aef5fed..f642cddc7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java @@ -43,22 +43,25 @@ import org.springframework.transaction.annotation.Transactional; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; -import at.gv.egovernment.moa.id.auth.exception.BKUException; -import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.ServiceException; import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; +import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MISSimpleClientException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; +import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -91,7 +94,9 @@ public class StatisticLogger implements IStatisticLogger{ private EntityManager entityManager; - public void testConnection() throws Exception { + @Override + //TODO: update tests!!!! + public void internalTesting() throws Exception { Date expioredate = new Date(new Date().getTime() - 120); Query query = entityManager.createNamedQuery("getAllEntriesNotBeforeTimeStamp"); query.setParameter("timeout", expioredate); @@ -105,7 +110,7 @@ public class StatisticLogger implements IStatisticLogger{ if ( authConfig.isAdvancedLoggingActive() && protocolRequest != null && authData != null) { IOAAuthParameters dbOA = null; - dbOA = protocolRequest.getOnlineApplicationConfiguration(); + dbOA = protocolRequest.getServiceProviderConfiguration(OAAuthParameterDecorator.class); if (dbOA == null) { Logger.warn("Advanced logging failed: OA can not be found in database."); @@ -128,88 +133,95 @@ public class StatisticLogger implements IStatisticLogger{ Logger.warn("Can not extract some information for StatisticLogger.", e); } - dblog.setOatarget(authData.getBPKType()); - - - boolean isFederatedAuthentication = protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE) != null; - dblog.setInterfederatedSSOSession(isFederatedAuthentication); - - if (isFederatedAuthentication) { - dblog.setBkutype(IOAAuthParameters.INDERFEDERATEDIDP); - dblog.setBkuurl(protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_ENTITYID, String.class)); - - } else { - dblog.setBkuurl(authData.getBkuURL()); - dblog.setBkutype(findBKUType(authData.getBkuURL(), dbOA)); - - } - dblog.setProtocoltype(protocolRequest.requestedModule()); dblog.setProtocolsubtype(protocolRequest.requestedAction()); dblog.setSsosession(isSSOSession); - //log MandateInforamtion - if (authData.isUseMandate()) { - dblog.setMandatelogin(authData.isUseMandate()); + if (authData instanceof IMOAAuthData) { + IMOAAuthData moaAuthData = (IMOAAuthData) authData; + dblog.setOatarget(moaAuthData.getBPKType()); + + boolean isFederatedAuthentication = protocolRequest.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE) != null; + dblog.setInterfederatedSSOSession(isFederatedAuthentication); - IMISMandate mandate = authData.getMISMandate(); - if (mandate != null) { + if (isFederatedAuthentication) { + dblog.setBkutype(IOAAuthParameters.INDERFEDERATEDIDP); + dblog.setBkuurl(protocolRequest.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, String.class)); - if (MiscUtil.isNotEmpty(mandate.getProfRep())) { - dblog.setMandatetype(mandate.getProfRep()); - dblog.setPv(true); - dblog.setPvOID(mandate.getProfRep()); - - } else { - dblog.setPv(false); - } + } else if (moaAuthData.isForeigner()) { + dblog.setBkutype(IOAAuthParameters.EIDAS); - InputStream is = null; - try { - is = new ByteArrayInputStream(mandate.getMandate()); + } else { + dblog.setBkuurl(moaAuthData.getBkuURL()); + dblog.setBkutype(findBKUType(moaAuthData.getBkuURL(), dbOA)); + + } + + //log MandateInforamtion + if (moaAuthData.isUseMandate()) { + dblog.setMandatelogin(moaAuthData.isUseMandate()); + + IMISMandate mandate = moaAuthData.getMISMandate(); + if (mandate != null) { - JAXBContext jc = JAXBContext.newInstance(Mandate.class); - Unmarshaller u = jc.createUnmarshaller(); - Object mismandateobj = u.unmarshal(is); + if (MiscUtil.isNotEmpty(mandate.getProfRep())) { + dblog.setMandatetype(mandate.getProfRep()); + dblog.setPv(true); + dblog.setPvOID(mandate.getProfRep()); + + } else { + dblog.setPv(false); + } - if (mismandateobj != null && mismandateobj instanceof Mandate) { - Mandate mismandate = (Mandate) mismandateobj; + InputStream is = null; + try { + is = new ByteArrayInputStream(mandate.getMandate()); - if (MiscUtil.isEmpty(mandate.getProfRep())) - dblog.setMandatetype(mismandate.getAnnotation()); + JAXBContext jc = JAXBContext.newInstance(Mandate.class); + Unmarshaller u = jc.createUnmarshaller(); + Object mismandateobj = u.unmarshal(is); - Mandator mandator = mismandate.getMandator(); - CorporateBodyType corp = mandator.getCorporateBody(); - if (corp != null) { - dblog.setMandatortype(MANTATORTYPE_JUR); + if (mismandateobj != null && mismandateobj instanceof Mandate) { + Mandate mismandate = (Mandate) mismandateobj; + + if (MiscUtil.isEmpty(mandate.getProfRep())) + dblog.setMandatetype(mismandate.getAnnotation()); + + Mandator mandator = mismandate.getMandator(); + CorporateBodyType corp = mandator.getCorporateBody(); + if (corp != null) { + dblog.setMandatortype(MANTATORTYPE_JUR); + + } else { + dblog.setMandatortype(MANTATORTYPE_NAT); + } + } else { - dblog.setMandatortype(MANTATORTYPE_NAT); + Logger.warn("Advancted logging can not unmarshall MISMandate"); } - - - } else { - Logger.warn("Advancted logging can not unmarshall MISMandate"); - } - } catch (JAXBException e) { - Logger.warn("Advancted logging can not parse mandate.", e); - - } finally { - if (is!=null) { - try { - is.close(); - - } catch (IOException e) { - Logger.warn("Close InputStream failed." , e); - + } catch (JAXBException e) { + Logger.warn("Advancted logging can not parse mandate.", e); + + } finally { + if (is!=null) { + try { + is.close(); + + } catch (IOException e) { + Logger.warn("Close InputStream failed." , e); + + } } } - } - } - } - + } + } + + } else + Logger.info("'AuthData' is NOT of type 'IMOAAuthData'. StatisticLogger logs only basic infos"); + try { entityManager.persist(dblog); @@ -258,13 +270,13 @@ public class StatisticLogger implements IStatisticLogger{ dblog.setTimestamp(new Date()); - dblog.setOaurlprefix(getMessageWithMaxLength(errorRequest.getOAURL(), MAXOAIDENTIFIER_LENGTH)); + dblog.setOaurlprefix(getMessageWithMaxLength(errorRequest.getSPEntityId(), MAXOAIDENTIFIER_LENGTH)); dblog.setProtocoltype(errorRequest.requestedModule()); dblog.setProtocolsubtype(errorRequest.requestedAction()); generateErrorLogFormThrowable(throwable, dblog); - IOAAuthParameters dbOA = errorRequest.getOnlineApplicationConfiguration(); + IOAAuthParameters dbOA = errorRequest.getServiceProviderConfiguration(OAAuthParameterDecorator.class); if (dbOA != null) { dblog.setOaurlprefix(getMessageWithMaxLength(dbOA.getPublicURLPrefix(), MAXOAIDENTIFIER_LENGTH)); dblog.setOafriendlyName(dbOA.getFriendlyName()); @@ -290,7 +302,9 @@ public class StatisticLogger implements IStatisticLogger{ } else { Logger.debug("Use MOA session information from pending-req for ErrorLogging"); - moasession = errorRequest.getMOASession(); + moasession = (IAuthenticationSession) errorRequest.getSessionData(AuthenticationSessionWrapper.class); + + } @@ -383,45 +397,47 @@ public class StatisticLogger implements IStatisticLogger{ private String findBKUType(String bkuURL, IOAAuthParameters dbOA) { - if (dbOA != null) { - if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameter.HANDYBKU))) - return IOAAuthParameters.HANDYBKU; - - if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameter.LOCALBKU))) - return IOAAuthParameters.LOCALBKU; - - if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameter.THIRDBKU))) - return IOAAuthParameters.THIRDBKU; - } - - Logger.trace("Staticic Log search BKUType from DefaultBKUs"); - - try { - if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.THIRDBKU))) - return IOAAuthParameters.THIRDBKU; + if (bkuURL != null) { + if (dbOA != null) { + if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.HANDYBKU))) + return IOAAuthParameters.HANDYBKU; + + if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.LOCALBKU))) + return IOAAuthParameters.LOCALBKU; + + if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.THIRDBKU))) + return IOAAuthParameters.THIRDBKU; + } - if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU))) + Logger.trace("Staticic Log search BKUType from DefaultBKUs"); + + try { + if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.THIRDBKU))) + return IOAAuthParameters.THIRDBKU; + + if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU))) + return IOAAuthParameters.LOCALBKU; + + if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU))) + return IOAAuthParameters.HANDYBKU; + + } catch (ConfigurationException e) { + Logger.info("Advanced Logging: Default BKUs read failed"); + } + + Logger.debug("Staticic Log search BKUType from generneric Parameters"); + + if (bkuURL.endsWith(GENERIC_LOCALBKU)) { + Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.LOCALBKU); return IOAAuthParameters.LOCALBKU; + } - if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU))) + if (bkuURL.startsWith(GENERIC_HANDYBKU)) { + Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.HANDYBKU); return IOAAuthParameters.HANDYBKU; - - } catch (ConfigurationException e) { - Logger.info("Advanced Logging: Default BKUs read failed"); - } - - Logger.debug("Staticic Log search BKUType from generneric Parameters"); - - if (bkuURL.endsWith(GENERIC_LOCALBKU)) { - Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.LOCALBKU); - return IOAAuthParameters.LOCALBKU; + } } - if (bkuURL.startsWith(GENERIC_HANDYBKU)) { - Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.HANDYBKU); - return IOAAuthParameters.HANDYBKU; - } - Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.AUTHTYPE_OTHERS); return IOAAuthParameters.AUTHTYPE_OTHERS; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java deleted file mode 100644 index 0b066f3b9..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.advancedlogging; - - -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IRequest; - -/** - * @author tlenz - * - */ -public class TransactionIDUtils { - - /** - * Set all MDC variables from pending request to this threat context<br> - * These includes SessionID, TransactionID, and unique service-provider identifier - * - * @param pendingRequest - */ - public static void setAllLoggingVariables(IRequest pendingRequest) { - setTransactionId(pendingRequest.getUniqueTransactionIdentifier()); - setSessionId(pendingRequest.getUniqueSessionIdentifier()); - setServiceProviderId(pendingRequest.getOnlineApplicationConfiguration().getPublicURLPrefix()); - - } - - /** - * Remove all MDC variables from this threat context - * - */ - public static void removeAllLoggingVariables() { - removeSessionId(); - removeTransactionId(); - removeServiceProviderId(); - - } - - - public static void setServiceProviderId(String oaUniqueId) { - org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID, oaUniqueId); - org.slf4j.MDC.put(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID, oaUniqueId); - - } - - public static void removeServiceProviderId() { - org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID); - org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID); - - } - - public static void setTransactionId(String pendingRequestID) { - org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID, - "TID-" + pendingRequestID); - org.slf4j.MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID, - "TID-" + pendingRequestID); - - } - - public static void removeTransactionId() { - org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_TRANSACTION_ID); - org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_TRANSACTION_ID); - - } - - public static void setSessionId(String uniqueSessionId) { - org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID, - "SID-" + uniqueSessionId); - org.slf4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID, - "SID-" + uniqueSessionId); - - } - - public static void removeSessionId() { - org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_SESSION_ID); - org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_SESSION_ID); - - } - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java index 34d0d4be1..c684e1ac2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java @@ -12,14 +12,14 @@ import org.springframework.scheduling.annotation.EnableScheduling; import org.springframework.scheduling.annotation.Scheduled; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; +import at.gv.egiz.eaaf.core.api.data.ExceptionContainer; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.data.ExceptionContainer; -import at.gv.egovernment.moa.id.process.ProcessExecutionException; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java deleted file mode 100644 index 6f98357e2..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth; - -/** - * @author tlenz - * - */ -public interface IDestroyableObject { - /** - * Manually deep destroy a Java object with all child objects like timers and threads - * - */ - public void fullyDestroy(); - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java deleted file mode 100644 index 27d142f2c..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth; - -/** - * @author tlenz - * - */ -public interface IGarbageCollectorProcessing { - - /** - * This method gets executed by the MOA garbage collector at regular intervals. - * - */ - public void runGarbageCollector(); -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java deleted file mode 100644 index d918be463..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth; - - -/** - * - * @author tlenz - * - * Interface initialize a Object when the MOA-ID-Auth start-up process is fully completed - * - */ -public interface IPostStartupInitializable { - - /** - * This method is called once when MOA-ID-Auth start-up process is fully completed - * - */ - public void executeAfterStartup(); - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java index 52e30a2f0..f88267ad7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java @@ -33,6 +33,7 @@ import org.springframework.scheduling.annotation.EnableScheduling; import org.springframework.scheduling.annotation.Scheduled; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing; import at.gv.egovernment.moa.logging.Logger; @Service("MOAGarbageCollector") diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index d09aac0f4..66093b851 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -32,12 +32,12 @@ import javax.activation.MailcapCommandMap; import org.springframework.web.context.support.GenericWebApplicationContext; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index cc716f9f8..2c14af463 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -23,72 +23,71 @@ package at.gv.egovernment.moa.id.auth.builder; import java.io.IOException; -import java.io.InputStream; import java.lang.reflect.InvocationTargetException; import java.security.PrivateKey; import java.util.ArrayList; import java.util.Arrays; -import java.util.Collection; import java.util.Date; +import java.util.HashMap; import java.util.Iterator; import java.util.List; +import java.util.Map; +import java.util.Map.Entry; -import javax.naming.ldap.LdapName; -import javax.naming.ldap.Rdn; +import javax.annotation.PostConstruct; -import org.opensaml.saml2.core.Attribute; -import org.opensaml.saml2.core.AttributeQuery; -import org.opensaml.saml2.core.Response; -import org.opensaml.ws.soap.common.SOAPException; -import org.opensaml.xml.XMLObject; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import org.w3c.dom.DOMException; import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFParserException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.XPathException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException; -import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; -import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.MISMandate; -import at.gv.egovernment.moa.id.data.Pair; +import at.gv.egovernment.moa.id.data.MOAAuthenticationData; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; -import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper; +import at.gv.egovernment.moa.id.util.LoALevelMapper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.egovernment.moa.util.XPathUtils; import at.gv.util.client.szr.SZRClient; import at.gv.util.config.EgovUtilPropertiesConfiguration; import at.gv.util.wsdl.szr.SZRException; @@ -100,30 +99,57 @@ import iaik.x509.X509Certificate; * */ @Service("AuthenticationDataBuilder") -public class AuthenticationDataBuilder extends MOAIDAuthConstants { +public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder { + public static final String CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS = "configuration.foreignsectors.pubkey"; + @Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage; @Autowired protected AuthConfiguration authConfig; - @Autowired private AttributQueryBuilder attributQueryBuilder; - @Autowired private SAMLVerificationEngineSP samlVerificationEngine; - @Autowired(required=true) private MOAMetadataProvider metadataProvider; + @Autowired protected LoALevelMapper loaLevelMapper; + private Map<String, X509Certificate> encKeyMap = new HashMap<String, X509Certificate>(); - public IAuthData buildAuthenticationData(IRequest pendingReq, - IAuthenticationSession session) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { - return buildAuthenticationData(pendingReq, session, pendingReq.getOnlineApplicationConfiguration()); - + @PostConstruct + private void initialize() { + Map<String, String> pubKeyMap = authConfig.getBasicMOAIDConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS); + for (Entry<String, String> el : pubKeyMap.entrySet()) { + try { + encKeyMap.put(el.getKey(), new X509Certificate(Base64Utils.decode(el.getValue(), false))); + Logger.info("Load foreign bPK encryption certificate for sector: " + el.getKey()); + + } catch (Exception e) { + Logger.warn("Can NOT load foreign bPK encryption certificate for sector: \" + el.getKey()", e); + + } + + } } - public IAuthData buildAuthenticationData(IRequest pendingReq, - IAuthenticationSession session, IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { - AuthenticationData authdata = null; + @Override + public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException { + try { + return buildAuthenticationData(pendingReq, + pendingReq.getSessionData(AuthenticationSessionWrapper.class), + pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class)); + + } catch (ConfigurationException | BuildException | WrongParametersException | DynamicOABuildException | EAAFBuilderException e) { + Logger.warn("Can not build authentication data from session information"); + throw new EAAFAuthenticationException("builder.11", new Object[]{}, e); + + } + + } + + private IAuthData buildAuthenticationData(IRequest pendingReq, + IAuthenticationSession session, IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException, EAAFBuilderException { + MOAAuthenticationData authdata = null; //only needed for SAML1 legacy support try { //check if SAML1 authentication module is in Classpath Class<?> saml1RequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl"); - IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").newInstance(); + //IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").newInstance(); + IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").getConstructor(LoALevelMapper.class).newInstance(loaLevelMapper); if (saml1RequstTemplate != null && saml1RequstTemplate.isInstance(pendingReq)) { //request is SAML1 --> invoke SAML1 protocol specific methods @@ -134,19 +160,19 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { saml1authdata.getClass().getMethod("setExtendedSAMLAttributesOA", List.class).invoke(saml1authdata, session.getExtendedSAMLAttributesOA()); } - authdata = (AuthenticationData) saml1authdata; + authdata = (MOAAuthenticationData) saml1authdata; } else { - authdata = new AuthenticationData(); + authdata = new MOAAuthenticationData(loaLevelMapper); } } catch (ClassNotFoundException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) { - authdata = new AuthenticationData(); + authdata = new MOAAuthenticationData(loaLevelMapper); } - OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, pendingReq.getOAURL(), pendingReq.requestedModule()); + OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, pendingReq.getSPEntityId(), pendingReq.requestedModule()); //reuse authentication information in case of service-provider reauthentication if (activeOA != null) { authdata.setSessionIndex(activeOA.getAssertionSessionID()); @@ -160,14 +186,14 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { if (oaParam.isSTORKPVPGateway()) oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, pendingReq); - Boolean isMinimalFrontChannelResp = pendingReq.getGenericData( - PVPTargetConfiguration.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, Boolean.class); + Boolean isMinimalFrontChannelResp = pendingReq.getRawData( + MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, Boolean.class); if (isMinimalFrontChannelResp != null && isMinimalFrontChannelResp) { //only set minimal response attributes authdata.setQAALevel( - pendingReq.getGenericData(PVPTargetConfiguration.DATAID_INTERFEDERATION_QAALEVEL, String.class)); + pendingReq.getRawData(MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, String.class)); authdata.setBPK( - pendingReq.getGenericData(PVPTargetConfiguration.DATAID_INTERFEDERATION_NAMEID, String.class)); + pendingReq.getRawData(MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, String.class)); } else { //build AuthenticationData from MOASession @@ -177,173 +203,15 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { return authdata; } - - /** - * Get PVP authentication attributes by using a SAML2 AttributeQuery - * - * @param reqQueryAttr List of PVP attributes which are requested - * @param userNameID SAML2 UserNameID of the user for which attributes are requested - * @param idpConfig Configuration of the IDP, which is requested - * @return - * @return PVP attribute DAO, which contains all received information - * @throws MOAIDException - */ - public AssertionAttributeExtractor getAuthDataFromAttributeQuery(List<Attribute> reqQueryAttr, - String userNameID, IOAAuthParameters idpConfig ) throws MOAIDException{ - String idpEnityID = idpConfig.getPublicURLPrefix(); - - try { - Logger.debug("Starting AttributeQuery process ..."); - //collect attributes by using BackChannel communication - String endpoint = idpConfig.getIDPAttributQueryServiceURL(); - if (MiscUtil.isEmpty(endpoint)) { - Logger.error("No AttributeQueryURL for interfederationIDP " + idpEnityID); - throw new ConfigurationException("config.26", new Object[]{idpEnityID}); - - } - - //build attributQuery request - AttributeQuery query = attributQueryBuilder.buildAttributQueryRequest(userNameID, endpoint, reqQueryAttr); - - //build SOAP request - List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query); - - if (xmlObjects.size() == 0) { - Logger.error("Receive emptry AttributeQuery response-body."); - throw new AttributQueryException("auth.27", - new Object[]{idpEnityID, "Receive emptry AttributeQuery response-body."}); - - } - - Response intfResp; - if (xmlObjects.get(0) instanceof Response) { - intfResp = (Response) xmlObjects.get(0); - - //validate PVP 2.1 response - try { - samlVerificationEngine.verifyIDPResponse(intfResp, - TrustEngineFactory.getSignatureKnownKeysTrustEngine( - metadataProvider)); - - //create assertion attribute extractor from AttributeQuery response - return new AssertionAttributeExtractor(intfResp); - - } catch (Exception e) { - Logger.warn("PVP 2.1 assertion validation FAILED.", e); - throw new AssertionValidationExeption("auth.27", - new Object[]{idpEnityID, e.getMessage()}, e); - } - - } else { - Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response"); - throw new AttributQueryException("auth.27", - new Object[]{idpEnityID, "Receive AttributeQuery response-body include no PVP 2.1 response"}); - - } - - } catch (SOAPException e) { - throw new BuildException("builder.06", null, e); - - } catch (SecurityException e) { - throw new BuildException("builder.06", null, e); - - } catch (org.opensaml.xml.security.SecurityException e1) { - throw new BuildException("builder.06", null, e1); - - } - } - - private void buildAuthDataFormMOASession(AuthenticationData authData, IAuthenticationSession session, - IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException { - - Collection<String> includedToGenericAuthData = null; - if (session.getGenericSessionDataStorage() != null && - !session.getGenericSessionDataStorage().isEmpty()) - includedToGenericAuthData = session.getGenericSessionDataStorage().keySet(); - else - includedToGenericAuthData = new ArrayList<String>(); - - try { - //#################################################### - //set general authData info's - authData.setIssuer(protocolRequest.getAuthURL()); - authData.setSsoSession(protocolRequest.needSingleSignOnFunctionality()); - authData.setBaseIDTransferRestrication(oaParam.hasBaseIdTransferRestriction()); - - - //#################################################### - //parse user info's from identityLink - IIdentityLink idlFromPVPAttr = null; - IIdentityLink identityLink = session.getIdentityLink(); - if (identityLink != null) { - parseBasicUserInfosFromIDL(authData, identityLink, includedToGenericAuthData); - - } else { - // identityLink is not direct in MOASession - String pvpAttrIDL = session.getGenericDataFromSession(PVPConstants.EID_IDENTITY_LINK_NAME, String.class); - //find PVP-Attr. which contains the IdentityLink - if (MiscUtil.isNotEmpty(pvpAttrIDL)) { - Logger.debug("Find PVP-Attr: " + PVPConstants.EID_IDENTITY_LINK_FRIENDLY_NAME - + " --> Parse basic user info's from that attribute."); - InputStream idlStream = null; - try { - idlStream = Base64Utils.decodeToStream(pvpAttrIDL, false); - idlFromPVPAttr = new IdentityLinkAssertionParser(idlStream).parseIdentityLink(); - parseBasicUserInfosFromIDL(authData, idlFromPVPAttr, includedToGenericAuthData); - - } catch (ParseException e) { - Logger.error("Received IdentityLink is not valid", e); - - } catch (Exception e) { - Logger.error("Received IdentityLink is not valid", e); - - } finally { - try { - includedToGenericAuthData.remove(PVPConstants.EID_IDENTITY_LINK_NAME); - if (idlStream != null) - idlStream.close(); - - } catch (IOException e) { - Logger.fatal("Close InputStream FAILED.", e); - - } - - } - - } - - //if no basic user info's are set yet, parse info's single PVP-Attributes - if (MiscUtil.isEmpty(authData.getFamilyName())) { - Logger.debug("No IdentityLink found or not parseable --> Parse basic user info's from single PVP-Attributes."); - authData.setFamilyName(session.getGenericDataFromSession(PVPConstants.PRINCIPAL_NAME_NAME, String.class)); - authData.setGivenName(session.getGenericDataFromSession(PVPConstants.GIVEN_NAME_NAME, String.class)); - authData.setDateOfBirth(session.getGenericDataFromSession(PVPConstants.BIRTHDATE_NAME, String.class)); - authData.setIdentificationValue(session.getGenericDataFromSession(PVPConstants.EID_SOURCE_PIN_NAME, String.class)); - authData.setIdentificationType(session.getGenericDataFromSession(PVPConstants.EID_SOURCE_PIN_TYPE_NAME, String.class)); - - //remove corresponding keys from genericSessionData if exists - includedToGenericAuthData.remove(PVPConstants.PRINCIPAL_NAME_NAME); - includedToGenericAuthData.remove(PVPConstants.GIVEN_NAME_NAME); - includedToGenericAuthData.remove(PVPConstants.BIRTHDATE_NAME); - includedToGenericAuthData.remove(PVPConstants.EID_SOURCE_PIN_NAME); - includedToGenericAuthData.remove(PVPConstants.EID_SOURCE_PIN_TYPE_NAME); - } - - } - if (authData.getIdentificationType() != null && - !authData.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - Logger.trace("IdentificationType is not a baseID --> clear it. "); - authData.setBPK(authData.getIdentificationValue()); - authData.setBPKType(authData.getIdentificationType()); - - authData.setIdentificationValue(null); - authData.setIdentificationType(null); - - } + private void buildAuthDataFormMOASession(MOAAuthenticationData authData, IAuthenticationSession session, + IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException, EAAFBuilderException { + try { + //generate basic authentication data + generateBasicAuthData(authData, protocolRequest, session); - //#################################################### + // #### generate MOA-ID specific authentication data ###### //set BKU URL includedToGenericAuthData.remove(PVPConstants.EID_CCS_URL_NAME); if (MiscUtil.isNotEmpty(session.getBkuURL())) @@ -355,33 +223,53 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { //TODO: fully switch from STORK QAA to eIDAS LoA //#################################################### //set QAA level - includedToGenericAuthData.remove(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME); - if (MiscUtil.isNotEmpty(session.getQAALevel())) - authData.setQAALevel(session.getQAALevel()); + if (MiscUtil.isNotEmpty(authData.getEIDASQAALevel())) { + Logger.debug("Find eIDAS LoA. Map it to STORK QAA"); + authData.setQAALevel(loaLevelMapper.mapeIDASQAAToSTORKQAA(authData.getEIDASQAALevel())); + + } else { + Logger.info("Find NO eIDAS Loa. Starting STORK QAA processing as backup ... "); - else { - String qaaLevel = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class); - if (MiscUtil.isNotEmpty(qaaLevel)) { - Logger.debug("Find PVP-Attr: " + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME - + " --> Parse QAA-Level from that attribute."); - - if (qaaLevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) { - authData.setQAALevel(qaaLevel); - - } else { - Logger.debug("Found PVP QAA level. QAA mapping process starts ... "); - String mappedQAA = PVPtoSTORKMapper.getInstance().mapToQAALevel(qaaLevel); - if (MiscUtil.isNotEmpty(mappedQAA)) - authData.setQAALevel(mappedQAA); - + + includedToGenericAuthData.remove(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME); + String currentLoA = null; + if (MiscUtil.isNotEmpty(session.getQAALevel())) + currentLoA = session.getQAALevel(); + else { + currentLoA = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class); + if (MiscUtil.isNotEmpty(currentLoA)) { + Logger.debug("Find PVP-Attr '" + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA + + " --> Parse QAA-Level from that attribute."); + } } + + if (MiscUtil.isNotEmpty(currentLoA)) { + if (currentLoA.startsWith(PVPConstants.STORK_QAA_PREFIX)) { + authData.setQAALevel(currentLoA); + authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(currentLoA)); + + } else if (currentLoA.startsWith(EAAFConstants.EIDAS_LOA_PREFIX)) { + authData.setQAALevel(loaLevelMapper.mapeIDASQAAToSTORKQAA(currentLoA)); + authData.seteIDASLoA(currentLoA); + + } else { + Logger.debug("Found PVP SecClass. QAA mapping process starts ... "); + String mappedStorkQAA = loaLevelMapper.mapSecClassToQAALevel(currentLoA); + if (MiscUtil.isNotEmpty(mappedStorkQAA)) { + authData.setQAALevel(mappedStorkQAA); + authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(mappedStorkQAA)); + + } + } + } } //if no QAA level is set in MOASession then set default QAA level - if (MiscUtil.isEmpty(authData.getQAALevel())) { - Logger.info("No QAA level found. Set to default level " + PVPConstants.STORK_QAA_PREFIX + "1"); + if (MiscUtil.isEmpty(authData.getEIDASQAALevel())) { + Logger.info("No QAA level found. Set to default level " + EAAFConstants.EIDAS_LOA_LOW); authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + "1"); + authData.seteIDASLoA(EAAFConstants.EIDAS_LOA_LOW); } @@ -433,65 +321,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } - - //#################################################### - //set isForeigner flag - //TODO: change to new eIDAS-token attribute identifier - if (session.getGenericDataFromSession(PVPConstants.EID_STORK_TOKEN_NAME) != null) { - Logger.debug("Find PVP-Attr: " + PVPConstants.EID_STORK_TOKEN_FRIENDLY_NAME - + " --> Set 'isForeigner' flag to TRUE"); - authData.setForeigner(true); - - } else { - authData.setForeigner(session.isForeigner()); - - } - - - //#################################################### - //set citizen country-code - includedToGenericAuthData.remove(PVPConstants.EID_ISSUING_NATION_NAME); - String pvpCCCAttr = session.getGenericDataFromSession(PVPConstants.EID_ISSUING_NATION_NAME, String.class); - if (MiscUtil.isNotEmpty(pvpCCCAttr)) { - authData.setCcc(pvpCCCAttr); - Logger.debug("Find PVP-Attr: " + PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME); - - } else { - if (authData.isForeigner()) { - try { - if (authData.getSignerCertificate() != null) { - //TODO: replace with TSL lookup when TSL is ready! - X509Certificate certificate = new X509Certificate(authData.getSignerCertificate()); - if (certificate != null) { - LdapName ln = new LdapName(certificate.getIssuerDN() - .getName()); - for (Rdn rdn : ln.getRdns()) { - if (rdn.getType().equalsIgnoreCase("C")) { - Logger.info("C is: " + rdn.getValue()); - authData.setCcc(rdn.getValue().toString()); - break; - } - } - } - - } else - Logger.warn("NO PVP-Attr: " + PVPConstants.EID_ISSUING_NATION_NAME - + " and NO SignerCertificate in MOASession -->" - + " Can NOT extract citizen-country of foreign person."); - - - } catch (Exception e) { - Logger.error("Failed to extract country code from certificate with message: " + e.getMessage()); - - } - - } else { - authData.setCcc(COUNTRYCODE_AUSTRIA); - - } - } - - + //#################################################### //set max. SSO session time includedToGenericAuthData.remove(AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO); @@ -620,11 +450,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { includedToGenericAuthData.remove(PVPConstants.MANDATE_PROF_REP_OID_NAME); } } - - - - - + //#################################################### // set bPK and IdentityLink for Organwalter --> // Organwalter has a special bPK is received from MIS @@ -634,111 +460,14 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { authData.setBPK(misMandate.getOWbPK()); authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); Logger.trace("Authenticated User is OW: " + misMandate.getOWbPK()); - - - //TODO: check in case of mandates for business services - if (identityLink != null) - authData.setIdentityLink(identityLink); - - else if (idlFromPVPAttr != null){ - authData.setIdentityLink(idlFromPVPAttr); - Logger.debug("Set IdentityLink received from federated IDP for Organwalter"); - - } else - Logger.info("Can NOT set Organwalter IdentityLink. Msg: No IdentityLink found"); - - + //set bPK and IdenityLink for all other - } else { - //build bPK - String pvpbPKValue = getbPKValueFromPVPAttribute(session); - String pvpbPKTypeAttr = getbPKTypeFromPVPAttribute(session); - Pair<String, String> pvpEncbPKAttr = getEncryptedbPKFromPVPAttribute(session, authData, oaParam); - - //check if a unique ID for this citizen exists - if (MiscUtil.isEmpty(authData.getIdentificationValue()) && - MiscUtil.isEmpty(pvpbPKValue) && MiscUtil.isEmpty(authData.getBPK()) && - pvpEncbPKAttr == null) { - Logger.info("Can not build authData, because moaSession include no bPK, encrypted bPK or baseID"); - throw new MOAIDException("builder.08", new Object[]{"No " + PVPConstants.BPK_FRIENDLY_NAME - + " or " + PVPConstants.EID_SOURCE_PIN_FRIENDLY_NAME - + " or " + PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME}); - - } - - // baseID is in MOASesson --> calculate bPK directly - if (MiscUtil.isNotEmpty(authData.getIdentificationValue())) { - Logger.debug("Citizen baseID is in MOASession --> calculate bPK from this."); - Pair<String, String> result = buildOAspecificbPK(protocolRequest, oaParam, authData); - authData.setBPK(result.getFirst()); - authData.setBPKType(result.getSecond()); - - //check if bPK already added to AuthData matches OA - } else if (MiscUtil.isNotEmpty(authData.getBPK()) - && matchsReceivedbPKToOnlineApplication(oaParam, authData.getBPKType()) ) { - Logger.debug("Correct bPK is already included in AuthData."); - - //check if bPK received by PVP-Attribute matches OA - } else if (MiscUtil.isNotEmpty(pvpbPKValue) && - matchsReceivedbPKToOnlineApplication(oaParam, pvpbPKTypeAttr)) { - Logger.debug("Receive correct bPK from PVP-Attribute"); - authData.setBPK(pvpbPKValue); - authData.setBPKType(pvpbPKTypeAttr); - - //check if decrypted bPK exists - } else if (pvpEncbPKAttr != null) { - Logger.debug("Receive bPK as encrypted bPK and decryption was possible."); - authData.setBPK(pvpEncbPKAttr.getFirst()); - authData.setBPKType(pvpEncbPKAttr.getSecond()); + Logger.debug("User is an OW. Set original IDL into authdata ... "); + authData.setIdentityLink(session.getIdentityLink()); - //ask SZR to get bPK - } else { - String notValidbPK = authData.getBPK(); - String notValidbPKType = authData.getBPKType(); - if (MiscUtil.isEmpty(notValidbPK) && - MiscUtil.isEmpty(notValidbPKType)) { - notValidbPK = pvpbPKValue; - notValidbPKType = pvpbPKTypeAttr; - - if (MiscUtil.isEmpty(notValidbPK) && - MiscUtil.isEmpty(notValidbPKType)) { - Logger.fatal("No bPK in MOASession. THIS error should not occur any more."); - throw new NullPointerException("No bPK in MOASession. THIS error should not occur any more."); - } - } - - Pair<String, String> baseIDFromSZR = getbaseIDFromSZR(authData, notValidbPK, notValidbPKType); - if (baseIDFromSZR != null) { - Logger.info("Receive citizen baseID from SRZ. Authentication can be completed"); - authData.setIdentificationValue(baseIDFromSZR.getFirst()); - authData.setIdentificationType(baseIDFromSZR.getSecond()); - Pair<String, String> result = buildOAspecificbPK(protocolRequest, oaParam, authData); - authData.setBPK(result.getFirst()); - authData.setBPKType(result.getSecond()); - - } else { - Logger.warn("Can not build authData, because moaSession include no valid bPK, encrypted bPK or baseID"); - throw new MOAIDException("builder.08", new Object[]{"No valid " + PVPConstants.BPK_FRIENDLY_NAME - + " or " + PVPConstants.EID_SOURCE_PIN_FRIENDLY_NAME - + " or " + PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME}); - - } - } - - //build IdentityLink - if (identityLink != null) - authData.setIdentityLink(buildOAspecificIdentityLink(oaParam, identityLink, authData.getBPK(), authData.getBPKType())); - else if (idlFromPVPAttr != null) { - authData.setIdentityLink(buildOAspecificIdentityLink(oaParam, idlFromPVPAttr, authData.getBPK(), authData.getBPKType())); - Logger.debug("Set IdentityLink received from federated IDP"); - } else { - Logger.info("Can NOT set IdentityLink. Msg: No IdentityLink found"); - - } - } - + } //################################################################### //set PVP role attribute (implemented for ISA 1.18 action) @@ -786,6 +515,9 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } + //build foreign bPKs + generateForeignbPK(authData, oaParam.foreignbPKSectorsRequested()); + //#################################################################### //copy all generic authentication information, which are not processed before to authData Iterator<String> copyInterator = includedToGenericAuthData.iterator(); @@ -794,13 +526,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { try { authData.setGenericData(elementKey, session.getGenericDataFromSession(elementKey)); - } catch (SessionDataStorageException e) { + } catch (EAAFStorageException e) { Logger.warn("Can not add generic authData with key:" + elementKey, e); } } - } catch (BuildException e) { + } catch (EAAFBuilderException e) { throw e; } catch (Throwable ex) { @@ -809,38 +541,6 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } } - - /** - * Check a bPK-Type against a Service-Provider configuration <br> - * If bPK-Type is <code>null</code> the result is <code>false</code>. - * - * @param oaParam Service-Provider configuration, never null - * @param bPKType bPK-Type to check - * @return true, if bPK-Type matchs to Service-Provider configuration, otherwise false - * @throws ConfigurationException - */ - private boolean matchsReceivedbPKToOnlineApplication(IOAAuthParameters oaParam, String bPKType) throws ConfigurationException { - return oaParam.getAreaSpecificTargetIdentifier().equals(bPKType); - - } - - private void parseBasicUserInfosFromIDL(AuthenticationData authData, IIdentityLink identityLink, Collection<String> includedGenericSessionData) { - //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO - authData.setIdentificationValue(identityLink.getIdentificationValue()); - authData.setIdentificationType(identityLink.getIdentificationType()); - - authData.setGivenName(identityLink.getGivenName()); - authData.setFamilyName(identityLink.getFamilyName()); - authData.setDateOfBirth(identityLink.getDateOfBirth()); - - //remove corresponding keys from genericSessionData if exists - includedGenericSessionData.remove(PVPConstants.PRINCIPAL_NAME_NAME); - includedGenericSessionData.remove(PVPConstants.GIVEN_NAME_NAME); - includedGenericSessionData.remove(PVPConstants.BIRTHDATE_NAME); - includedGenericSessionData.remove(PVPConstants.EID_SOURCE_PIN_NAME); - includedGenericSessionData.remove(PVPConstants.EID_SOURCE_PIN_TYPE_NAME); - - } /** * @param authData @@ -848,7 +548,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { * @param notValidbPKType * @return */ - private Pair<String, String> getbaseIDFromSZR(AuthenticationData authData, String notValidbPK, + @Override + protected Pair<String, String> getbaseIDFromSZR(AuthenticationData authData, String notValidbPK, String notValidbPKType) { try { EgovUtilPropertiesConfiguration eGovClientsConfig = authConfig.geteGovUtilsConfig(); @@ -903,7 +604,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { * MOASession as 'GenericData' <br> <pre><code>session.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class)</code></pre> * to <code>authData</code> * - * @param session MOASession, but never null + * @param authProcessDataContainer MOASession, but never null * @param authData AuthenticationData DAO * @param spConfig Service-Provider configuration * @@ -911,194 +612,123 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { * or <code>null</code> if no attribute exists or can not decrypted * @throws ConfigurationException */ - private Pair<String, String> getEncryptedbPKFromPVPAttribute(IAuthenticationSession session, - AuthenticationData authData, IOAAuthParameters spConfig) throws ConfigurationException { - //set List of encrypted bPKs to authData DAO - String pvpEncbPKListAttr = session.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class); - if (MiscUtil.isNotEmpty(pvpEncbPKListAttr)) { - List<String> encbPKList = Arrays.asList(pvpEncbPKListAttr.split(";")); - authData.setEncbPKList(encbPKList); - - //check if one of this encrypted bPK could be decrypt for this Service-Provider - for (String fullEncbPK : encbPKList) { - int index = fullEncbPK.indexOf("|"); - if (index >= 0) { - String encbPK = fullEncbPK.substring(index+1); - String second = fullEncbPK.substring(0, index); - int secIndex = second.indexOf("+"); - if (secIndex >= 0) { - String oaTargetId = spConfig.getAreaSpecificTargetIdentifier(); - if (oaTargetId.startsWith(MOAIDAuthConstants.PREFIX_CDID)) { - String publicServiceShortTarget = oaTargetId.substring(MOAIDAuthConstants.PREFIX_CDID.length()); - if (publicServiceShortTarget.equals(second.substring(secIndex+1))) { - Logger.debug("Found encrypted bPK for online-application " - + spConfig.getPublicURLPrefix() - + " Start decryption process ..."); - PrivateKey privKey = spConfig.getBPKDecBpkDecryptionKey(); - if (privKey != null) { - try { - String bPK = BPKBuilder.decryptBPK(encbPK, publicServiceShortTarget, privKey); - if (MiscUtil.isNotEmpty(bPK)) { - Logger.info("bPK decryption process finished successfully."); - return Pair.newInstance(bPK, oaTargetId); - - } else { - Logger.error("bPK decryption FAILED."); - + @Override + protected Pair<String, String> getEncryptedbPKFromPVPAttribute(IAuthProcessDataContainer authProcessDataContainer, + AuthenticationData authData, ISPConfiguration spConfig) throws EAAFBuilderException { + //set List of encrypted bPKs to authData DAO + if (authData instanceof MOAAuthenticationData && + spConfig instanceof IOAAuthParameters) { + + String pvpEncbPKListAttr = authProcessDataContainer.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class); + if (MiscUtil.isNotEmpty(pvpEncbPKListAttr)) { + List<String> encbPKList = Arrays.asList(pvpEncbPKListAttr.split(";")); + ((MOAAuthenticationData) authData).setEncbPKList(encbPKList); + + //check if one of this encrypted bPK could be decrypt for this Service-Provider + for (String fullEncbPK : encbPKList) { + int index = fullEncbPK.indexOf("|"); + if (index >= 0) { + String encbPK = fullEncbPK.substring(index+1); + String second = fullEncbPK.substring(0, index); + int secIndex = second.indexOf("+"); + if (secIndex >= 0) { + String oaTargetId = spConfig.getAreaSpecificTargetIdentifier(); + if (oaTargetId.startsWith(MOAIDAuthConstants.PREFIX_CDID)) { + String publicServiceShortTarget = oaTargetId.substring(MOAIDAuthConstants.PREFIX_CDID.length()); + if (publicServiceShortTarget.equals(second.substring(secIndex+1))) { + Logger.debug("Found encrypted bPK for online-application " + + spConfig.getUniqueIdentifier() + + " Start decryption process ..."); + PrivateKey privKey = ((IOAAuthParameters) spConfig).getBPKDecBpkDecryptionKey(); + if (privKey != null) { + try { + String bPK = BPKBuilder.decryptBPK(encbPK, publicServiceShortTarget, privKey); + if (MiscUtil.isNotEmpty(bPK)) { + Logger.info("bPK decryption process finished successfully."); + return Pair.newInstance(bPK, oaTargetId); + + } else { + Logger.error("bPK decryption FAILED."); + + } + } catch (EAAFBuilderException e) { + Logger.error("bPK decryption FAILED.", e); + } - } catch (BuildException e) { - Logger.error("bPK decryption FAILED.", e); - } + } else { + Logger.info("bPK decryption FAILED, because no valid decryption key is found."); + + } } else { - Logger.info("bPK decryption FAILED, because no valid decryption key is found."); + Logger.info("Found encrypted bPK but " + + "encrypted bPK target does not match to online-application target"); - } + } } else { - Logger.info("Found encrypted bPK but " + - "encrypted bPK target does not match to online-application target"); + Logger.info("Encrypted bPKs are only allowed for public services with prefix: " + MOAIDAuthConstants.PREFIX_CDID + + " BUT oaTarget is " + oaTargetId); } - - } else { - Logger.info("Encrypted bPKs are only allowed for public services with prefix: " + MOAIDAuthConstants.PREFIX_CDID - + " BUT oaTarget is " + oaTargetId); - - } - } - } - } - } - - return null; - } - - /** - * Get bPK from PVP Attribute 'BPK_NAME', which could be exist in - * MOASession as 'GenericData' <br> <pre><code>session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class)</code></pre> - * - * @param session MOASession, but never null - * @return bPK, which was received by PVP-Attribute, or <code>null</code> if no attribute exists - */ - private String getbPKValueFromPVPAttribute(IAuthenticationSession session) { - String pvpbPKValueAttr = session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class); - if (MiscUtil.isNotEmpty(pvpbPKValueAttr)) { - - //fix a wrong bPK-value prefix, which was used in some PVP Standardportal implementations - if (pvpbPKValueAttr.startsWith("bPK:")) { - Logger.warn("Attribute " + PVPConstants.BPK_NAME - + " contains a not standardize prefix! Staring attribute value correction process ..."); - pvpbPKValueAttr = pvpbPKValueAttr.substring("bPK:".length()); - - } - - String[] spitted = pvpbPKValueAttr.split(":"); - if (spitted.length != 2) { - Logger.warn("Attribute " + PVPConstants.BPK_NAME + " has a wrong encoding and can NOT be USED!" - + " Value:" + pvpbPKValueAttr); - return null; - + } + } + } } - Logger.debug("Find PVP-Attr: " + PVPConstants.BPK_FRIENDLY_NAME); - return spitted[1]; - } + } else + Logger.warn("AuthData: " + authData.getClass().getName() + " or spConfig: " + spConfig.getClass().getName() + + " are not MOAID data-objects"); return null; } - /** - * Get bPK-Type from PVP Attribute 'EID_SECTOR_FOR_IDENTIFIER_NAME', which could be exist in - * MOASession as 'GenericData' <br> <pre><code>session.getGenericDataFromSession(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class)</code></pre> - * - * @param session MOASession, but never null - * @return bPKType, which was received by PVP-Attribute, or <code>null</code> if no attribute exists - */ - private String getbPKTypeFromPVPAttribute(IAuthenticationSession session) { - String pvpbPKTypeAttr = session.getGenericDataFromSession(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class); - if (MiscUtil.isNotEmpty(pvpbPKTypeAttr)) { - - //fix a wrong bPK-Type encoding, which was used in some PVP Standardportal implementations - if (pvpbPKTypeAttr.startsWith(Constants.URN_PREFIX_CDID) && - !pvpbPKTypeAttr.substring(Constants.URN_PREFIX_CDID.length(), - Constants.URN_PREFIX_CDID.length() + 1).equals("+")) { - Logger.warn("Receive uncorrect encoded bBKType attribute " + pvpbPKTypeAttr + " Starting attribute value correction ... "); - pvpbPKTypeAttr = Constants.URN_PREFIX_CDID + "+" + pvpbPKTypeAttr.substring(Constants.URN_PREFIX_CDID.length() + 1); - - } - Logger.debug("Find PVP-Attr: " + PVPConstants.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME); - return pvpbPKTypeAttr; - } - - return null; - - - /* - * INFO: This code could be used to extract the bPKType from 'PVPConstants.BPK_NAME', - * because the prefix of BPK_NAME attribute contains the postfix of the bPKType - * - * Now, all PVP Standardportals should be able to send 'EID_SECTOR_FOR_IDENTIFIER' - * PVP attributes - */ -// String pvpbPKValueAttr = session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class); -// String[] spitted = pvpbPKValueAttr.split(":"); -// if (MiscUtil.isEmpty(authData.getBPKType())) { -// Logger.debug("PVP assertion contains NO bPK/wbPK target attribute. " + -// "Starting target extraction from bPK/wbPK prefix ..."); -// //exract bPK/wbPK type from bpk attribute value prefix if type is -// //not transmitted as single attribute -// Pattern pattern = Pattern.compile("[a-zA-Z]{2}(-[a-zA-Z]+)?"); -// Matcher matcher = pattern.matcher(spitted[0]); -// if (matcher.matches()) { -// //find public service bPK -// authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + spitted[0]); -// Logger.debug("Found bPK prefix. Set target to " + authData.getBPKType()); -// -// } else { -// //find business service wbPK -// authData.setBPKType(Constants.URN_PREFIX_WBPK+ "+" + spitted[0]); -// Logger.debug("Found wbPK prefix. Set target to " + authData.getBPKType()); -// -// } -// } - - } + @Override + protected IIdentityLink buildOAspecificIdentityLink(ISPConfiguration spConfig, IIdentityLink idl, String bPK, String bPKType) throws EAAFConfigurationException, XPathException, DOMException, EAAFParserException { + if (spConfig.hasBaseIdTransferRestriction()) { + try { + Element idlassertion = idl.getSamlAssertion(); + + //set bpk/wpbk; + Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + prIdentification.getFirstChild().setNodeValue(bPK); - private IIdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IIdentityLink idl, String bPK, String bPKType) throws MOAIDException { - if (oaParam.hasBaseIdTransferRestriction()) { - Element idlassertion = idl.getSamlAssertion(); - //set bpk/wpbk; - Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); - prIdentification.getFirstChild().setNodeValue(bPK); - //set bkp/wpbk type - Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); - prIdentificationType.getFirstChild().setNodeValue(bPKType); + //set bkp/wpbk type + Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); + prIdentificationType.getFirstChild().setNodeValue(bPKType); - IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); - IIdentityLink businessServiceIdl = idlparser.parseIdentityLink(); + IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); + IIdentityLink businessServiceIdl = idlparser.parseIdentityLink(); - //resign IDL - IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); - Element resignedilAssertion; - - if (authConfig.isIdentityLinkResigning()) { - resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), authConfig.getIdentityLinkResigningKey()); - } else { - resignedilAssertion = businessServiceIdl.getSamlAssertion(); + //resign IDL + IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); + Element resignedilAssertion; + + if (authConfig.isIdentityLinkResigning()) { + resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), authConfig.getIdentityLinkResigningKey()); + } else { + resignedilAssertion = businessServiceIdl.getSamlAssertion(); + } + + IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion); + return resignedIDLParser.parseIdentityLink(); + + } catch (MOAIDException e) { + Logger.warn("Can not build OA specific IDL. Reason: " + e.getMessage(), e); + throw new EAAFParserException("TODO", null, e); + } - IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion); - return resignedIDLParser.parseIdentityLink(); } else return idl; - - - } - - - private Pair<String, String> buildOAspecificbPK(IRequest pendingReq, IOAAuthParameters oaParam, AuthenticationData authData) throws BuildException, ConfigurationException { + + } + + + @Override + protected Pair<String, String> buildOAspecificbPK(IRequest pendingReq, AuthenticationData authData) throws EAAFBuilderException { + ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); String baseID = authData.getIdentificationValue(); String baseIDType = authData.getIdentificationType(); @@ -1140,4 +770,58 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } + private void generateForeignbPK(MOAAuthenticationData authData, List<String> foreignSectors) { + if (foreignSectors != null && !foreignSectors.isEmpty()) { + Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + for (String foreignSector : foreignSectors) { + Logger.trace("Process sector: " + foreignSector + " ... "); + if (encKeyMap.containsKey(foreignSector)) { + try { + String sector = null; + //splitt sector into VKZ and target + if (foreignSector.startsWith("wbpk")) { + Logger.trace("Find foreign private sector " + foreignSector); + sector = Constants.URN_PREFIX + ":" + foreignSector; + + } else { + String[] split = foreignSector.split("+"); + if (split.length != 2) { + Logger.warn("Foreign sector: " + foreignSector + " looks WRONG. IGNORE IT!"); + + } else { + Logger.trace("Find foreign public sector. VKZ: " + split[0] + " Target: " + split[1]); + sector = Constants.URN_PREFIX_CDID + "+" + split[1]; + + } + + } + + if (sector != null) { + Pair<String, String> bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier( + authData.getIdentificationValue(), + authData.getIdentificationType(), + sector); + String foreignbPK = BPKBuilder.encryptBPK(bpk.getFirst(), bpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey()); + authData.getEncbPKList().add("(" + foreignSector + "|" + foreignbPK + ")"); + Logger.debug("Foreign bPK for sector: " + foreignSector + " created."); + + } + + } catch (Exception e) { + Logger.warn("Foreign bPK generation FAILED for sector: " + foreignSector, e); + + } + + } else { + Logger.info("NO encryption cerfificate FOUND in configuration for sector: " + foreignSector); + Logger.info("Foreign bPK for sector: " + foreignSector + " is NOT possible"); + + } + } + + } else + Logger.debug("No foreign bPKs required for this service provider"); + + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java deleted file mode 100644 index a7f6e873f..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ /dev/null @@ -1,359 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.builder; - -import java.security.InvalidKeyException; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.text.SimpleDateFormat; -import java.util.Date; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; - -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.MiscUtil; - -/** - * Builder for the bPK, as defined in - * <code>"Ableitung f¨r die bereichsspezifische Personenkennzeichnung"</code> - * version <code>1.0.1</code> from <code>"reference.e-government.gv.at"</code>. - * - * @author Paul Schamberger - * @version $Id$ - */ -public class BPKBuilder { - - /** - * Calculates an area specific unique person-identifier from a baseID - * - * @param baseID baseId from user but never null - * @param targetIdentifier target identifier for area specific identifier calculation but never null - * @return Pair<unique person identifier for this target, targetArea> but never null - * @throws BuildException if some input data are not valid - */ - public Pair<String, String> generateAreaSpecificPersonIdentifier(String baseID, String targetIdentifier) throws BuildException{ - return generateAreaSpecificPersonIdentifier(baseID, Constants.URN_PREFIX_BASEID, targetIdentifier); - - } - - /** - * Calculates an area specific unique person-identifier from an unique identifier with a specific type - * - * @param baseID baseId from user but never null - * @param baseIdType Type of the baseID but never null - * @param targetIdentifier target identifier for area specific identifier calculation but never null - * @return Pair<unique person identifier for this target, targetArea> but never null - * @throws BuildException if some input data are not valid - */ - public Pair<String, String> generateAreaSpecificPersonIdentifier(String baseID, String baseIdType, String targetIdentifier) throws BuildException{ - if (MiscUtil.isEmpty(baseID)) - throw new BuildException("builder.00", new Object[]{"baseID is empty or null"}); - - if (MiscUtil.isEmpty(baseIdType)) - throw new BuildException("builder.00", new Object[]{"the type of baseID is empty or null"}); - - if (MiscUtil.isEmpty(targetIdentifier)) - throw new BuildException("builder.00", new Object[]{"OA specific target identifier is empty or null"}); - - if (baseIdType.equals(Constants.URN_PREFIX_BASEID)) { - Logger.trace("Find baseID. Starting unique identifier caluclation for this target"); - - if (targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_CDID) || - targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_WPBK) || - targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_STORK)) { - Logger.trace("Calculate bPK, wbPK, or STORK identifier for target: " + targetIdentifier); - return Pair.newInstance(calculatebPKwbPK(baseID + "+" + targetIdentifier), targetIdentifier); - - } else if (targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_EIDAS)) { - Logger.trace("Calculate eIDAS identifier for target: " + targetIdentifier); - String[] splittedTarget = targetIdentifier.split("\\+"); - String cititzenCountryCode = splittedTarget[1]; - String eIDASOutboundCountry = splittedTarget[2]; - - if (cititzenCountryCode.equalsIgnoreCase(eIDASOutboundCountry)) { - Logger.warn("Suspect configuration FOUND!!! CitizenCountry equals DestinationCountry"); - - } - return buildeIDASIdentifer(baseID, baseIdType, cititzenCountryCode, eIDASOutboundCountry); - - - } else - throw new BuildException("builder.00", - new Object[]{"Target identifier: " + targetIdentifier + " is NOT allowed or unknown"}); - - } else { - Logger.trace("BaseID is not of type " + Constants.URN_PREFIX_BASEID + ". Check type against requested target ..."); - if (baseIdType.equals(targetIdentifier)) { - Logger.debug("Unique identifier is already area specific. Is nothing todo"); - return Pair.newInstance(baseID, targetIdentifier); - - } else { - Logger.warn("Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier + " is required!"); - throw new BuildException("builder.00", - new Object[]{"Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier + " is required"}); - - } - } - } - - - /** - * Builds the storkeid from the given parameters. - * - * @param baseID baseID of the citizen - * @param baseIDType Type of the baseID - * @param sourceCountry CountryCode of that country, which build the eIDAs ID - * @param destinationCountry CountryCode of that country, which receives the eIDAs ID - * - * @return Pair<eIDAs, bPKType> in a BASE64 encoding - * @throws BuildException if an error occurs on building the wbPK - */ - private Pair<String, String> buildeIDASIdentifer(String baseID, String baseIDType, String sourceCountry, String destinationCountry) - throws BuildException { - String bPK = null; - String bPKType = null; - - // check if we have been called by public sector application - if (baseIDType.startsWith(Constants.URN_PREFIX_BASEID)) { - bPKType = Constants.URN_PREFIX_EIDAS + "+" + sourceCountry + "+" + destinationCountry; - Logger.debug("Building eIDAS identification from: [identValue]+" + bPKType); - bPK = calculatebPKwbPK(baseID + "+" + bPKType); - - } else { // if not, sector identification value is already calculated by BKU - Logger.debug("eIDAS eIdentifier already provided by BKU"); - bPK = baseID; - } - - if ((MiscUtil.isEmpty(bPK) || - MiscUtil.isEmpty(sourceCountry) || - MiscUtil.isEmpty(destinationCountry))) { - throw new BuildException("builder.00", - new Object[]{"eIDAS-ID", "Unvollständige Parameterangaben: identificationValue=" + - bPK + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry}); - } - - Logger.debug("Building eIDAS identification from: " + sourceCountry+"/"+destinationCountry+"/" + "[identValue]"); - String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bPK; - - return Pair.newInstance(eIdentifier, bPKType); - } - -// /** -// * Builds the bPK from the given parameters. -// * -// * @param identificationValue Base64 encoded "Stammzahl" -// * @param target "Bereich lt. Verordnung des BKA" -// * @return bPK in a BASE64 encoding -// * @throws BuildException if an error occurs on building the bPK -// */ -// private String buildBPK(String identificationValue, String target) -// throws BuildException { -// -// if ((identificationValue == null || -// identificationValue.length() == 0 || -// target == null || -// target.length() == 0)) { -// throw new BuildException("builder.00", -// new Object[]{"BPK", "Unvollständige Parameterangaben: identificationValue=" + -// identificationValue + ",target=" + target}); -// } -// String basisbegriff; -// if (target.startsWith(Constants.URN_PREFIX_CDID + "+")) -// basisbegriff = identificationValue + "+" + target; -// else -// basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; -// -// return calculatebPKwbPK(basisbegriff); -// } -// -// /** -// * Builds the wbPK from the given parameters. -// * -// * @param identificationValue Base64 encoded "Stammzahl" -// * @param registerAndOrdNr type of register + "+" + number in register. -// * @return wbPK in a BASE64 encoding -// * @throws BuildException if an error occurs on building the wbPK -// */ -// private String buildWBPK(String identificationValue, String registerAndOrdNr) -// throws BuildException { -// -// if ((identificationValue == null || -// identificationValue.length() == 0 || -// registerAndOrdNr == null || -// registerAndOrdNr.length() == 0)) { -// throw new BuildException("builder.00", -// new Object[]{"wbPK", "Unvollständige Parameterangaben: identificationValue=" + -// identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); -// } -// -// String basisbegriff; -// if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+")) -// basisbegriff = identificationValue + "+" + registerAndOrdNr; -// else -// basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; -// -// return calculatebPKwbPK(basisbegriff); -// } -// -// private String buildbPKorwbPK(String baseID, String bPKorwbPKTarget) throws BuildException { -// if (MiscUtil.isEmpty(baseID) || -// !(bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_CDID + "+") || -// bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_WBPK + "+") || -// bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_STORK + "+")) ) { -// throw new BuildException("builder.00", -// new Object[]{"bPK/wbPK", "bPK or wbPK target " + bPKorwbPKTarget -// + " has an unkown prefix."}); -// -// } -// -// return calculatebPKwbPK(baseID + "+" + bPKorwbPKTarget); -// -// } - - public static String encryptBPK(String bpk, String target, PublicKey publicKey) throws BuildException { - MiscUtil.assertNotNull(bpk, "BPK"); - MiscUtil.assertNotNull(publicKey, "publicKey"); - - SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss"); - if (target.startsWith(Constants.URN_PREFIX_CDID + "+")) - target = target.substring((Constants.URN_PREFIX_CDID + "+").length()); - - String input = "V1::urn:publicid:gv.at:cdid+" + target + "::" - + bpk + "::" - + sdf.format(new Date()); - System.out.println(input); - byte[] result; - try { - byte[] inputBytes = input.getBytes("ISO-8859-1"); - result = encrypt(inputBytes, publicKey); - return new String(Base64Utils.encode(result, "ISO-8859-1")).replaceAll("\r\n", ""); - - } catch (Exception e) { - throw new BuildException("bPK encryption FAILED", null, e); - } - } - - public static String decryptBPK(String encryptedBpk, String target, PrivateKey privateKey) throws BuildException { - MiscUtil.assertNotEmpty(encryptedBpk, "Encrypted BPK"); - MiscUtil.assertNotNull(privateKey, "Private key"); - String decryptedString; - try { - byte[] encryptedBytes = Base64Utils.decode(encryptedBpk, false, "ISO-8859-1"); - byte[] decryptedBytes = decrypt(encryptedBytes, privateKey); - decryptedString = new String(decryptedBytes, "ISO-8859-1"); - - } catch (Exception e) { - throw new BuildException("bPK decryption FAILED", null, e); - } - String tmp = decryptedString.substring(decryptedString.indexOf('+') + 1); - String sector = tmp.substring(0, tmp.indexOf("::")); - tmp = tmp.substring(tmp.indexOf("::") + 2); - String bPK = tmp.substring(0, tmp.indexOf("::")); - - if (target.startsWith(Constants.URN_PREFIX_CDID + "+")) - target = target.substring((Constants.URN_PREFIX_CDID + "+").length()); - - if (target.equals(sector)) - return bPK; - - else { - Logger.error("Decrypted bPK does not match to request bPK target."); - return null; - } - } - - private String calculatebPKwbPK(String basisbegriff) throws BuildException { - try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); - String hashBase64 = Base64Utils.encode(hash); - return hashBase64; - - } catch (Exception ex) { - throw new BuildException("builder.00", new Object[]{"bPK/wbPK", ex.toString()}, ex); - } - - } - - private static byte[] encrypt(byte[] inputBytes, PublicKey publicKey) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { - byte[] result; - Cipher cipher = null; - try { - cipher = Cipher.getInstance("RSA/ECB/OAEPPadding"); // try with bouncycastle - } catch(NoSuchAlgorithmException e) { - cipher = Cipher.getInstance("RSA/ECB/OAEP"); // try with iaik provider - } - cipher.init(Cipher.ENCRYPT_MODE, publicKey); - result = cipher.doFinal(inputBytes); - - return result; - } - - private static byte[] decrypt(byte[] encryptedBytes, PrivateKey privateKey) - throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException{ - byte[] result; - Cipher cipher = null; - try { - cipher = Cipher.getInstance("RSA/ECB/OAEPPadding"); // try with bouncycastle - } catch(NoSuchAlgorithmException e) { - cipher = Cipher.getInstance("RSA/ECB/OAEP"); // try with iaik provider - } - cipher.init(Cipher.DECRYPT_MODE, privateKey); - result = cipher.doFinal(encryptedBytes); - return result; - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index 4c4af4239..399ecc022 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -50,11 +50,12 @@ import java.text.MessageFormat; import java.util.Calendar; import java.util.List; +import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.MiscUtil; @@ -185,12 +186,12 @@ public class CreateXMLSignatureRequestBuilder implements Constants { } public static String buildForeignIDTextToBeSigned(String subject, IRequest pendingReq) throws ConfigurationException { - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class); String target = null; String sectorName = null; - String saml1Target = pendingReq.getGenericData( + String saml1Target = pendingReq.getRawData( MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class); if (MiscUtil.isNotEmpty(saml1Target)) { target = saml1Target; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java deleted file mode 100644 index c78361eda..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java +++ /dev/null @@ -1,109 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.builder; - -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; - -/** - * Builds a DataURL parameter meant for the security layer implementation - * to respond to. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class DataURLBuilder { - - /** - * Constructor for DataURLBuilder. - */ - public DataURLBuilder() { - super(); - } - - /** - * Constructs a data URL for <code>VerifyIdentityLink</code> or <code>VerifyAuthenticationBlock</code>, - * including the <code>MOASessionID</code> as a parameter. - * - * @param authBaseURL base URL (context path) of the MOA ID Authentication component, - * including a trailing <code>'/'</code> - * @param authServletName request part of the data URL - * @param sessionID sessionID to be included in the dataURL - * @return String - */ - public String buildDataURL(String authBaseURL, String authServletName, String sessionID) { - String dataURL; - if (!authBaseURL.endsWith("/")) - authBaseURL += "/"; - - if (authServletName.startsWith("/")) - authServletName = authServletName.substring(1); - - dataURL = authBaseURL + authServletName; - - dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, sessionID); - return dataURL; - } - - /** - * Method addParameter. - * @param urlString represents the url - * @param paramname is the parameter to be added - * @param value is the value of that parameter - * @return String - */ - private String addParameter(String urlString, String paramname, String value) { - String url = urlString; - if (paramname != null) { - if (url.indexOf("?") < 0) - url += "?"; - else - url += "&"; - url += paramname + "=" + value; - } - return url; - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java index fc5489673..e600505a2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java @@ -27,12 +27,12 @@ import java.util.List; import org.opensaml.saml2.core.Attribute; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -50,7 +50,7 @@ public class DynamicOAAuthParameterBuilder { for (Attribute attr : reqAttributes) { //get Target or BusinessService from request - if (attr.getName().equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) { + if (attr.getName().equals(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) { String attrValue = attr.getAttributeValues().get(0).getDOM().getTextContent(); if (attrValue.startsWith(Constants.URN_PREFIX_CDID)) { //dynamicOA.setBusinessService(false); @@ -88,7 +88,6 @@ public class DynamicOAAuthParameterBuilder { DynamicOAAuthParameters dynOAParams = new DynamicOAAuthParameters(); dynOAParams.setApplicationID(oaParam.getPublicURLPrefix()); - dynOAParams.setHasBaseIdProcessingRestriction(oaParam.hasBaseIdInternalProcessingRestriction()); dynOAParams.setHasBaseIdTransfergRestriction(oaParam.hasBaseIdTransferRestriction()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java new file mode 100644 index 000000000..3dfba9cca --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java @@ -0,0 +1,115 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.stereotype.Service; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.modules.pvp2.PVPConstants; +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; +import at.gv.egiz.eaaf.modules.pvp2.idp.api.builder.ISubjectNameIdGenerator; +import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +@Service("MOASAML2SubjectNameIDGenerator") +public class MOAIDSubjectNameIdGenerator implements ISubjectNameIdGenerator { + + @Override + public Pair<String, String> generateSubjectNameId(IAuthData authData, ISPConfiguration spConfig) throws PVP2Exception { + //build nameID and nameID Format from moasessio + if (authData instanceof IMOAAuthData && + ((IMOAAuthData)authData).isUseMandate()) { + String bpktype = null; + String bpk = null; + + Element mandate = ((IMOAAuthData)authData).getMandate(); + if(mandate != null) { + Logger.debug("Read mandator bPK|baseID from full-mandate ... "); + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); + PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson(); + + IdentificationType id; + if(corporation != null && corporation.getIdentification().size() > 0) + id = corporation.getIdentification().get(0); + + + else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0) + id = pysicalperson.getIdentification().get(0); + + else { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + + bpktype = id.getType(); + bpk = id.getValue().getValue(); + + } else { + Logger.debug("Read mandator bPK|baseID from PVP attributes ... "); + bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME, String.class); + bpktype = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, String.class); + + if (StringUtils.isEmpty(bpk)) { + //no sourcePin is included --> search for bPK + bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_BPK_NAME, String.class); + + try { + if (bpk.contains(":")) + bpk = bpk.split(":")[1]; + + } catch (Exception e) { + Logger.warn("Can not split bPK from mandator attribute!", e); + + } + + //set bPK-Type from configuration, because it MUST be equal to service-provider type + bpktype = spConfig.getAreaSpecificTargetIdentifier(); + + } else { + //sourcePin is include --> check sourcePinType + if (StringUtils.isEmpty(bpktype)) + bpktype = Constants.URN_PREFIX_BASEID; + + } + } + + if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(bpktype)) { + throw new NoMandateDataAvailableException(); + + } + + if (bpktype.equals(Constants.URN_PREFIX_BASEID)) { + try { + return new BPKBuilder().generateAreaSpecificPersonIdentifier(bpk, spConfig.getAreaSpecificTargetIdentifier()); + + } catch (EAAFBuilderException e) { + Logger.warn("Can NOT generate SubjectNameId." , e); + throw new ResponderErrorException("pvp2.01", null); + + } + + } else + return Pair.newInstance(bpk, bpktype); + + } else + return Pair.newInstance(authData.getBPK(), authData.getBPKType()); + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java index 9ca15c76f..27d983785 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java @@ -22,6 +22,8 @@ */ package at.gv.egovernment.moa.id.auth.builder; +import java.util.List; + import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; @@ -74,10 +76,15 @@ public class SignatureVerificationUtils { } } - public IVerifiyXMLSignatureResponse verify(byte[] signature, String trustProfileID) throws MOAIDException { + public IVerifiyXMLSignatureResponse verify(byte[] signature, String trustProfileID) throws MOAIDException { + return verify(signature, trustProfileID, null); + + } + + public IVerifiyXMLSignatureResponse verify(byte[] signature, String trustProfileID, List<String> verifyTransformsInfoProfileID) throws MOAIDException { try { //build signature-verification request - Element domVerifyXMLSignatureRequest = build(signature, trustProfileID); + Element domVerifyXMLSignatureRequest = build(signature, trustProfileID, verifyTransformsInfoProfileID); //send signature-verification to MOA-SP Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance() @@ -112,7 +119,7 @@ public class SignatureVerificationUtils { * * @throws ParseException */ - private Element build(byte[] signature, String trustProfileID) + private Element build(byte[] signature, String trustProfileID, List<String> verifyTransformsInfoProfileID) throws ParseException { try { @@ -153,6 +160,20 @@ public class SignatureVerificationUtils { requestElem_.appendChild(signatureManifestCheckParamsElem); signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false"); + //verify transformations + if (verifyTransformsInfoProfileID != null && !verifyTransformsInfoProfileID.isEmpty()) { + Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); + signatureManifestCheckParamsElem.appendChild(referenceInfoElem); + for (String element : verifyTransformsInfoProfileID) { + Element verifyTransformsInfoProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); + referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); + verifyTransformsInfoProfileIDElem.appendChild(requestDoc_.createTextNode(element)); + + } + } + + + //hashinput data Element returnHashInputDataElem = requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); requestElem_.appendChild(returnHashInputDataElem); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 94651915e..cadaec2a0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -40,18 +40,22 @@ import java.io.Serializable; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.util.ArrayList; +import java.util.Collections; import java.util.Date; +import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Map.Entry; import org.apache.commons.collections4.map.HashedMap; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; -import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; @@ -65,7 +69,7 @@ import iaik.x509.X509Certificate; * @author Thomas Lenz * */ -public class AuthenticationSession implements Serializable, IAuthenticationSession { +public class AuthenticationSession implements Serializable, IAuthenticationSession, AuthProzessDataConstants { /** * @@ -232,13 +236,17 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi */ @Override public X509Certificate getSignerCertificate() { - try { - return new X509Certificate(signerCertificate); - } - catch (CertificateException e) { - Logger.warn("Signer certificate can not be loaded from session database!", e); - return null; + if (signerCertificate != null && signerCertificate.length > 0) { + try { + return new X509Certificate(signerCertificate); + } + catch (CertificateException e) { + Logger.warn("Signer certificate can not be loaded from session database!", e); + + } } + + return null; } /* (non-Javadoc) @@ -274,7 +282,7 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID() */ @Override - public String getSessionID() { + public String getSSOSessionID() { return sessionID; } @@ -290,7 +298,7 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String) */ @Override - public void setSessionID(String sessionId) { + public void setSSOSessionID(String sessionId) { this.sessionID = sessionId; } @@ -615,17 +623,17 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object) */ @Override - public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException { + public void setGenericDataToSession(String key, Object object) throws EAAFStorageException { if (MiscUtil.isEmpty(key)) { Logger.warn("Generic session-data can not be stored with a 'null' key"); - throw new SessionDataStorageException("Generic session-data can not be stored with a 'null' key", null); + throw new EAAFStorageException("Generic session-data can not be stored with a 'null' key"); } if (object != null) { if (!Serializable.class.isInstance(object)) { Logger.warn("Generic session-data can only store objects which implements the 'Seralizable' interface"); - throw new SessionDataStorageException("Generic session-data can only store objects which implements the 'Seralizable' interface", null); + throw new EAAFStorageException("Generic session-data can only store objects which implements the 'Seralizable' interface"); } } @@ -636,5 +644,35 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi Logger.trace("Add generic session-data with key:" + key + " to session."); genericSessionDataStorate.put(key, object); + } + + @Override + public Map<String, Object> getKeyValueRepresentationFromAuthSession() { + Map<String, Object> result = new HashMap<String, Object>(); + result.put(FLAG_IS_AUTHENTICATED, isAuthenticated()); + + result.put(FLAG_IS_FOREIGNER, isForeigner()); + result.put(FLAG_IS_ORGANWALTER, isOW()); + result.put(FLAG_SAMLATTRIBUTEGEBEORWBPK, samlAttributeGebeORwbpk); + result.put(FLAG_USE_MANDATE, isMandateUsed()); + + result.put(VALUE_AUTHBLOCK, getAuthBlock()); + result.put(VALUE_AUTNBLOCKTOKKEN, getAuthBlockTokken()); + result.put(VALUE_BKUURL, getBkuURL()); + result.put(VALUE_EXTENTEDSAMLATTRAUTH, getExtendedSAMLAttributesAUTH()); + result.put(VALUE_EXTENTEDSAMLATTROA, getExtendedSAMLAttributesOA()); + result.put(VALUE_IDENTITYLINK, getIdentityLink()); + result.put(VALUE_ISSUEINSTANT, getIssueInstant()); + result.put(VALUE_MISMANDATE, getMISMandate()); + result.put(VALUE_MISREFVALUE, getMandateReferenceValue()); + result.put(VALUE_MISSESSIONID, getMISSessionID()); + result.put(VALUE_QAALEVEL, getQAALevel()); + result.put(VALUE_SIGNER_CERT, getSignerCertificate()); + result.put(VALUE_VERIFYSIGRESP, getXMLVerifySignatureResponse()); + + for (Entry<String, Object> el : genericSessionDataStorate.entrySet()) + result.put(GENERIC_PREFIX + el.getKey(), el.getValue()); + + return Collections.unmodifiableMap(result); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java index 5419e8ae0..aea6f26fb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java @@ -25,77 +25,36 @@ package at.gv.egovernment.moa.id.auth.data; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.util.ArrayList; -import java.util.Date; -import java.util.HashMap; +import java.util.Collections; import java.util.List; import java.util.Map; +import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; -import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; import iaik.x509.X509Certificate; /** * @author tlenz * */ -public class AuthenticationSessionWrapper implements IAuthenticationSession, AuthProzessDataConstants { +public class AuthenticationSessionWrapper extends AuthProcessDataWrapper implements IAuthenticationSession, AuthProzessDataConstants { - - private Map<String, Object> sessionData; /** * @param genericDataStorage */ public AuthenticationSessionWrapper(Map<String, Object> genericDataStorage) { - this.sessionData = genericDataStorage; - } - - private <T> T wrapStringObject(String key, Object defaultValue, Class<T> clazz) { - if (MiscUtil.isNotEmpty(key)) { - Object obj = sessionData.get(key); - if (obj != null && clazz.isInstance(obj)) - return (T) obj; - } + super(genericDataStorage); - if (defaultValue == null) - return null; - - else if (clazz.isInstance(defaultValue)) - return (T)defaultValue; - - else { - Logger.error("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName()); - throw new IllegalStateException("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName()); - - } } + - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isAuthenticated() - */ - @Override - public boolean isAuthenticated() { - return wrapStringObject(FLAG_IS_AUTHENTICATED, false, Boolean.class); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthenticated(boolean) - */ - @Override - public void setAuthenticated(boolean authenticated) { - sessionData.put(FLAG_IS_AUTHENTICATED, authenticated); - - } - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSignerCertificate() */ @@ -130,7 +89,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut @Override public void setSignerCertificate(X509Certificate signerCertificate) { try { - sessionData.put(VALUE_SIGNER_CERT, signerCertificate.getEncoded()); + authProcessData.put(VALUE_SIGNER_CERT, signerCertificate.getEncoded()); }catch (CertificateEncodingException e) { Logger.warn("Signer certificate can not be stored to session database!", e); @@ -139,38 +98,20 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut } /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIdentityLink() - */ - @Override - public IIdentityLink getIdentityLink() { - return wrapStringObject(VALUE_IDENTITYLINK, null, IIdentityLink.class); - - } - - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID() */ @Override - public String getSessionID() { - return wrapStringObject(VALUE_SESSIONID, null, String.class); + public String getSSOSessionID() { + return wrapStringObject(ISSOManager.AUTH_DATA_SSO_SESSIONID, null, String.class); } /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIdentityLink(at.gv.egovernment.moa.id.auth.data.IdentityLink) - */ - @Override - public void setIdentityLink(IIdentityLink identityLink) { - sessionData.put(VALUE_IDENTITYLINK, identityLink); - - } - - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String) */ @Override - public void setSessionID(String sessionId) { - sessionData.put(VALUE_SESSIONID, sessionId); + public void setSSOSessionID(String sessionId) { + authProcessData.put(ISSOManager.AUTH_DATA_SSO_SESSIONID, sessionId); } @@ -187,7 +128,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut */ @Override public void setBkuURL(String bkuURL) { - sessionData.put(VALUE_BKUURL, bkuURL); + authProcessData.put(VALUE_BKUURL, bkuURL); } @@ -204,7 +145,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut */ @Override public void setAuthBlock(String authBlock) { - sessionData.put(VALUE_AUTHBLOCK, authBlock); + authProcessData.put(VALUE_AUTHBLOCK, authBlock); } @@ -221,7 +162,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut */ @Override public void setExtendedSAMLAttributesAUTH(List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH) { - sessionData.put(VALUE_EXTENTEDSAMLATTRAUTH, extendedSAMLAttributesAUTH); + authProcessData.put(VALUE_EXTENTEDSAMLATTRAUTH, extendedSAMLAttributesAUTH); } @@ -238,7 +179,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut */ @Override public void setExtendedSAMLAttributesOA(List<ExtendedSAMLAttribute> extendedSAMLAttributesOA) { - sessionData.put(VALUE_EXTENTEDSAMLATTROA, extendedSAMLAttributesOA); + authProcessData.put(VALUE_EXTENTEDSAMLATTROA, extendedSAMLAttributesOA); } @@ -255,24 +196,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut */ @Override public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) { - sessionData.put(FLAG_SAMLATTRIBUTEGEBEORWBPK, samlAttributeGebeORwbpk); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant() - */ - @Override - public String getIssueInstant() { - return wrapStringObject(VALUE_ISSUEINSTANT, null, String.class); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIssueInstant(java.lang.String) - */ - @Override - public void setIssueInstant(String issueInstant) { - sessionData.put(VALUE_ISSUEINSTANT, issueInstant); + authProcessData.put(FLAG_SAMLATTRIBUTEGEBEORWBPK, samlAttributeGebeORwbpk); } @@ -289,28 +213,11 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut } /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandates(boolean) - */ - @Override - public void setUseMandates(boolean useMandates) { - sessionData.put(FLAG_USE_MANDATE, useMandates); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isMandateUsed() - */ - @Override - public boolean isMandateUsed() { - return wrapStringObject(FLAG_USE_MANDATE, false, Boolean.class); - } - - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISSessionID(java.lang.String) */ @Override public void setMISSessionID(String misSessionID) { - sessionData.put(VALUE_MISSESSIONID, misSessionID); + authProcessData.put(VALUE_MISSESSIONID, misSessionID); } @@ -335,24 +242,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut */ @Override public void setMandateReferenceValue(String mandateReferenceValue) { - sessionData.put(VALUE_MISREFVALUE, mandateReferenceValue); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isForeigner() - */ - @Override - public boolean isForeigner() { - return wrapStringObject(FLAG_IS_FOREIGNER, false, Boolean.class); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setForeigner(boolean) - */ - @Override - public void setForeigner(boolean isForeigner) { - sessionData.put(FLAG_IS_FOREIGNER, isForeigner); + authProcessData.put(VALUE_MISREFVALUE, mandateReferenceValue); } @@ -369,7 +259,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut */ @Override public void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse) { - sessionData.put(VALUE_VERIFYSIGRESP, xMLVerifySignatureResponse); + authProcessData.put(VALUE_VERIFYSIGRESP, xMLVerifySignatureResponse); } @@ -386,27 +276,10 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut */ @Override public void setMISMandate(IMISMandate mandate) { - sessionData.put(VALUE_MISMANDATE, mandate); + authProcessData.put(VALUE_MISMANDATE, mandate); } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isOW() - */ - @Override - public boolean isOW() { - return wrapStringObject(FLAG_IS_ORGANWALTER, false, Boolean.class); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setOW(boolean) - */ - @Override - public void setOW(boolean isOW) { - sessionData.put(FLAG_IS_ORGANWALTER, isOW); - - } - + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlockTokken() */ @@ -420,73 +293,14 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut */ @Override public void setAuthBlockTokken(String authBlockTokken) { - sessionData.put(VALUE_AUTNBLOCKTOKKEN, authBlockTokken); - - } + authProcessData.put(VALUE_AUTNBLOCKTOKKEN, authBlockTokken); - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getQAALevel() - */ - @Override - public String getQAALevel() { - return wrapStringObject(VALUE_QAALEVEL, null, String.class); } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setQAALevel(java.lang.String) - */ @Override - public void setQAALevel(String qAALevel) { - sessionData.put(VALUE_QAALEVEL, qAALevel); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionCreated() - */ - @Override - public Date getSessionCreated() { - return wrapStringObject(VALUE_CREATED, null, Date.class); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericSessionDataStorage() - */ - @Override - public Map<String, Object> getGenericSessionDataStorage() { - Map<String, Object> result = new HashMap<String, Object>(); - for (String el : sessionData.keySet()) { - if (el.startsWith(GENERIC_PREFIX)) - result.put(el.substring(GENERIC_PREFIX.length()), sessionData.get(el)); - - } + public Map<String, Object> getKeyValueRepresentationFromAuthSession() { + return Collections.unmodifiableMap(authProcessData); - return result; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String) - */ - @Override - public Object getGenericDataFromSession(String key) { - return sessionData.get(GENERIC_PREFIX + key); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String, java.lang.Class) - */ - @Override - public <T> T getGenericDataFromSession(String key, Class<T> clazz) { - return wrapStringObject(GENERIC_PREFIX + key, null, clazz); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object) - */ - @Override - public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException { - sessionData.put(GENERIC_PREFIX + key, object); - } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java deleted file mode 100644 index 2690bc2cc..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java +++ /dev/null @@ -1,312 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.data; - -import java.io.IOException; -import java.io.Serializable; -import java.security.PublicKey; - -import javax.xml.transform.TransformerException; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; -import at.gv.egovernment.moa.util.DOMUtils; - - -/** - * Data contained in an identity link issued by BMI, relevant to the MOA ID component. - * <br><code>"IdentityLink"</code> is the translation of <code>"Personenbindung"</code>. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class IdentityLink implements Serializable, IIdentityLink{ - - private static final long serialVersionUID = 1L; - - /** - * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>. - */ - private String identificationValue; - /** - * <code>"identificationType"</code> type of the identificationValue in the IdentityLink. - */ - private String identificationType; - /** - * first name - */ - private String givenName; - /** - * family name - */ - private String familyName; - - /** - * The name as (givenName + familyName) - */ - private String name; - /** - * date of birth - */ - private String dateOfBirth; - /** - * the original saml:Assertion-Element - */ - private Element samlAssertion; - /** - * the serializes saml:Assertion - */ - private String serializedSamlAssertion; - /** - * Element /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person - */ - private Element prPerson; - /** - * we need for each dsig:Reference Element all - * transformation elements - */ - private Element[] dsigReferenceTransforms; - - /** - * The issuing time of the identity link SAML assertion. - */ - private String issueInstant; - - /** - * we need all public keys stored in - * the identity link - */ - private PublicKey[] publicKey; - - /** - * Constructor for IdentityLink - */ - public IdentityLink() { - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDateOfBirth() - */ - @Override -public String getDateOfBirth() { - return dateOfBirth; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getFamilyName() - */ - @Override -public String getFamilyName() { - return familyName; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getGivenName() - */ - @Override -public String getGivenName() { - return givenName; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getName() - */ - @Override -public String getName() { - if (name == null) { - name = givenName + " " + familyName; - } - return name; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationValue() - */ - @Override -public String getIdentificationValue() { - return identificationValue; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationType() - */ - @Override - public String getIdentificationType() { - return identificationType; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDateOfBirth(java.lang.String) - */ - @Override -public void setDateOfBirth(String dateOfBirth) { - this.dateOfBirth = dateOfBirth; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setFamilyName(java.lang.String) - */ - @Override -public void setFamilyName(String familyName) { - this.familyName = familyName; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setGivenName(java.lang.String) - */ - @Override -public void setGivenName(String givenName) { - this.givenName = givenName; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationValue(java.lang.String) - */ - @Override -public void setIdentificationValue(String identificationValue) { - this.identificationValue = identificationValue; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationType(java.lang.String) - */ - @Override - public void setIdentificationType(String identificationType) { - this.identificationType = identificationType; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSamlAssertion() - */ - @Override -public Element getSamlAssertion() { - return samlAssertion; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSerializedSamlAssertion() - */ - @Override -public String getSerializedSamlAssertion() { - return serializedSamlAssertion; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setSamlAssertion(org.w3c.dom.Element) - */ - @Override -public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException { - this.samlAssertion = samlAssertion; - this.serializedSamlAssertion = DOMUtils.serializeNode(samlAssertion); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDsigReferenceTransforms() - */ - @Override -public Element[] getDsigReferenceTransforms() { - return dsigReferenceTransforms; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDsigReferenceTransforms(org.w3c.dom.Element[]) - */ - @Override -public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) { - this.dsigReferenceTransforms = dsigReferenceTransforms; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPublicKey() - */ - @Override -public PublicKey[] getPublicKey() { - return publicKey; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPublicKey(java.security.PublicKey[]) - */ - @Override -public void setPublicKey(PublicKey[] publicKey) { - this.publicKey = publicKey; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPrPerson() - */ - @Override -public Element getPrPerson() { - return prPerson; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPrPerson(org.w3c.dom.Element) - */ - @Override -public void setPrPerson(Element prPerson) { - this.prPerson = prPerson; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIssueInstant() - */ - @Override -public String getIssueInstant() { - return issueInstant; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIssueInstant(java.lang.String) - */ - @Override -public void setIssueInstant(String issueInstant) { - this.issueInstant = issueInstant; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java deleted file mode 100644 index c6b8a4b6e..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.exception; - -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; - -/** - * @author tlenz - * - */ -public class InvalidProtocolRequestException extends MOAIDException { - - /** - * - */ - private static final long serialVersionUID = -7866198705324084601L; - - /** - * @param messageId - * @param parameters - */ - public InvalidProtocolRequestException(String messageId, Object[] parameters) { - super(messageId, parameters); - } - - public InvalidProtocolRequestException(String messageId, Object[] parameters, Throwable e) { - super(messageId, parameters, e); - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java deleted file mode 100644 index 2d09384a3..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.exception; - -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; - -/** - * @author tlenz - * - */ -public class ProtocolNotActiveException extends MOAIDException { - - /** - * - */ - private static final long serialVersionUID = 1832697083163940710L; - - /** - * @param messageId - * @param parameters - */ - public ProtocolNotActiveException(String messageId, Object[] parameters) { - super(messageId, parameters); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java index d5ca89656..d2d39e9e6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java @@ -52,10 +52,7 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.exception.ServiceException; -import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.SignatureVerificationService; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; @@ -64,7 +61,6 @@ import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser; import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moaspss.logging.Logger; /** @@ -93,22 +89,22 @@ public class SignatureVerificationInvoker { } private SignatureVerificationInvoker() { - try { - AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance(); - ConnectionParameterInterface authConnParam = authConfigProvider.getMoaSpConnectionParameter(); +// try { +// AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance(); +// ConnectionParameterInterface authConnParam = authConfigProvider.getMoaSpConnectionParameter(); - if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) { - - - } else { +// if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) { +// +// +// } else { svs = SignatureVerificationService.getInstance(); - } +// } - } catch (ConfigurationException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } +// } catch (ConfigurationException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } } @@ -144,35 +140,34 @@ public class SignatureVerificationInvoker { protected Element doCall(QName serviceName, Element request) throws ServiceException { ConnectionParameterInterface authConnParam = null; try { - AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance(); - authConnParam = authConfigProvider.getMoaSpConnectionParameter(); - //If the ConnectionParameter do NOT exist, we try to get the api to work.... - if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) { - - throw new ServiceException("service.00", new Object[]{"MOA-SP connection via Web-Service is not allowed any more!!!!!!"}); -// Service service = ServiceFactory.newInstance().createService(serviceName); -// Call call = service.createCall(); -// SOAPBodyElement body = new SOAPBodyElement(request); -// SOAPBodyElement[] params = new SOAPBodyElement[] { body }; -// Vector responses; -// SOAPBodyElement response; +// AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance(); +// authConnParam = authConfigProvider.getMoaSpConnectionParameter(); +// //If the ConnectionParameter do NOT exist, we try to get the api to work.... +// if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) { // -// Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix()); -// call.setTargetEndpointAddress(authConnParam.getUrl()); -// responses = (Vector) call.invoke(serviceName, params); -// Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used -// response = (SOAPBodyElement) responses.get(0); -// return response.getAsDOM(); - } - else { - VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request); - +// throw new ServiceException("service.00", new Object[]{"MOA-SP connection via Web-Service is not allowed any more!!!!!!"}); +//// Service service = ServiceFactory.newInstance().createService(serviceName); +//// Call call = service.createCall(); +//// SOAPBodyElement body = new SOAPBodyElement(request); +//// SOAPBodyElement[] params = new SOAPBodyElement[] { body }; +//// Vector responses; +//// SOAPBodyElement response; +//// +//// Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix()); +//// call.setTargetEndpointAddress(authConnParam.getUrl()); +//// responses = (Vector) call.invoke(serviceName, params); +//// Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used +//// response = (SOAPBodyElement) responses.get(0); +//// return response.getAsDOM(); +// } +// else { + VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request); VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest); - Document result = new VerifyXMLSignatureResponseBuilder().build(vsresponse); - + Document result = new VerifyXMLSignatureResponseBuilder(true).build(vsresponse); + //Logger.setHierarchy("moa.id.auth"); return result.getDocumentElement(); - } +// } } catch (Exception ex) { if (authConnParam != null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java deleted file mode 100644 index ec6dbc951..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java +++ /dev/null @@ -1,229 +0,0 @@ -package at.gv.egovernment.moa.id.auth.modules;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.fileupload.FileItem;
-import org.apache.commons.fileupload.FileItemFactory;
-import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.fileupload.disk.DiskFileItemFactory;
-import org.apache.commons.fileupload.servlet.ServletFileUpload;
-import org.apache.commons.lang3.ArrayUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.moduls.IRequestStorage;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.springweb.MoaIdTask;
-import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Task based counterpart to {@link AuthServlet}, providing the same utility methods (error handling, parameter parsing
- * etc.).</p> The code has been taken from {@link AuthServlet}.
- */
-public abstract class AbstractAuthServletTask extends MoaIdTask {
-
- @Autowired protected IRequestStorage requestStoreage;
- //@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
- @Autowired protected MOAReversionLogger revisionsLogger;
- @Autowired protected AuthConfiguration authConfig;
-
- protected static final String ERROR_CODE_PARAM = "errorid";
-
- protected IRequest pendingReq = null;
- protected IAuthenticationSession moasession = null;
-
- public abstract void execute(ExecutionContext executionContext, HttpServletRequest request,
- HttpServletResponse response) throws TaskExecutionException;
-
-
- protected final IRequest internalExecute(IRequest pendingReq, ExecutionContext executionContext, HttpServletRequest request,
- HttpServletResponse response) throws TaskExecutionException {
- //set pending-request object
- this.pendingReq = pendingReq;
-
- //execute task specific action
- execute(executionContext, request, response);
-
- //return pending-request object
- return this.pendingReq;
- }
-
-
- /**
- * Default initialization loads the MOASession object from database
- *
- * @param req
- * @param executionContext
- * @throws MOAIDException
- * @throws MOADatabaseException
- */
- protected void defaultTaskInitialization(HttpServletRequest req, ExecutionContext executionContext) throws MOAIDException, MOADatabaseException {
- Logger.trace("Get MOASessionData object from pendingReq:" + pendingReq.getRequestID());
- moasession = pendingReq.getMOASession();
-
- }
-
- /**
- * Redirect the authentication process to protocol specific finalization endpoint.
- *
- * @param pendingReq Actually processed protocol specific authentication request
- * @param httpResp
- */
- protected void performRedirectToProtocolFinialization(IRequest pendingReq, HttpServletResponse httpResp) {
- performRedirectToItself(pendingReq, httpResp, AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT);
-
- }
-
- /**
- * Redirect the authentication process to MOA-ID-Auth itself
- *
- * @param pendingReq Actually processed protocol specific authentication request
- * @param httpResp
- * @param moaIDEndPoint Servlet EndPoint that should receive the redirect
- */
- protected void performRedirectToItself(IRequest pendingReq, HttpServletResponse httpResp, String moaIDEndPoint) {
- String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(),
- moaIDEndPoint, pendingReq.getRequestID());
-
- httpResp.setContentType("text/html");
- httpResp.setStatus(302);
- httpResp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
-
- }
-
-
- /**
- * Parses the request input stream for parameters, assuming parameters are
- * encoded UTF-8 (no standard exists how browsers should encode them).
- *
- * @param req
- * servlet request
- *
- * @return mapping parameter name -> value
- *
- * @throws IOException
- * if parsing request parameters fails.
- *
- * @throws FileUploadException
- * if parsing request parameters fails.
- */
- protected Map<String, String> getParameters(HttpServletRequest req) throws IOException,
- FileUploadException {
-
- Map<String, String> parameters = new HashMap<String, String>();
-
- if (ServletFileUpload.isMultipartContent(req)) {
- // request is encoded as mulitpart/form-data
- FileItemFactory factory = new DiskFileItemFactory();
- ServletFileUpload upload = null;
- upload = new ServletFileUpload(factory);
- List items = null;
- items = upload.parseRequest(req);
- for (int i = 0; i < items.size(); i++) {
- FileItem item = (FileItem) items.get(i);
- if (item.isFormField()) {
- // Process only form fields - no file upload items
- String logString = item.getString("UTF-8");
-
- // TODO use RegExp
- String startS = "<pr:Identification><pr:Value>";
- String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";
- String logWithMaskedBaseid = logString;
- int start = logString.indexOf(startS);
- if (start > -1) {
- int end = logString.indexOf(endS);
- if (end > -1) {
- logWithMaskedBaseid = logString.substring(0, start);
- logWithMaskedBaseid += startS;
- logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx";
- logWithMaskedBaseid += logString.substring(end,
- logString.length());
- }
- }
- parameters
- .put(item.getFieldName(), item.getString("UTF-8"));
- Logger.debug("Processed multipart/form-data request parameter: \nName: "
- + item.getFieldName()
- + "\nValue: "
- + logWithMaskedBaseid);
- }
- }
- }
-
- else {
- Iterator<Entry<String, String[]>> requestParamIt = req.getParameterMap().entrySet().iterator();
- while (requestParamIt.hasNext()) {
- Entry<String, String[]> entry = requestParamIt.next();
- String key = entry.getKey();
- String[] values = entry.getValue();
- // take the last value from the value array since the legacy code above also does it this way
- parameters.put(key, ArrayUtils.isEmpty(values) ? null : values[values.length-1]);
- }
-
- }
-
- return parameters;
- }
-
- /**
- * Reads bytes up to a delimiter, consuming the delimiter.
- *
- * @param in
- * input stream
- * @param delimiter
- * delimiter character
- * @return String constructed from the read bytes
- * @throws IOException
- */
- protected String readBytesUpTo(InputStream in, char delimiter)
- throws IOException {
- ByteArrayOutputStream bout = new ByteArrayOutputStream();
- boolean done = false;
- int b;
- while (!done && (b = in.read()) >= 0) {
- if (b == delimiter)
- done = true;
- else
- bout.write(b);
- }
- return bout.toString();
- }
-
- /**
- * Adds a parameter to a URL.
- *
- * @param url
- * the URL
- * @param paramname
- * parameter name
- * @param paramvalue
- * parameter value
- * @return the URL with parameter added
- */
- protected static String addURLParameter(String url, String paramname,
- String paramvalue) {
- String param = paramname + "=" + paramvalue;
- if (url.indexOf("?") < 0)
- return url + "?" + param;
- else
- return url + "&" + param;
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java deleted file mode 100644 index 8983403d8..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java +++ /dev/null @@ -1,42 +0,0 @@ -package at.gv.egovernment.moa.id.auth.modules; - -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.process.model.ProcessDefinition; - -/** - * Provides metadata of a certain module. Uses for module discovery and process selection. - */ -public interface AuthModule { - - /** - * Returns the priority of the module. The priority defines the order of the respective module within the chain of - * discovered modules. Higher priorized modules are asked before lower priorized modules for a process that they can - * handle. - * <p/> - * Internal default modules are priorized neutral ({@code 0}. Use a higher priority ({@code 1...Integer.MAX_VALUE}) - * in order to have your module(s) priorized or a lower priority ({@code Integer.MIN_VALUE...-1}) in order to put - * your modules behind default modules. - * - * @return the priority of the module. - */ - int getPriority(); - - /** - * Selects a process (description), referenced by its unique id, which is able to perform authentication with the - * given {@link ExecutionContext}. Returns {@code null} if no appropriate process (description) was available within - * this module. - * - * @param context - * an ExecutionContext for a process. - * @return the process-ID of a process which is able to work with the given ExecutionContext, or {@code null}. - */ - String selectProcess(ExecutionContext context); - - /** - * Returns the an Array of {@link ProcessDefinition}s of the processes included in this module. - * - * @return an array of resource uris of the processes included in this module. - */ - String[] getProcessDefinitions(); - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java index 90795a416..48d652671 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java @@ -22,8 +22,9 @@ */ package at.gv.egovernment.moa.id.auth.modules; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; /** * @author tlenz diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java index d64126de6..b624e13ef 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java @@ -22,7 +22,8 @@ */ package at.gv.egovernment.moa.id.auth.modules; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; /** * @author tlenz diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java deleted file mode 100644 index 1128cbab3..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.modules; - -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.process.ProcessExecutionException; -import at.gv.egovernment.moa.util.MiscUtil; - -/** - * @author tlenz - * - */ -public class TaskExecutionException extends ProcessExecutionException { - - private static final long serialVersionUID = 1L; - Throwable originalException = null; - String pendingRequestID = null; - - /** - * @param message - * @param cause - */ - public TaskExecutionException(IRequest pendingReq, String message, Throwable cause) { - super(message, cause); - this.originalException = cause; - - if (MiscUtil.isNotEmpty(pendingReq.getRequestID())) - this.pendingRequestID = pendingReq.getRequestID(); - - } - - /** - * Get the original internal exception from task - * - * @return the originalException - */ - public Throwable getOriginalException() { - return originalException; - - } - - /** - * Get the pending-request ID of that request, which was processed when the exception occurs - * - * @return the pendingRequestID - */ - public String getPendingRequestID() { - return pendingRequestID; - } - - - - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java index 42789d01d..0336cb370 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java @@ -30,10 +30,11 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -56,7 +57,7 @@ public class EvaluateBKUSelectionTask extends AbstractAuthServletTask { while(reqParamNames.hasMoreElements()) { String paramName = reqParamNames.nextElement(); if (MiscUtil.isNotEmpty(paramName) && - !MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID.equalsIgnoreCase(paramName)) + !EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)) executionContext.put(paramName, StringEscapeUtils.escapeHtml(request.getParameter(paramName))); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java index 1c26ff5ec..375b144d7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java @@ -29,15 +29,15 @@ import org.apache.commons.lang.StringEscapeUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -78,13 +78,8 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { //defaultTaskInitialization(request, executionContext); //check SSO session cookie and MOASession object - String ssoId = ssoManager.getSSOSessionID(request); - boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq); - - //load MOA SSO-session from database - AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier()); - - if (!(isValidSSOSession && ssoMOSSession.isAuthenticated() )) { + String ssoId = ssoManager.getSSOSessionID(request); + if (!(ssoManager.isValidSSOSession(ssoId, pendingReq))) { Logger.info("Single Sign-On consents evaluator found NO valid SSO session. Stopping authentication process ..."); throw new AuthenticationException("auth.30", null); @@ -92,21 +87,23 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { //Log consents evaluator event to revisionslog revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED, String.valueOf(ssoConsents)); - - //Populate this pending request with SSO session information - pendingReq.populateMOASessionWithSSOInformation(ssoMOSSession); - - + //user allow single sign-on authentication if (ssoConsents) { - + //load MOA SSO-session from database + AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier()); + + + //Populate this pending request with SSO session information + pendingReq.setRawDataToTransaction(ssoMOSSession.getKeyValueRepresentationFromAuthSession());; + //authenticate pending-request pendingReq.setAuthenticated(true); pendingReq.setAbortedByUser(false); } else { //user deny single sign-on authentication - Logger.debug("User deny the Single Sign-On authentication for SP: " + pendingReq.getOAURL()); + Logger.debug("User deny the Single Sign-On authentication for SP: " + pendingReq.getSPEntityId()); pendingReq.setAbortedByUser(true); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java deleted file mode 100644 index 4eff0fcf5..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.modules.internal.tasks; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.stereotype.Component; - -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.logging.Logger; - -/** - * @author tlenz - * - */ -@Component("FinalizeAuthenticationTask") -public class FinalizeAuthenticationTask extends AbstractAuthServletTask { - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ - @Override - public void execute(ExecutionContext executionContext, - HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - - try { - defaultTaskInitialization(request, executionContext); - - //set MOASession to authenticated - moasession.setAuthenticated(true); - - //set pending request to authenticated - pendingReq.setAuthenticated(true); - requestStoreage.storePendingRequest(pendingReq); - - Logger.info("AuthProcess finished. Redirect to Protocol Dispatcher."); - performRedirectToProtocolFinialization(pendingReq, response); - - } catch (MOAIDException e) { - throw new TaskExecutionException(pendingReq, e.getMessage(), e); - - } catch (Exception e) { - Logger.warn("FinalizeAuthenticationTask has an internal error", e); - throw new TaskExecutionException(pendingReq, e.getMessage(), e); - - } finally { - executionContext.remove(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID); - - } - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java index 710008714..98e632bd8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java @@ -28,18 +28,18 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad; -import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; /** @@ -58,14 +58,13 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask { public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT); //load Parameters from OnlineApplicationConfiguration - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); if (oaParam == null) { - throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() }); + throw new AuthenticationException("auth.00", new Object[] { pendingReq.getSPEntityId() }); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java index 475009cf2..3c364e924 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java @@ -28,16 +28,16 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad; -import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; /** @@ -57,9 +57,7 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - try { - //perform default task initialization - defaultTaskInitialization(request, executionContext); + try { //set authenticated flag to false, because user consents is required pendingReq.setAuthenticated(false); @@ -76,8 +74,7 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas guiBuilder.build(response, config, "SendAssertion-Evaluation"); //Log consents evaluator event to revisionslog - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START); } catch (GUIBuildException e) { Logger.warn("Can not build GUI:'SendAssertion-Evaluation'. Msg:" + e.getMessage()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java deleted file mode 100644 index c1d02a029..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.modules.internal.tasks; - -import java.util.Set; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.process.ExecutionContextImpl; -import at.gv.egovernment.moa.id.process.ProcessEngine; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.logging.Logger; - -/** - * @author tlenz - * - */ -@Component("RestartAuthProzessManagement") -public class RestartAuthProzessManagement extends AbstractAuthServletTask { - - @Autowired ProcessEngine processEngine; - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ - @Override - public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - try { - //create a new execution context and copy all elements to new context - ExecutionContext newec = new ExecutionContextImpl(); - Set<String> entries = executionContext.keySet(); - for (String key : entries) { - newec.put(key, executionContext.get(key)); - - } - - Logger.debug("Select new auth.-process and restart restart process-engine ... "); - - // select and create new process instance - String processDefinitionId = ModuleRegistration.getInstance().selectProcess(newec); - if (processDefinitionId == null) { - Logger.warn("No suitable authentication process found for SessionID " + pendingReq.getRequestID()); - throw new MOAIDException("process.02", new Object[] { pendingReq.getRequestID() }); - } - - String processInstanceId = processEngine.createProcessInstance(processDefinitionId, newec); - - // keep process instance id in moa session - ((RequestImpl)pendingReq).setProcessInstanceId(processInstanceId); - - // make sure pending request has been persisted before running the process - try { - requestStoreage.storePendingRequest(pendingReq); - - } catch (MOAIDException e) { - Logger.error("Database Error! MOASession is not stored!"); - throw new MOAIDException("init.04", new Object[] { pendingReq.getRequestID() }); - - } - - Logger.info("Restart process-engine with auth.process:" + processDefinitionId); - - // start process - processEngine.start(pendingReq); - - - } catch (MOAIDException e) { - throw new TaskExecutionException(pendingReq, e.getMessage(), e); - - } catch (Exception e) { - Logger.warn("RestartAuthProzessManagement has an internal error", e); - throw new TaskExecutionException(pendingReq, e.getMessage(), e); - - } - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java new file mode 100644 index 000000000..acaf21682 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java @@ -0,0 +1,86 @@ +package at.gv.egovernment.moa.id.auth.modules.internal.tasks; + +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.config.auth.data.UserWhitelistStore; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class UserRestrictionTask extends AbstractAuthServletTask { + + public static final String CONFIG_PROPS_SP_LIST = "configuration.restrictions.sp.entityIds"; + public static final String CONFIG_PROPS_CSV_USER_FILE = "configuration.restrictions.sp.users.url"; + public static final String CONFIG_PROPS_CSV_USER_SECTOR = "configuration.restrictions.sp.users.sector"; + + @Autowired(required=true) UserWhitelistStore whitelist; + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + String spEntityId = pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(); + List<String> restrictedSPs = KeyValueUtils.getListOfCSVValues(authConfig.getBasicConfiguration(CONFIG_PROPS_SP_LIST)); + if (restrictedSPs.contains(spEntityId)) { + Logger.debug("SP:" + spEntityId + " has a user restrication. Check users bPK ... "); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + + //check if user idl is already loaded + if (moasession.getIdentityLink() == null) { + Logger.warn("PendingRequest contains NO IdentityLink. User restrictation NOT possible!"); + throw new MOAIDException("process.03", null); + + } + + //calculate whitelist bPK for current user + String bpkTarget = authConfig.getBasicConfiguration(CONFIG_PROPS_CSV_USER_SECTOR); + if (MiscUtil.isEmpty(bpkTarget)) { + Logger.info("NO bPK sector for user whitelist in configuration"); + throw new MOAIDException("config.05", new Object[] {CONFIG_PROPS_CSV_USER_SECTOR}); + + } + + Pair<String, String> pseudonym = new BPKBuilder().generateAreaSpecificPersonIdentifier( + moasession.getIdentityLink().getIdentificationValue(), + moasession.getIdentityLink().getIdentificationType(), + bpkTarget); + + + //check if user's bPK is whitelisted + if (!whitelist.isUserbPKInWhitelistDynamic(pseudonym.getFirst())) { + Logger.info("User's bPK is not whitelisted. Authentication process stops ..."); + Logger.trace("User's bPK: " + pseudonym.getFirst()); + throw new MOAIDException("auth.35", null); + + } + + Logger.debug("User was found in whitelist. Continue authentication process ... "); + + } else + Logger.trace("SP: " + spEntityId + " has no user restrication."); + + + } catch (MOAIDException e) { + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } catch (Exception e) { + Logger.warn("RestartAuthProzessManagement has an internal error", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java deleted file mode 100644 index 9c950366c..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java +++ /dev/null @@ -1,149 +0,0 @@ -package at.gv.egovernment.moa.id.auth.modules.registration; - -import java.io.IOException; -import java.io.InputStream; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Comparator; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.ServiceLoader; - -import javax.annotation.PostConstruct; - -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.core.io.Resource; - -import at.gv.egovernment.moa.id.auth.modules.AuthModule; -import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException; -import at.gv.egovernment.moa.id.process.ProcessEngine; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; - -/** - * This class handles registering modules. The modules are detected either with - * the ServiceLoader mechanism or via Spring. All detected modules are ranked - * according to their priority. - */ -public class ModuleRegistration { - - private static ModuleRegistration instance = new ModuleRegistration(); - - private List<AuthModule> priorizedModules = new ArrayList<>(); - - @Autowired - private ApplicationContext ctx; - - @Autowired - private ProcessEngine processEngine; - - private Logger log = LoggerFactory.getLogger(getClass()); - - public static ModuleRegistration getInstance() { - return instance; - } - - private ModuleRegistration() { - } - - @PostConstruct - private void init() { - // load modules via the ServiceLoader - initServiceLoaderModules(); - - // load modules via Spring - initSpringModules(); - - // order modules according to their priority - sortModules(); - } - - /** - * Discovers modules which use the ServiceLoader mechanism. - */ - private void initServiceLoaderModules() { - log.info("Looking for auth modules."); - ServiceLoader<AuthModule> loader = ServiceLoader.load(AuthModule.class); - Iterator<AuthModule> modules = loader.iterator(); - while (modules.hasNext()) { - AuthModule module = modules.next(); - log.info("Detected module {}", module.getClass().getName()); - registerModuleProcessDefinitions(module); - priorizedModules.add(module); - } - } - - /** - * Discovers modules which use Spring. - */ - private void initSpringModules() { - log.debug("Discovering Spring modules."); - Map<String, AuthModule> modules = ctx.getBeansOfType(AuthModule.class); - for (AuthModule module : modules.values()) { - registerModuleProcessDefinitions(module); - priorizedModules.add(module); - } - } - - /** - * Registers the resource uris for the module. - * - * @param module - * the module. - */ - private void registerModuleProcessDefinitions(AuthModule module) { - for (String uri : module.getProcessDefinitions()) { - Resource resource = ctx.getResource(uri); - if (resource.isReadable()) { - log.info("Registering process definition '{}'.", uri); - try (InputStream processDefinitionInputStream = resource.getInputStream()) { - processEngine.registerProcessDefinition(processDefinitionInputStream); - } catch (IOException e) { - log.error("Process definition '{}' could NOT be read.", uri, e); - } catch (ProcessDefinitionParserException e) { - log.error("Error while parsing process definition '{}'", uri, e); - } - } else { - log.error("Process definition '{}' cannot be read.", uri); - } - } - } - - /** - * Order the modules in descending order according to their priority. - */ - private void sortModules() { - Collections.sort(priorizedModules, new Comparator<AuthModule>() { - @Override - public int compare(AuthModule thisAuthModule, AuthModule otherAuthModule) { - int thisOrder = thisAuthModule.getPriority(); - int otherOrder = otherAuthModule.getPriority(); - return (thisOrder < otherOrder ? 1 : (thisOrder == otherOrder ? 0 : -1)); - } - }); - } - - /** - * Returns the process description id of the first process, in the highest ranked - * module, which is able to work with the given execution context. - * - * @param context - * the {@link ExecutionContext}. - * @return the process id or {@code null} - */ - public String selectProcess(ExecutionContext context) { - for (AuthModule module : priorizedModules) { - String id = module.selectProcess(context); - if (StringUtils.isNotEmpty(id)) { - log.debug("Process with id '{}' selected, for context '{}'.", id, context); - return id; - } - } - log.info("No process is able to handle context '{}'.", context); - return null; - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java index 8f7364f62..3ff22b84d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java @@ -58,15 +58,15 @@ import java.util.List; import org.w3c.dom.Element; import org.w3c.dom.traversal.NodeIterator; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.IdentityLink; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.exception.ECDSAConverterException; import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; /** * Parses an identity link <code><saml:Assertion></code> @@ -259,7 +259,7 @@ public class IdentityLinkAssertionParser { public IIdentityLink parseIdentityLink() throws ParseException { IIdentityLink identityLink; - try { + try { identityLink = new IdentityLink(); identityLink.setSamlAssertion(assertionElem); identityLink.setIssueInstant(assertionElem.getAttribute(ISSUE_INSTANT_ATTR)); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index b2db8d5a2..ead80b117 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -30,19 +30,20 @@ import org.apache.commons.lang.StringEscapeUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; @@ -59,7 +60,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ String useMandate, String ccc, HttpServletRequest req, - IRequest protocolReq) throws WrongParametersException, MOAIDException { + IRequest protocolReq) throws WrongParametersException, MOAIDException, EAAFException { String resultTargetFriendlyName = null; String resultTarget = null; @@ -96,10 +97,10 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ //load OnlineApplication configuration - IOAAuthParameters oaParam = protocolReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = protocolReq.getServiceProviderConfiguration(IOAAuthParameters.class); if (oaParam == null) throw new AuthenticationException("auth.00", - new Object[] { protocolReq.getOAURL() }); + new Object[] { protocolReq.getSPEntityId() }); // get target and target friendly name from config @@ -137,8 +138,8 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ resultTargetFriendlyName = targetFriendlyNameConfig; //set info's into request-context. (It's required to support SAML1 requested target parameters) - protocolReq.setGenericDataToSession(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, resultTarget); - protocolReq.setGenericDataToSession( + protocolReq.setRawDataToTransaction(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, resultTarget); + protocolReq.setRawDataToTransaction( MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, resultTargetFriendlyName); } else { @@ -185,7 +186,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ && MiscUtil.isNotEmpty(templateURLList.get(0)) ) { templateURL = FileUtils.makeAbsoluteURL( oaParam.getTemplateURL().get(0), - authConfig.getRootConfigFileDir()); + authConfig.getRootConfigFileDir()); Logger.info("No SL-Template in request, load SL-Template from OA configuration (URL: " + templateURL + ")"); } else if ( (defaulTemplateURLList.size() > 0) && MiscUtil.isNotEmpty(defaulTemplateURLList.get(0))) { @@ -205,7 +206,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL())) throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); - protocolReq.setGenericDataToSession( + protocolReq.setRawDataToTransaction( MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, templateURL); @@ -227,7 +228,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ } public void parse(ExecutionContext ec, IAuthenticationSession moasession, HttpServletRequest req, IRequest pendingReq) - throws WrongParametersException, MOAIDException { + throws WrongParametersException, MOAIDException, EAAFException { //get Parameters from request String oaURL = (String) ec.get(PARAM_OA); @@ -236,18 +237,18 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ String useMandate = (String) ec.get(PARAM_USEMANDATE); String ccc = (String) ec.get(PARAM_CCC); - if (pendingReq.getOnlineApplicationConfiguration() != null && - pendingReq.getOnlineApplicationConfiguration().isOnlyMandateAllowed()) { - Logger.debug("Service " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() + if (pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class) != null && + pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).isOnlyMandateAllowed()) { + Logger.debug("Service " + pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getPublicURLPrefix() + " only allows authentication with mandates. --> Set useMandate to TRUE."); - useMandate = String.valueOf(pendingReq.getOnlineApplicationConfiguration().isOnlyMandateAllowed()); + useMandate = String.valueOf(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).isOnlyMandateAllowed()); } - oaURL = pendingReq.getOAURL(); + oaURL = pendingReq.getSPEntityId(); //only needed for SAML1 - String target = pendingReq.getGenericData("saml1_target", String.class); + String target = pendingReq.getRawData("saml1_target", String.class); parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, pendingReq); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java index b54a43fff..c66353846 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java @@ -46,20 +46,22 @@ package at.gv.egovernment.moa.id.auth.parser; -import iaik.utils.Base64InputStream; -import iaik.x509.X509Certificate; - import java.io.ByteArrayInputStream; import java.io.InputStream; +import org.joda.time.DateTime; +import org.joda.time.format.ISODateTimeFormat; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; +import at.gv.egovernment.moa.util.MiscUtil; +import iaik.utils.Base64InputStream; +import iaik.x509.X509Certificate; /** * Parses a <code><VerifyXMLSignatureResponse></code> returned by @@ -115,6 +117,9 @@ public class VerifyXMLSignatureResponseParser { private static final String CERTIFICATE_CHECK_CODE_XPATH = ROOT + MOA + "CertificateCheck/" + MOA + "Code"; + private static final String SIGNING_TIME_XPATH = + ROOT + MOA + "SigningTime"; + /** This is the root element of the XML-Document provided by the Security Layer Card*/ private Element verifyXMLSignatureResponse; @@ -200,7 +205,14 @@ public class VerifyXMLSignatureResponseParser { if (signatureManifestCheckCode != null) { respData.setSignatureManifestCheckCode(new Integer(signatureManifestCheckCode).intValue()); } - respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue()); + respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue()); + + String signingTimeElement = XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNING_TIME_XPATH,""); + if (MiscUtil.isNotEmpty(signingTimeElement)) { + DateTime datetime = ISODateTimeFormat.dateOptionalTimeParser().parseDateTime(signingTimeElement); + respData.setSigningDateTime(datetime.toDate()); + + } } catch (Throwable t) { throw new ParseException("parser.01", null, t); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java deleted file mode 100644 index f61b9a4da..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java +++ /dev/null @@ -1,351 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.IOException; -import java.io.PrintWriter; -import java.io.StringWriter; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang.StringEscapeUtils; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.ExceptionHandler; - -import com.google.common.net.MediaType; - -import at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger; -import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; -import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.data.ExceptionContainer; -import at.gv.egovernment.moa.id.moduls.IRequestStorage; -import at.gv.egovernment.moa.id.process.ProcessExecutionException; -import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; -import at.gv.egovernment.moa.id.util.ErrorResponseUtils; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.id.util.ServletUtils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -/** - * @author tlenz - * - */ -public abstract class AbstractController extends MOAIDAuthConstants { - - public static final String ERROR_CODE_PARAM = "errorid"; - - @Autowired protected IStatisticLogger statisticLogger; - @Autowired protected IRequestStorage requestStorage; - @Autowired protected ITransactionStorage transactionStorage; - @Autowired protected MOAReversionLogger revisionsLogger; - @Autowired protected AuthConfiguration authConfig; - @Autowired protected IGUIFormBuilder guiBuilder; - - @ExceptionHandler({MOAIDException.class}) - public void MOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception e) throws IOException { - Logger.error(e.getMessage() , e); - internalMOAIDExceptionHandler(req, resp, e, true); - - } - - @ExceptionHandler({Exception.class}) - public void GenericExceptionHandler(HttpServletResponse resp, Exception exception) throws IOException { - Logger.error("Internel Server Error." , exception); - resp.setContentType(MediaType.HTML_UTF_8.toString()); - resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error!" + - "(Errorcode=9199" - +" | Description="+ StringEscapeUtils.escapeHtml(exception.getMessage()) + ")"); - return; - - } - - @ExceptionHandler({IOException.class}) - public void IOExceptionHandler(HttpServletResponse resp, Throwable exception) { - Logger.error("Internel Server Error." , exception); - resp.setContentType(MediaType.HTML_UTF_8.toString()); - resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - return; - - } - - protected void handleError(String errorMessage, Throwable exceptionThrown, - HttpServletRequest req, HttpServletResponse resp, IRequest pendingReq) throws IOException { - - String pendingRequestID = null; - if (pendingReq != null) - pendingRequestID = pendingReq.getRequestID(); - - Throwable loggedException = null; - Throwable extractedException = extractOriginalExceptionFromProcessException(exceptionThrown); - - //extract pendingRequestID and originalException if it was a TaskExecutionException - if (extractedException instanceof TaskExecutionException) { - //set original exception - loggedException = ((TaskExecutionException) extractedException).getOriginalException(); - - //use TaskExecutionException directly, if no Original Exeception is included - if (loggedException == null) - loggedException = exceptionThrown; - - //set pending-request ID if it is set - String reqID = ((TaskExecutionException) extractedException).getPendingRequestID(); - if (MiscUtil.isNotEmpty(reqID)) - pendingRequestID = reqID; - - } else - loggedException = exceptionThrown; - - try { - //switch to protocol-finalize method to generate a protocol-specific error message - - //put exception into transaction store for redirect - String key = Random.nextLongRandom(); - if (pendingReq != null) { - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR); - transactionStorage.put(key, - new ExceptionContainer(pendingReq, loggedException),-1); - - } else { - transactionStorage.put(key, - new ExceptionContainer(null, loggedException),-1); - - } - - //build up redirect URL - String redirectURL = null; - redirectURL = ServletUtils.getBaseUrl(req); - redirectURL += "/"+AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT - + "?" + ERROR_CODE_PARAM + "=" + key; - - //only add pending-request Id if it exists - if (MiscUtil.isNotEmpty(pendingRequestID)) - redirectURL += "&" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; - - resp.setContentType("text/html"); - resp.setStatus(302); - - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); - - return; - - } catch (Exception e) { - Logger.warn("Default error-handling FAILED. Exception can not be stored to Database.", e); - Logger.info("Switch to generic generic backup error-handling ... "); - handleErrorNoRedirect(loggedException, req, resp, true); - - } - - } - - /** - * Handles all exceptions with no pending request. - * Therefore, the error is written to the users browser - * - * @param throwable - * @param req - * @param resp - * @throws IOException - */ - protected void handleErrorNoRedirect(Throwable throwable, HttpServletRequest req, - HttpServletResponse resp, boolean writeExceptionToStatisticLog) throws IOException { - - //log Exception into statistic database - if (writeExceptionToStatisticLog) - statisticLogger.logErrorOperation(throwable); - - //write errror to console - logExceptionToTechnicalLog(throwable); - - //return error to Web browser - if (throwable instanceof MOAIDException || throwable instanceof ProcessExecutionException) - internalMOAIDExceptionHandler(req, resp, (Exception)throwable, false); - - else { - //write generic message for general exceptions - String msg = MOAIDMessageProvider.getInstance().getMessage("internal.00", null); - writeHTMLErrorResponse(req, resp, msg, "9199", (Exception) throwable); - - } - - } - - /** - * Write a Exception to the MOA-ID-Auth internal technical log - * - * @param loggedException Exception to log - */ - protected void logExceptionToTechnicalLog(Throwable loggedException) { - if (!( loggedException instanceof MOAIDException - || loggedException instanceof ProcessExecutionException )) { - Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException); - - } else { - if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) { - Logger.warn(loggedException.getMessage(), loggedException); - - } else { - Logger.warn(loggedException.getMessage()); - - } - } - } - - private void writeBadRequestErrorResponse(HttpServletRequest req, HttpServletResponse resp, MOAIDException e) throws IOException { - ErrorResponseUtils utils = ErrorResponseUtils.getInstance(); - String code = utils.mapInternalErrorToExternalError( - ((InvalidProtocolRequestException)e).getMessageId()); - String descr = StringEscapeUtils.escapeHtml(e.getMessage()); - resp.setContentType(MediaType.HTML_UTF_8.toString()); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" + - "(Errorcode=" + code + - " | Description=" + descr + ")"); - - } - - private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, String msg, String errorCode, Exception error) throws IOException { - - try { - DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( - HTTPUtils.extractAuthURLFromRequest(req), - DefaultGUIFormBuilderConfiguration.VIEW_ERRORMESSAGE, - null); - - //add errorcode and errormessage - config.putCustomParameter("errorMsg", msg); - config.putCustomParameter("errorCode", errorCode); - - //add stacktrace if debug is enabled - if (Logger.isTraceEnabled()) { - config.putCustomParameter("stacktrace", getStacktraceFromException(error)); - - } - - guiBuilder.build(httpResp, config, "Error-Message"); - - } catch (GUIBuildException e) { - Logger.warn("Can not build error-message GUI.", e); - GenericExceptionHandler(httpResp, e); - - } - - } - - private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, Exception error) throws IOException { - writeHTMLErrorResponse(req, httpResp, - error.getMessage(), - ErrorResponseUtils.getInstance().getResponseErrorCode(error), - error); - } - - - private String getStacktraceFromException(Exception ex) { - StringWriter errors = new StringWriter(); - ex.printStackTrace(new PrintWriter(errors)); - return errors.toString(); - - } - - /** - * Extracts a TaskExecutionException of a ProcessExecutionExeception Stacktrace. - * - * @param exception - * @return Return the latest TaskExecutionExecption if exists, otherwise the latest ProcessExecutionException - */ - private Throwable extractOriginalExceptionFromProcessException(Throwable exception) { - Throwable exholder = exception; - TaskExecutionException taskExc = null; - - while(exholder != null - && exholder instanceof ProcessExecutionException) { - ProcessExecutionException procExc = (ProcessExecutionException) exholder; - if (procExc.getCause() != null && - procExc.getCause() instanceof TaskExecutionException) { - taskExc = (TaskExecutionException) procExc.getCause(); - exholder = taskExc.getOriginalException(); - - } else - break; - - } - - if (taskExc == null) - return exholder; - - else - return taskExc; - } - - private void internalMOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception e, boolean writeExceptionToStatisicLog) throws IOException { - if (e instanceof ProtocolNotActiveException) { - resp.getWriter().write(e.getMessage()); - resp.setContentType(MediaType.HTML_UTF_8.toString()); - resp.sendError(HttpServletResponse.SC_FORBIDDEN, StringEscapeUtils.escapeHtml(e.getMessage())); - - } else if (e instanceof AuthnRequestValidatorException) { - AuthnRequestValidatorException ex = (AuthnRequestValidatorException)e; - //log Error Message - if (writeExceptionToStatisicLog) - statisticLogger.logErrorOperation(ex, ex.getErrorRequest()); - - //write error message - writeBadRequestErrorResponse(req, resp, (MOAIDException) e); - - } else if (e instanceof InvalidProtocolRequestException) { - //send error response - writeBadRequestErrorResponse(req, resp, (MOAIDException) e); - - } else if (e instanceof ConfigurationException) { - //send HTML formated error message - writeHTMLErrorResponse(req, resp, (MOAIDException) e); - - } else if (e instanceof MOAIDException) { - //send HTML formated error message - writeHTMLErrorResponse(req, resp, e); - - } else if (e instanceof ProcessExecutionException) { - //send HTML formated error message - writeHTMLErrorResponse(req, resp, e); - - } - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java deleted file mode 100644 index 32f103ca7..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java +++ /dev/null @@ -1,86 +0,0 @@ -package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-
-import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
-import at.gv.egovernment.moa.id.auth.exception.MOAIllegalStateException;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.ProcessEngine;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Servlet that resumes a suspended process (in case of asynchronous tasks).
- *
- * @author tknall
- *
- */
-public abstract class AbstractProcessEngineSignalController extends AbstractController {
-
- @Autowired protected ProcessEngine processEngine;
-
- protected void signalProcessManagement(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- String pendingRequestID = StringEscapeUtils.escapeHtml(getPendingRequestId(req));
- IRequest pendingReq = null;
- try {
- if (pendingRequestID == null) {
- throw new MOAIllegalStateException("process.03", new Object[]{"Unable to determine MOA pending-request id."});
-
- }
-
- pendingReq = requestStorage.getPendingRequest(pendingRequestID);
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-
- }
-
- //change pending-request ID
- requestStorage.changePendingRequestID(pendingReq);
- pendingRequestID = pendingReq.getRequestID();
-
- // process instance is mandatory
- if (pendingReq.getProcessInstanceId() == null) {
- throw new MOAIllegalStateException("process.03", new Object[]{"MOA session does not provide process instance id."});
-
- }
-
- // wake up next task
- processEngine.signal(pendingReq);
-
- } catch (Exception ex) {
- handleError(null, ex, req, resp, pendingReq);
-
- } finally {
- //MOASessionDBUtils.closeSession();
- TransactionIDUtils.removeAllLoggingVariables();
-
- }
-
-
- }
-
- /**
- * Retrieves the current pending-request id from the HttpServletRequest parameter
- * {@link MOAIDAuthConstants#PARAM_TARGET_PENDINGREQUESTID}.
- * <p/>
- * Note that this class/method can be overwritten by modules providing their own strategy of retrieving the
- * respective pending-request id.
- *
- * @param request
- * The unterlying HttpServletRequest.
- * @return The current pending-request id.
- */
- public String getPendingRequestId(HttpServletRequest request) {
- return StringEscapeUtils.escapeHtml(request.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));
-
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java index 49145a850..18aa93cc9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java @@ -33,15 +33,16 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; import at.gv.egovernment.moa.id.auth.frontend.builder.AbstractServiceProviderSpecificGUIFormBuilderConfiguration; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.moduls.IRequestStorage; -import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -164,7 +165,7 @@ public class GUILayoutBuilderServlet extends AbstractController { private IRequest extractPendingRequest(HttpServletRequest req) { try { String pendingReqID = StringEscapeUtils.escapeHtml( - req.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); + req.getParameter(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID)); if (MiscUtil.isNotEmpty(pendingReqID)) { IRequest pendingReq = requestStorage.getPendingRequest(pendingReqID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java index dfa923558..87325989a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java @@ -31,6 +31,8 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; + /** * @author tlenz * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index 0397bd501..c39d78d8b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -36,24 +36,27 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; +import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest; import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; -import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.data.ISLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationContainer; -import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; @@ -66,7 +69,7 @@ import at.gv.egovernment.moa.util.URLEncoder; public class IDPSingleLogOutServlet extends AbstractController { @Autowired SSOManager ssoManager; - @Autowired AuthenticationManager authManager; + @Autowired IAuthenticationManager authManager; @Autowired IAuthenticationSessionStoreage authenicationStorage; @Autowired SingleLogOutBuilder sloBuilder; @@ -127,6 +130,9 @@ public class IDPSingleLogOutServlet extends AbstractController { } catch (MOADatabaseException e) { handleErrorNoRedirect(e, req, resp, false); + } catch (EAAFException e) { + handleErrorNoRedirect(e, req, resp, false); + } return; @@ -135,10 +141,13 @@ public class IDPSingleLogOutServlet extends AbstractController { try { if (ssoManager.isValidSSOSession(ssoid, null)) { - AuthenticationSession authSession = authenicationStorage.getInternalMOASessionWithSSOID(ssoid); + String internalSSOId = authenicationStorage.getInternalSSOSessionWithSSOID(ssoid); - if(authSession != null) { - authManager.performSingleLogOut(req, resp, authSession, authURL); + if(MiscUtil.isNotEmpty(internalSSOId)) { + ISLOInformationContainer sloInfoContainer = authManager.performSingleLogOut(req, resp, null, internalSSOId); + + Logger.debug("Starting technical SLO process ... "); + sloBuilder.toTechnicalLogout(sloInfoContainer, req, resp, authURL); return; } @@ -154,16 +163,24 @@ public class IDPSingleLogOutServlet extends AbstractController { if (MiscUtil.isNotEmpty(restartProcess)) { Logger.info("Restart Single LogOut process after timeout ... "); try { - ISLOInformationContainer sloContainer = transactionStorage.get(restartProcess, SLOInformationContainer.class); + SLOInformationContainer sloContainer = transactionStorage.get(restartProcess, SLOInformationContainer.class); + if (sloContainer == null) { + Logger.info("No Single LogOut processing information with ID: " + restartProcess); + handleErrorNoRedirect(new MOAIDException("slo.03", null), req, resp, false); + return; + + } + if (sloContainer.hasFrontChannelOA()) sloContainer.putFailedOA("differntent OAs"); String redirectURL = null; - if (sloContainer.getSloRequest() != null) { + IRequest sloReq = sloContainer.getSloRequest(); + if (sloReq != null && sloReq instanceof PVPSProfilePendingRequest) { //send SLO response to SLO request issuer - SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(sloContainer.getSloRequest()); - LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, sloContainer.getSloRequest(), sloContainer.getSloFailedOAs()); - redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, sloContainer.getSloRequest().getRequest().getRelayState()); + SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPSProfilePendingRequest)sloContainer.getSloRequest()); + LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPSProfilePendingRequest)sloContainer.getSloRequest(), sloContainer.getSloFailedOAs()); + redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, ((PVPSProfilePendingRequest)sloContainer.getSloRequest()).getRequest().getRelayState()); } else { //print SLO information directly @@ -205,6 +222,9 @@ public class IDPSingleLogOutServlet extends AbstractController { } catch (MOAIDException e) { Logger.warn("Build SLO respone FAILED.", e); + } catch (EAAFException e) { + Logger.warn("Build SLO respone FAILED.", e); + } try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index 8ef047300..0285dd75b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -56,13 +56,11 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.moduls.AuthenticationManager; -import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -71,9 +69,11 @@ import at.gv.egovernment.moa.util.MiscUtil; public class LogOutServlet { private static final String REDIRECT_URL = "redirect"; - @Autowired private SSOManager ssomanager; - @Autowired private AuthenticationManager authmanager; - @Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage; + @Autowired(required=true) private ISSOManager ssomanager; + //@Autowired(required=true) private IAuthenticationManager authmanager; + @Autowired(required=true) private IAuthenticationSessionStoreage authenticatedSessionStorage; + @Autowired(required=true) private AuthConfiguration authConfig; + @RequestMapping(value = "/LogOut", method = {RequestMethod.POST, RequestMethod.GET}) public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException { @@ -81,10 +81,7 @@ public class LogOutServlet { String redirectUrl = (String) req.getParameter(REDIRECT_URL); - try { - //get SSO token from request - String ssoid = ssomanager.getSSOSessionID(req); - + try { if (MiscUtil.isEmpty(redirectUrl)) { //set default redirect Target Logger.debug("Set default RedirectURL back to MOA-ID-Auth"); @@ -92,7 +89,7 @@ public class LogOutServlet { } else { //return an error if RedirectURL is not a active Online-Applikation - IOAAuthParameters oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(redirectUrl); + IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(redirectUrl, IOAAuthParameters.class); if (oa == null) { Logger.info("RedirctURL does not match to OA configuration. Set default RedirectURL back to MOA-ID-Auth"); redirectUrl = HTTPUtils.extractAuthURLFromRequest(req); @@ -101,23 +98,11 @@ public class LogOutServlet { } - if (ssomanager.isValidSSOSession(ssoid, null)) { - - //TODO: Single LogOut Implementation - - //delete SSO session and MOA session - AuthenticationSession moasessionid = authenticatedSessionStorage.getInternalMOASessionWithSSOID(ssoid); - authmanager.performOnlyIDPLogOut(moasessionid); - - Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl); - } else { + if (ssomanager.destroySSOSessionOnIDPOnly(req, resp, null)) + Logger.info("User with SSO is logged out and get redirect to "+ redirectUrl); + else Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl); - - } - - //Remove SSO token - ssomanager.deleteSSOSessionID(req, resp); - + } catch (Exception e) { resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed."); return; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index a00de1da0..e5a8bb739 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; +import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,14 +34,14 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; @@ -57,8 +58,9 @@ public class RedirectServlet { private static final String URL = "URL"; private static final String TARGET = "TARGET"; - @Autowired SSOManager ssoManager; - @Autowired IGUIFormBuilder guiBuilder; + @Autowired(required=true) SSOManager ssoManager; + @Autowired(required=true) IGUIFormBuilder guiBuilder; + @Autowired(required=true) private AuthConfiguration authConfig; @RequestMapping(value = "/RedirectServlet", method = RequestMethod.GET) public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException { @@ -78,10 +80,13 @@ public class RedirectServlet { //url = URLDecoder.decode(url, "UTF-8"); - oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(url); + oa = authConfig.getServiceProviderConfiguration(url, IOAAuthParameters.class); String authURL = HTTPUtils.extractAuthURLFromRequest(req); - if (oa == null || !AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().contains(authURL)) { + List<String> allowedPublicUrlPrefixes = authConfig.getPublicURLPrefix(); + + if ((oa == null && !checkRedirectToItself(url, allowedPublicUrlPrefixes)) + || !authConfig.getPublicURLPrefix().contains(authURL)) { resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid"); return; @@ -166,5 +171,17 @@ public class RedirectServlet { } } + + private boolean checkRedirectToItself(String url, List<String> allowedPublicUrlPrefixes) { + if (url != null) { + for (String el : allowedPublicUrlPrefixes) { + if (url.startsWith(el)) + return true; + + } + } + + return false; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java index 466364adb..5aa3a691f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java @@ -25,14 +25,18 @@ package at.gv.egovernment.moa.id.auth.servlet.interceptor; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang3.StringUtils; +import org.apache.commons.text.StringEscapeUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; -import at.gv.egovernment.moa.id.commons.MOAIDConstants; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; /** @@ -41,7 +45,9 @@ import at.gv.egovernment.moa.util.MiscUtil; */ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor { - @Autowired private SSOManager ssomanager; + @Autowired private IRequestStorage requestStorage; + @Autowired(required=false) private SSOManager ssomanager; + /* (non-Javadoc) * @see org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object) @@ -50,18 +56,35 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor { public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - //get SSO Cookie for Request - String ssoId = ssomanager.getSSOSessionID(request); + String uniqueSessionIdentifier = null; - //search for unique session identifier - String uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId); - if (MiscUtil.isEmpty(uniqueSessionIdentifier)) - uniqueSessionIdentifier = Random.nextRandom(); + //if SSOManager is available, search SessionIdentifier in SSO session + if (ssomanager != null) { + String ssoId = ssomanager.getSSOSessionID(request); + uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId); + + } - TransactionIDUtils.setSessionId(uniqueSessionIdentifier); - request.setAttribute(MOAIDConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier); + // search SessionIdentifier in PendingRequest if available + if (MiscUtil.isEmpty(uniqueSessionIdentifier)) { + String pendingReqId = StringEscapeUtils.escapeHtml4( + request.getParameter(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID)); + if (StringUtils.isNotEmpty(pendingReqId)) { + IRequest pendingReq = requestStorage.getPendingRequest(pendingReqId); + if (pendingReq != null) + uniqueSessionIdentifier = pendingReq.getUniqueSessionIdentifier(); + + } + } + + //if NO SSOSession and no PendingRequest create new SessionIdentifier + if (StringUtils.isEmpty(uniqueSessionIdentifier)) + uniqueSessionIdentifier = Random.nextHexRandom16(); + TransactionIDUtils.setSessionId(uniqueSessionIdentifier); + request.setAttribute(EAAFConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier); return true; + } /* (non-Javadoc) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java index 93d74d7ef..4dac390e6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java @@ -37,9 +37,9 @@ import javax.servlet.http.HttpServletRequest; import org.springframework.context.ApplicationContext; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java index c8c6c1fb5..ee69b082b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java @@ -30,10 +30,10 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java index f3ce6888b..604d224eb 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java @@ -49,11 +49,11 @@ package at.gv.egovernment.moa.id.auth.validator; import org.w3c.dom.Element; import org.w3c.dom.NodeList; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.IdentityLink; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.exception.ValidateException; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.XPathUtils; /** * This class is used to validate an {@link IdentityLink} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureRequestBuilder.java index e6adcf159..d1c67b06e 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureRequestBuilder.java @@ -44,7 +44,7 @@ */ -package at.gv.egovernment.moa.id.auth.builder; +package at.gv.egovernment.moa.id.auth.validator; import java.util.List; @@ -55,10 +55,10 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index c4ea80df9..b9c15e75e 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -54,15 +54,15 @@ import java.util.Iterator; import java.util.List; import java.util.Set; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; import iaik.asn1.structures.Name; import iaik.security.ec.common.ECPublicKey; @@ -113,11 +113,12 @@ public class VerifyXMLSignatureResponseValidator { public void validate(IVerifiyXMLSignatureResponse verifyXMLSignatureResponse, List<String> identityLinkSignersSubjectDNNames, String whatToCheck, - IOAAuthParameters oaParam) + IOAAuthParameters oaParam, + AuthConfiguration authConfig) throws ValidateException, ConfigurationException { if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) - throw new ValidateException("validator.06", null); + throw new ValidateException("validator.06", new Object[] {whatToCheck}); if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) { String checkFailedReason =""; @@ -140,7 +141,7 @@ public class VerifyXMLSignatureResponseValidator { } //check QC - if (AuthConfigurationProviderFactory.getInstance().isCertifiacteQCActive() && + if (authConfig.isCertifiacteQCActive() && !whatToCheck.equals(CHECK_IDENTITY_LINK) && !verifyXMLSignatureResponse.isQualifiedCertificate()) { @@ -249,12 +250,17 @@ public class VerifyXMLSignatureResponseValidator { PublicKey[] pubKeysIdentityLink = (PublicKey[]) idl.getPublicKey(); PublicKey pubKeySignature = x509Response.getPublicKey(); - + checkIDLAgainstSignatureCertificate(pubKeysIdentityLink, pubKeySignature); + + } + + + public void checkIDLAgainstSignatureCertificate( PublicKey[] pubKeysIdentityLink, PublicKey pubKeySignature) throws ValidateException { boolean found = false; for (int i = 0; i < pubKeysIdentityLink.length; i++) { - + PublicKey idlPubKey = pubKeysIdentityLink[i]; //compare RSAPublicKeys - if ((idl.getPublicKey()[i] instanceof java.security.interfaces.RSAPublicKey) && + if ((idlPubKey instanceof java.security.interfaces.RSAPublicKey) && (pubKeySignature instanceof java.security.interfaces.RSAPublicKey)) { RSAPublicKey rsaPubKeySignature = (RSAPublicKey) pubKeySignature; @@ -266,8 +272,8 @@ public class VerifyXMLSignatureResponseValidator { } //compare ECDSAPublicKeys - if( ( (idl.getPublicKey()[i] instanceof java.security.interfaces.ECPublicKey) || - (idl.getPublicKey()[i] instanceof ECPublicKey)) && + if( ( (idlPubKey instanceof java.security.interfaces.ECPublicKey) || + (idlPubKey instanceof ECPublicKey)) && ( (pubKeySignature instanceof java.security.interfaces.ECPublicKey) || (pubKeySignature instanceof ECPublicKey) ) ) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java index 4cca2e625..a9abc2c5f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java @@ -1,199 +1,200 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.client.utils; - -import java.io.UnsupportedEncodingException; -import java.util.List; -import java.util.UUID; - -import org.opensaml.xml.util.XMLHelper; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.client.SZRGWClient; -import at.gv.egovernment.moa.id.client.SZRGWClientException; -import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.util.xsd.mis.MandateIdentifiers; -import at.gv.util.xsd.mis.Target; -import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; -import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; -import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; -import at.gv.util.xsd.srzgw.MISType; -import at.gv.util.xsd.srzgw.MISType.Filters; - -/** - * @author tlenz - * - */ -public class SZRGWClientUtils { - - /** - * Does the request to the SZR-GW. - * - * @param signature the signature - * @return the identity link - * @throws SZRGWClientException the sZRGW client exception - * @throws ConfigurationException the configuration exception - */ - public static CreateIdentityLinkResponse getIdentityLink(IRequest pendingReq, Element signature) throws SZRGWClientException, ConfigurationException { - return getIdentityLink(pendingReq, null, null, null, null, XMLHelper.nodeToString(signature), null); - } - - /** - * Does the request to the SZR-GW. - * - * @param PEPSIdentifier the pEPS identifier - * @param PEPSFirstname the pEPS firstname - * @param PEPSFamilyname the pEPS familyname - * @param PEPSDateOfBirth the pEPS date of birth - * @param signature XMLDSIG signature - * @return Identity link assertion - * @throws SZRGWClientException the sZRGW client exception - * @throws ConfigurationException the configuration exception - */ - public static CreateIdentityLinkResponse getIdentityLink(IRequest pendingReq, String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature, String PEPSFiscalNumber) throws SZRGWClientException { - return getIdentityLink(pendingReq, PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, null, signature, null, null, null, null, null, null, null, PEPSFiscalNumber); - } - - /** - * SZR-GW Client interface. - * - * @param eIdentifier the e identifier - * @param givenName the given name - * @param lastName the last name - * @param dateOfBirth the date of birth - * @param citizenSignature the citizen signature - * @param representative the representative - * @param represented the represented - * @param mandate the mandate - * @return the identity link - * @throws SZRGWClientException the sZRGW client exception - */ - public static CreateIdentityLinkResponse getIdentityLink(IRequest pendingReq, String eIdentifier, - String givenName, String lastName, String dateOfBirth, String gender, - String citizenSignature, String representative, String represented, - String mandate, String targetType, String targetValue, String oaFriendlyName, List<String> filters, String PEPSFiscalNumber) throws SZRGWClientException { - return getIdentityLink(pendingReq, eIdentifier, givenName, lastName, dateOfBirth, gender, - citizenSignature, representative, represented, mandate, null, - null, targetType, targetValue, oaFriendlyName, filters, PEPSFiscalNumber); - } - - /** - * Gets the identity link. - * - * @param citizenSignature the citizen signature - * @param representative the representative - * @param represented the represented - * @param mandate the mandate - * @param organizationAddress the organization address - * @param organizationType the organization type - * @return the identity link - * @throws SZRGWClientException - */ - public static CreateIdentityLinkResponse getIdentityLink(IRequest pendingReq, String citizenSignature, - String representative, String represented, String mandateContent, - String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, List<String> filters, String PEPSFiscalNumber) throws SZRGWClientException { - return getIdentityLink(pendingReq, null, null, null, null, null, - citizenSignature, represented, representative, mandateContent, organizationAddress, - organizationType, targetType, targetValue, oaFriendlyName, filters, PEPSFiscalNumber); - } - - public static CreateIdentityLinkResponse getIdentityLink(IRequest pendingReq, String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, List<String> filters, String PEPSFiscalNumber) throws SZRGWClientException { - - try { - AuthConfiguration authConf = AuthConfigurationProviderFactory.getInstance(); - ConnectionParameterInterface connectionParameters = authConf.getForeignIDConnectionParameter(pendingReq.getOnlineApplicationConfiguration()); - - String requestID = UUID.randomUUID().toString(); - SZRGWClient client = new SZRGWClient(connectionParameters); - - CreateIdentityLinkRequest request = new CreateIdentityLinkRequest(); - request.setSignature(citizenSignature.getBytes("UTF-8")); - request.setReqID(requestID); - if(PEPSDateOfBirth!=null || PEPSFamilyname!=null || PEPSFirstname!=null || PEPSIdentifier!=null || representative!=null || represented!=null || mandateContent!=null || organizationAddress!=null || organizationType!=null) - { - PEPSData data = new PEPSData(); - data.setDateOfBirth(PEPSDateOfBirth); - data.setFamilyname(PEPSFamilyname); - data.setFirstname(PEPSFirstname); - data.setIdentifier(PEPSIdentifier); - - data.setFiscalNumber(PEPSFiscalNumber); - - data.setRepresentative(representative); - data.setRepresented(represented); - data.setMandateContent(mandateContent); - - data.setLegalPersonCanonicalRegisteredAddress(organizationAddress); - data.setLegalPersonTranslatableType(organizationType); - - request.setPEPSData(data); - } - if (null != mandateContent) { - MISType mis = new MISType(); - - Target targetObject = new Target(); - targetObject.setType(targetType); - targetObject.setValue(targetValue); - mis.setTarget(targetObject); - - mis.setOAFriendlyName(oaFriendlyName); - - Filters filterObject = new Filters(); - MandateIdentifiers mandateIds = new MandateIdentifiers(); - for(String current : filters) - mandateIds.getMandateIdentifier().add(current.trim()); - filterObject.setMandateIdentifiers(mandateIds); - mis.setFilters(filterObject); - - request.setMIS(mis); - } - - if (MiscUtil.isEmpty(connectionParameters.getUrl())) { - Logger.warn("SZR-Gateway Service URL is empty"); - throw new SZRGWClientException("service.07"); - } - - Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); - CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request, connectionParameters.getUrl()); - return response; - - } - catch (ConfigurationException e) { - Logger.warn(e); - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); - } catch (UnsupportedEncodingException e) { - Logger.warn(e); - } - - return null; - - } - -} +///* +// * Copyright 2014 Federal Chancellery Austria +// * MOA-ID has been developed in a cooperation between BRZ, the Federal +// * Chancellery Austria - ICT staff unit, and Graz University of Technology. +// * +// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +// * the European Commission - subsequent versions of the EUPL (the "Licence"); +// * You may not use this work except in compliance with the Licence. +// * You may obtain a copy of the Licence at: +// * http://www.osor.eu/eupl/ +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the Licence is distributed on an "AS IS" basis, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the Licence for the specific language governing permissions and +// * limitations under the Licence. +// * +// * This product combines work with different licenses. See the "NOTICE" text +// * file for details on the various modules and licenses. +// * The "NOTICE" text file is part of the distribution. Any derivative works +// * that you distribute must include a readable copy of the "NOTICE" text file. +// */ +//package at.gv.egovernment.moa.id.client.utils; +// +//import java.io.UnsupportedEncodingException; +//import java.util.List; +//import java.util.UUID; +// +//import org.opensaml.xml.util.XMLHelper; +//import org.w3c.dom.Element; +// +//import at.gv.egiz.eaaf.core.api.IRequest; +//import at.gv.egovernment.moa.id.client.SZRGWClient; +//import at.gv.egovernment.moa.id.client.SZRGWClientException; +//import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +//import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; +//import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +//import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +//import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; +//import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +//import at.gv.egovernment.moa.logging.Logger; +//import at.gv.egovernment.moa.util.MiscUtil; +//import at.gv.util.xsd.mis.MandateIdentifiers; +//import at.gv.util.xsd.mis.Target; +//import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; +//import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; +//import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; +//import at.gv.util.xsd.srzgw.MISType; +//import at.gv.util.xsd.srzgw.MISType.Filters; +// +///** +// * @author tlenz +// * +// */ +//public class SZRGWClientUtils { +// +// /** +// * Does the request to the SZR-GW. +// * +// * @param signature the signature +// * @return the identity link +// * @throws SZRGWClientException the sZRGW client exception +// * @throws ConfigurationException the configuration exception +// */ +// public static CreateIdentityLinkResponse getIdentityLink(IRequest pendingReq, Element signature) throws SZRGWClientException, ConfigurationException { +// return getIdentityLink(pendingReq, null, null, null, null, XMLHelper.nodeToString(signature), null); +// } +// +// /** +// * Does the request to the SZR-GW. +// * +// * @param PEPSIdentifier the pEPS identifier +// * @param PEPSFirstname the pEPS firstname +// * @param PEPSFamilyname the pEPS familyname +// * @param PEPSDateOfBirth the pEPS date of birth +// * @param signature XMLDSIG signature +// * @return Identity link assertion +// * @throws SZRGWClientException the sZRGW client exception +// * @throws ConfigurationException the configuration exception +// */ +// public static CreateIdentityLinkResponse getIdentityLink(IRequest pendingReq, String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature, String PEPSFiscalNumber) throws SZRGWClientException { +// return getIdentityLink(pendingReq, PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, null, signature, null, null, null, null, null, null, null, PEPSFiscalNumber); +// } +// +// /** +// * SZR-GW Client interface. +// * +// * @param eIdentifier the e identifier +// * @param givenName the given name +// * @param lastName the last name +// * @param dateOfBirth the date of birth +// * @param citizenSignature the citizen signature +// * @param representative the representative +// * @param represented the represented +// * @param mandate the mandate +// * @return the identity link +// * @throws SZRGWClientException the sZRGW client exception +// */ +// public static CreateIdentityLinkResponse getIdentityLink(IRequest pendingReq, String eIdentifier, +// String givenName, String lastName, String dateOfBirth, String gender, +// String citizenSignature, String representative, String represented, +// String mandate, String targetType, String targetValue, String oaFriendlyName, List<String> filters, String PEPSFiscalNumber) throws SZRGWClientException { +// return getIdentityLink(pendingReq, eIdentifier, givenName, lastName, dateOfBirth, gender, +// citizenSignature, representative, represented, mandate, null, +// null, targetType, targetValue, oaFriendlyName, filters, PEPSFiscalNumber); +// } +// +// /** +// * Gets the identity link. +// * +// * @param citizenSignature the citizen signature +// * @param representative the representative +// * @param represented the represented +// * @param mandate the mandate +// * @param organizationAddress the organization address +// * @param organizationType the organization type +// * @return the identity link +// * @throws SZRGWClientException +// */ +// public static CreateIdentityLinkResponse getIdentityLink(IRequest pendingReq, String citizenSignature, +// String representative, String represented, String mandateContent, +// String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, List<String> filters, String PEPSFiscalNumber) throws SZRGWClientException { +// return getIdentityLink(pendingReq, null, null, null, null, null, +// citizenSignature, represented, representative, mandateContent, organizationAddress, +// organizationType, targetType, targetValue, oaFriendlyName, filters, PEPSFiscalNumber); +// } +// +// public static CreateIdentityLinkResponse getIdentityLink(IRequest pendingReq, String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, List<String> filters, String PEPSFiscalNumber) throws SZRGWClientException { +// +// try { +// AuthConfiguration authConf = AuthConfigurationProviderFactory.getInstance(); +// ConnectionParameterInterface connectionParameters = authConf.getForeignIDConnectionParameter(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class)); +// +// String requestID = UUID.randomUUID().toString(); +// SZRGWClient client = new SZRGWClient(connectionParameters); +// +// CreateIdentityLinkRequest request = new CreateIdentityLinkRequest(); +// request.setSignature(citizenSignature.getBytes("UTF-8")); +// request.setReqID(requestID); +// if(PEPSDateOfBirth!=null || PEPSFamilyname!=null || PEPSFirstname!=null || PEPSIdentifier!=null || representative!=null || represented!=null || mandateContent!=null || organizationAddress!=null || organizationType!=null) +// { +// PEPSData data = new PEPSData(); +// data.setDateOfBirth(PEPSDateOfBirth); +// data.setFamilyname(PEPSFamilyname); +// data.setFirstname(PEPSFirstname); +// data.setIdentifier(PEPSIdentifier); +// +// data.setFiscalNumber(PEPSFiscalNumber); +// +// data.setRepresentative(representative); +// data.setRepresented(represented); +// data.setMandateContent(mandateContent); +// +// data.setLegalPersonCanonicalRegisteredAddress(organizationAddress); +// data.setLegalPersonTranslatableType(organizationType); +// +// request.setPEPSData(data); +// } +// if (null != mandateContent) { +// MISType mis = new MISType(); +// +// Target targetObject = new Target(); +// targetObject.setType(targetType); +// targetObject.setValue(targetValue); +// mis.setTarget(targetObject); +// +// mis.setOAFriendlyName(oaFriendlyName); +// +// Filters filterObject = new Filters(); +// MandateIdentifiers mandateIds = new MandateIdentifiers(); +// for(String current : filters) +// mandateIds.getMandateIdentifier().add(current.trim()); +// filterObject.setMandateIdentifiers(mandateIds); +// mis.setFilters(filterObject); +// +// request.setMIS(mis); +// } +// +// if (MiscUtil.isEmpty(connectionParameters.getUrl())) { +// Logger.warn("SZR-Gateway Service URL is empty"); +// throw new SZRGWClientException("service.07"); +// } +// +// Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); +// CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request, connectionParameters.getUrl()); +// return response; +// +// } +// catch (ConfigurationException e) { +// Logger.warn(e); +// Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); +// } catch (UnsupportedEncodingException e) { +// Logger.warn(e); +// } +// +// return null; +// +// } +// +//} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java index 8b0134f9c..f44ec756e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java @@ -46,14 +46,17 @@ package at.gv.egovernment.moa.id.config; +import java.net.MalformedURLException; import java.util.ArrayList; import java.util.Map; import java.util.Properties; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.impl.idp.conf.AbstractConfigurationImpl; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap; import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.SpringProfileConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; import at.gv.egovernment.moa.logging.Logger; import at.gv.util.config.EgovUtilPropertiesConfiguration; @@ -65,14 +68,15 @@ import at.gv.util.config.EgovUtilPropertiesConfiguration; * @author Paul Ivancsics * @version $Id$ */ -public abstract class ConfigurationProviderImpl implements ConfigurationProvider{ +public abstract class ConfigurationProviderImpl extends AbstractConfigurationImpl implements ConfigurationProvider{ /** * Constructor + * @throws EAAFConfigurationException */ - public ConfigurationProviderImpl() { - - super(); + public ConfigurationProviderImpl(String configFilePath) throws EAAFConfigurationException { + super(configFilePath); + } private EgovUtilPropertiesConfiguration eGovUtilsConfig = null; @@ -117,26 +121,7 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider /** The default chaining mode. */ protected String defaultChainingMode = "pkix"; - - /** - * main configuration file directory name used to configure MOA-ID - */ - protected String rootConfigFileDir; - - - protected Properties configProp = null; - - /** - * Returns the main configuration file directory used to configure MOA-ID - * - * @return the directory - */ - public String getRootConfigFileDir() { - return rootConfigFileDir; - } - - public String getDefaultChainingMode() { return defaultChainingMode; } @@ -147,15 +132,17 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider * @return */ public Properties getDBConnectionConfiguration() { - return this.configProp; + return getFullConfigurationProperties(); + } /** * @param properties * @throws ConfigurationException * @throws org.opensaml.xml.ConfigurationException + * @throws MalformedURLException */ - public void initial(Properties props) throws ConfigurationException, org.opensaml.xml.ConfigurationException { + protected void initial(Properties props) throws ConfigurationException, org.opensaml.xml.ConfigurationException, MalformedURLException { //Initial Hibernate Framework Logger.trace("Initializing Hibernate framework."); try { @@ -174,7 +161,7 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider } // read Config Hibernate properties - configProp = new Properties(); + Properties configProp = new Properties(); for (Object key : props.keySet()) { String propPrefix = "configuration."; if (key.toString().startsWith(propPrefix+"hibernate")) { @@ -192,37 +179,7 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider statisticProps.put(propertyName, props.get(key.toString())); } } - -// // initialize hibernate -// synchronized (ConfigurationProviderImpl.class) { -// -// //Initial config Database -// // ConfigurationDBUtils.initHibernate(configProp); -// -// //initial MOAID Session Database -// Configuration config = new Configuration(); -// config.addAnnotatedClass(AssertionStore.class); -// config.addAnnotatedClass(AuthenticatedSessionStore.class); -// config.addAnnotatedClass(OASessionStore.class); -// config.addAnnotatedClass(OldSSOSessionIDStore.class); -// config.addAnnotatedClass(InterfederationSessionStore.class); -// //config.addAnnotatedClass(ProcessInstanceStore.class); -// config.addProperties(moaSessionProp); -// //MOASessionDBUtils.initHibernate(config, moaSessionProp); -// -// //initial advanced logging -//// if (Boolean.valueOf(props.getProperty("configuration.advancedlogging.active", "false"))) { -//// Logger.info("Advanced statistic log is activated, starting initialization process ..."); -//// Configuration statisticconfig = new Configuration(); -//// statisticconfig.addAnnotatedClass(StatisticLog.class); -//// statisticconfig.addProperties(statisticProps); -//// StatisticLogDBUtils.initHibernate(statisticconfig, statisticProps); -//// Logger.info("Advanced statistic log is initialized."); -//// } -// -// } -// Logger.trace("Hibernate initialization finished."); - + } catch (ExceptionInInitializerError e) { throw new ConfigurationException("config.17", null, e); @@ -234,7 +191,7 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider //Initialize OpenSAML for STORK Logger.info("Starting initialization of OpenSAML..."); - MOADefaultBootstrap.bootstrap(); + EAAFDefaultSAML2Bootstrap.bootstrap(); //DefaultBootstrap.bootstrap(); Logger.debug("OpenSAML successfully initialized"); @@ -251,7 +208,7 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider if (!eGovUtilsConfigProp.isEmpty()) { Logger.info("Start eGovUtils client implementation configuration ..."); eGovUtilsConfig = - new EgovUtilPropertiesConfiguration(eGovUtilsConfigProp, rootConfigFileDir); + new EgovUtilPropertiesConfiguration(eGovUtilsConfigProp, getConfigurationRootDirectory().toURL().toString()); } this.generateActiveProfiles(props); @@ -291,5 +248,18 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider Logger.debug("Set active Spring-Profiles to: " + activeProfiles); return activeProfiles.toArray(new String[0]); } + + public String getRootConfigFileDir() throws ConfigurationException { + try { + return getConfigurationRootDirectory().toURL().toString(); + + } catch (MalformedURLException e) { + Logger.error("Can not read Config-Root Directory.", e); + throw new ConfigurationException("config.03", null, e); + + } + + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java index 5642861c5..a2dfeba2f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java @@ -52,20 +52,19 @@ import java.security.PrivateKey; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; -import java.util.Collections; import java.util.HashMap; -import java.util.Iterator; import java.util.List; import java.util.Map; -import java.util.Map.Entry; import java.util.Set; import org.apache.commons.lang.SerializationUtils; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.MOAIDConstants; -import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IStorkConfig; import at.gv.egovernment.moa.id.commons.api.data.BPKDecryptionParameters; @@ -75,8 +74,7 @@ import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; -import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; +import at.gv.egovernment.moa.id.commons.validation.TargetValidator; import at.gv.egovernment.moa.id.data.EncryptedData; import at.gv.egovernment.moa.id.util.ConfigurationEncrytionUtil; import at.gv.egovernment.moa.logging.Logger; @@ -91,56 +89,24 @@ import at.gv.egovernment.moa.util.MiscUtil; * * @author Thomas Lenz */ -public class OAAuthParameter implements IOAAuthParameters, Serializable{ +public class OAAuthParameterDecorator implements IOAAuthParameters, Serializable{ - /** - * - */ private static final long serialVersionUID = -6522544229837934376L; - final public static String DEFAULT_KEYBOXIDENTIFIER = "SecureSignatureKeypair"; - private Map<String, String> oaConfiguration; - private List<String> targetAreasWithNoInteralBaseIdRestriction = new ArrayList<String>(); - private List<String> targetAreasWithNoBaseIdTransmissionRestriction = new ArrayList<String>(); + + private ISPConfiguration spConfiguration; + - public OAAuthParameter(final Map<String, String> oa, AuthConfiguration authConfig) { - this.oaConfiguration = oa; - - //set oa specific restrictions - targetAreasWithNoInteralBaseIdRestriction = KeyValueUtils.getListOfCSVValues( - authConfig.getBasicMOAIDConfiguration( - CONFIG_KEY_RESTRICTIONS_BASEID_INTERNAL, - MOAIDAuthConstants.PREFIX_CDID)); - - targetAreasWithNoBaseIdTransmissionRestriction = KeyValueUtils.getListOfCSVValues( - authConfig.getBasicMOAIDConfiguration( - CONFIG_KEY_RESTRICTIONS_BASEID_TRANSMISSION, - MOAIDAuthConstants.PREFIX_CDID)); - - if (Logger.isTraceEnabled()) { - Logger.trace("Internal policy for OA: " + getPublicURLPrefix()); - for (String el : targetAreasWithNoInteralBaseIdRestriction) - Logger.trace(" Allow baseID processing for prefix " + el); - for (String el : targetAreasWithNoBaseIdTransmissionRestriction) - Logger.trace(" Allow baseID transfer for prefix " + el); - - } - } + public OAAuthParameterDecorator(ISPConfiguration spConfiguration) { + this.spConfiguration = spConfiguration; + } - - public Map<String, String> getFullConfiguration() { - return Collections.unmodifiableMap(this.oaConfiguration); - } - - public String getConfigurationValue(String key) { - return this.oaConfiguration.get(key); - } - + @Override - public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException { + public boolean hasBaseIdInternalProcessingRestriction() { String targetAreaIdentifier = getAreaSpecificTargetIdentifier(); - for (String el : targetAreasWithNoInteralBaseIdRestriction) { + for (String el : spConfiguration.getTargetsWithNoBaseIdInternalProcessingRestriction()) { if (targetAreaIdentifier.startsWith(el)) return false; @@ -150,9 +116,9 @@ public class OAAuthParameter implements IOAAuthParameters, Serializable{ } @Override - public boolean hasBaseIdTransferRestriction() throws ConfigurationException { + public boolean hasBaseIdTransferRestriction() { String targetAreaIdentifier = getAreaSpecificTargetIdentifier(); - for (String el : targetAreasWithNoBaseIdTransmissionRestriction) { + for (String el : spConfiguration.getTargetsWithNoBaseIdTransferRestriction()) { if (targetAreaIdentifier.startsWith(el)) return false; @@ -162,7 +128,7 @@ public class OAAuthParameter implements IOAAuthParameters, Serializable{ } @Override - public String getAreaSpecificTargetIdentifier() throws ConfigurationException { + public String getAreaSpecificTargetIdentifier() { if (getBusinessService()) return getIdentityLinkDomainIdentifier(); else @@ -185,8 +151,8 @@ public class OAAuthParameter implements IOAAuthParameters, Serializable{ */ //@Override private String getIdentityLinkDomainIdentifier() { - String type = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE); - String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE); + String type = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE); + String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE); if (MiscUtil.isNotEmpty(type) && MiscUtil.isNotEmpty(value)) { if (MOAIDConstants.IDENIFICATIONTYPE_STORK.equals(type)) { return MOAIDConstants.PREFIX_STORK + "AT" + "+" + value; @@ -208,7 +174,7 @@ private String getIdentityLinkDomainIdentifier() { */ //@Override private String getIdentityLinkDomainIdentifierType() { - String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE); + String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE); if (MiscUtil.isNotEmpty(value)) return MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(value); @@ -221,17 +187,17 @@ private String getIdentityLinkDomainIdentifierType() { */ //@Override private String getTarget() { - if (Boolean.parseBoolean(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_OWN))) - return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_TARGET); + if (Boolean.parseBoolean(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_OWN))) + return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_TARGET); else { - if (Boolean.parseBoolean(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_SUB))) { - return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET) + if (Boolean.parseBoolean(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_SUB))) { + return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET) + "-" - + oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET_SUB); + + spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET_SUB); } else { - return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET); + return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET); } } } @@ -241,11 +207,11 @@ private String getTarget() { */ //@Override private String getTargetFriendlyName() { - if (Boolean.parseBoolean(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_OWN))) - return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME); + if (Boolean.parseBoolean(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_OWN))) + return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME); else - return TargetToSectorNameMapper.getSectorNameViaTarget(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET)); + return TargetValidator.getTargetFriendlyName(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET)); } @@ -254,7 +220,7 @@ private String getTargetFriendlyName() { */ @Override public String getKeyBoxIdentifier() { - String keyBoxId = oaConfiguration.get( + String keyBoxId = spConfiguration.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_BKU_KEYBOXIDENTIFIER); if (MiscUtil.isNotEmpty(keyBoxId)) return keyBoxId; @@ -269,33 +235,33 @@ public String getKeyBoxIdentifier() { @Override public SAML1ConfigurationParameters getSAML1Parameter() { SAML1ConfigurationParameters returnValue = new SAML1ConfigurationParameters(); - if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_ENABLED)) + if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_ENABLED)) returnValue.setActive( - Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_ENABLED))); + Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_ENABLED))); - if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_AUTHBLOCK)) + if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_AUTHBLOCK)) returnValue.setProvideAuthBlock( - Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_AUTHBLOCK))); + Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_AUTHBLOCK))); - if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_IDL)) + if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_IDL)) returnValue.setProvideIdl( - Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_IDL))); + Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_IDL))); - if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID)) + if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID)) returnValue.setProvideBaseId( - Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID))); + Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID))); - if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_CERTIFICATE)) + if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_CERTIFICATE)) returnValue.setProvideCertificate( - Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_CERTIFICATE))); + Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_CERTIFICATE))); - if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_MANDATE)) + if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_MANDATE)) returnValue.setProvideMandate( - Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_MANDATE))); + Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_MANDATE))); - if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR)) + if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR)) returnValue.setProvideAllErrors( - Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR))); + Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR))); return returnValue; } @@ -307,14 +273,14 @@ public String getKeyBoxIdentifier() { public List<String> getTemplateURL() { List<String> list = new ArrayList<String>(); - if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE)) - list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE)); + if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE)) + list.add(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE)); - if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE)) - list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE)); + if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE)) + list.add(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE)); - if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE)) - list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE)); + if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE)) + list.add(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE)); return list; } @@ -324,7 +290,7 @@ public String getKeyBoxIdentifier() { */ @Override public String getAditionalAuthBlockText() { - return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT); + return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT); } @@ -334,16 +300,16 @@ public String getKeyBoxIdentifier() { @Override public String getBKUURL(String bkutype) { if (bkutype.equals(THIRDBKU)) { - return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD); + return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD); } else if (bkutype.equals(HANDYBKU)) { - return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY); + return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY); } else if (bkutype.equals(LOCALBKU)) { - return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL); + return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL); } else if (bkutype.equals(ONLINEBKU)) { - return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD); + return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD); } @@ -361,14 +327,14 @@ public String getKeyBoxIdentifier() { public List<String> getBKUURL() { List<String> list = new ArrayList<String>(); - if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD)) - list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD)); + if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD)) + list.add(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD)); - if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY)) - list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY)); + if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY)) + list.add(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY)); - if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL)) - list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL)); + if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL)) + list.add(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL)); return list; } @@ -380,7 +346,7 @@ public String getKeyBoxIdentifier() { @Override public boolean useSSO() { try { - return Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_SSO_ENABLED)); + return Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SSO_ENABLED)); } catch (Exception e) { Logger.warn("Use SSO configuration parameter is not parseable.", e); @@ -395,7 +361,7 @@ public String getKeyBoxIdentifier() { @Override public boolean useSSOQuestion() { try { - return Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_SSO_USERREQUEST)); + return Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SSO_USERREQUEST)); } catch (Exception e) { Logger.warn("SSO user question configuration parameter is not parseable.", e); @@ -408,7 +374,7 @@ public String getKeyBoxIdentifier() { */ @Override public List<String> getMandateProfiles() { - String profileConfig = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_PROFILES); + String profileConfig = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_PROFILES); if (MiscUtil.isNotEmpty(profileConfig)) { List<String> list = new ArrayList<String>(); @@ -430,7 +396,7 @@ public List<String> getMandateProfiles() { @Override public boolean isShowMandateCheckBox() { try { - return Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_USE)); + return Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_USE)); } catch (Exception e) { Logger.warn("Enable mandates configuration parameter is not parseable.", e); @@ -444,7 +410,7 @@ public boolean isShowMandateCheckBox() { @Override public boolean isOnlyMandateAllowed() { try { - return Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_ONLY)); + return Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_ONLY)); } catch (Exception e) { Logger.warn("Use ONLY mandates configuration parameter is not parseable.", e); @@ -458,7 +424,7 @@ public boolean isOnlyMandateAllowed() { @Override public boolean isShowStorkLogin() { try { - return Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED)); + return Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED)); } catch (Exception e) { Logger.warn("Enable STORK login configuration parameter is not parseable.", e); @@ -472,7 +438,7 @@ public boolean isOnlyMandateAllowed() { */ @Override public String getQaaLevel() { - String eidasLoALevel = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL); + String eidasLoALevel = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL); if (MiscUtil.isEmpty(eidasLoALevel)) return MOAIDConstants.eIDAS_LOA_HIGH; else @@ -488,23 +454,23 @@ public Collection<StorkAttribute> getRequestedSTORKAttributes() { Map<String, Integer> attrMap = new HashMap<String, Integer>(); Map<String, StorkAttribute> resultMap = new HashMap<String, StorkAttribute>(); - Set<String> configKeys = oaConfiguration.keySet(); + Set<String> configKeys = spConfiguration.getFullConfiguration().keySet(); for (String el : configKeys) { if (el.startsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST)) { String index = KeyValueUtils.getFirstChildAfterPrefix(el, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST); if (!attrMap.containsKey(index)) { - String isRequested = oaConfiguration.get( + String isRequested = spConfiguration.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_REQUESTED); if (MiscUtil.isNotEmpty(isRequested) && Boolean.parseBoolean(isRequested)) { StorkAttribute attr = new StorkAttribute( - oaConfiguration.get( + spConfiguration.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME), - Boolean.valueOf(oaConfiguration.get( + Boolean.valueOf(spConfiguration.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY))); @@ -540,13 +506,13 @@ public boolean isRequireConsentForStorkAttributes() { if (isSTORKPVPGateway()) return false; - if (MiscUtil.isEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_REQUIRECONSENT))) { + if (MiscUtil.isEmpty(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_REQUIRECONSENT))) { Logger.info("isRequireConsentForStorkAttributes() is empty, returning default value 'true'"); return true; } - return Boolean.parseBoolean(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_REQUIRECONSENT)); + return Boolean.parseBoolean(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_REQUIRECONSENT)); }catch(Exception e) { Logger.warn("isRequireConsentForStorkAttributes() failed, returning default value 'true'", e); @@ -560,21 +526,21 @@ public boolean isRequireConsentForStorkAttributes() { @Override public Collection<StorkAttributeProviderPlugin> getStorkAPs() { Map<String, StorkAttributeProviderPlugin> pluginMap = new HashMap<String, StorkAttributeProviderPlugin>(); - Set<String> configKeys = oaConfiguration.keySet(); + Set<String> configKeys = spConfiguration.getFullConfiguration().keySet(); for (String el : configKeys) { if (el.startsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST)) { String index = KeyValueUtils.getFirstChildAfterPrefix(el, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST); if (!pluginMap.containsKey(index)) { StorkAttributeProviderPlugin attr = new StorkAttributeProviderPlugin( - oaConfiguration.get( + spConfiguration.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME), - oaConfiguration.get( + spConfiguration.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_URL), - oaConfiguration.get( + spConfiguration.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_ATTRIBUTES)); @@ -592,7 +558,7 @@ public Collection<StorkAttributeProviderPlugin> getStorkAPs() { @Override public byte[] getBKUSelectionTemplate() { try { - String bkuSelectionTemplateBase64 = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA); + String bkuSelectionTemplateBase64 = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA); if (MiscUtil.isNotEmpty(bkuSelectionTemplateBase64)) { return Base64Utils.decode(bkuSelectionTemplateBase64, false); @@ -612,7 +578,7 @@ public byte[] getBKUSelectionTemplate() { @Override public byte[] getSendAssertionTemplate() { try { - String bkuSelectionTemplateBase64 = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA); + String bkuSelectionTemplateBase64 = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA); if (MiscUtil.isNotEmpty(bkuSelectionTemplateBase64)) { return Base64Utils.decode(bkuSelectionTemplateBase64, false); @@ -635,18 +601,18 @@ public Collection<CPEPS> getPepsList() { try { IStorkConfig availableSTORKConfig = AuthConfigurationProviderFactory.getInstance().getStorkConfig(); if (availableSTORKConfig != null) { - Set<String> configKeys = oaConfiguration.keySet(); + Set<String> configKeys = spConfiguration.getFullConfiguration().keySet(); for (String el : configKeys) { if (el.startsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST)) { String index = KeyValueUtils.getFirstChildAfterPrefix(el, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST); if (!cPEPSMap.containsKey(index)) { - if (Boolean.parseBoolean(oaConfiguration.get( + if (Boolean.parseBoolean(spConfiguration.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_ENABLED))) { CPEPS availableCPEPS = availableSTORKConfig.getCPEPSWithFullName( - oaConfiguration.get( + spConfiguration.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE)); @@ -672,13 +638,13 @@ public Collection<CPEPS> getPepsList() { */ @Override public String getIDPAttributQueryServiceURL() { - return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_ATTRIBUTQUERY_URL); + return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_ATTRIBUTQUERY_URL); } @Override public boolean isInboundSSOInterfederationAllowed() { - String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_INBOUND); + String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_INBOUND); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else @@ -687,7 +653,7 @@ public boolean isInboundSSOInterfederationAllowed() { @Override public boolean isOutboundSSOInterfederationAllowed() { - String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_OUTBOUND); + String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_OUTBOUND); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else @@ -696,7 +662,7 @@ public boolean isOutboundSSOInterfederationAllowed() { @Override public boolean isPassivRequestUsedForInterfederation() { - String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_PASSIVEREQUEST); + String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_PASSIVEREQUEST); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else @@ -705,7 +671,7 @@ public boolean isPassivRequestUsedForInterfederation() { @Override public boolean isPerformLocalAuthenticationOnInterfederationError() { - String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_LOCALAUTHONERROR); + String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_LOCALAUTHONERROR); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else @@ -714,7 +680,7 @@ public boolean isPerformLocalAuthenticationOnInterfederationError() { @Override public boolean isInterfederationSSOStorageAllowed() { - String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_STORE); + String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_STORE); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else @@ -728,7 +694,7 @@ public boolean isIDPPublicService() throws ConfigurationException { public String getSTORKPVPForwardEntity() { - return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER); + return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER); } @@ -737,7 +703,7 @@ public String getSTORKPVPForwardEntity() { */ @Override public boolean isTestCredentialEnabled() { - String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_ENABLED); + String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_ENABLED); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else @@ -750,7 +716,7 @@ public boolean isTestCredentialEnabled() { */ @Override public List<String> getTestCredentialOIDs() { - String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_OIDs); + String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_OIDs); if (MiscUtil.isNotEmpty(value)) { List<String> list = new ArrayList<String>(); String profilesArray[] = value.split(","); @@ -774,9 +740,9 @@ public PrivateKey getBPKDecBpkDecryptionKey() { try { EncryptedData encdata = new EncryptedData( Base64Utils.decode( - oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_FOREIGNBPK_DECRYPT_BLOB), false), + spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_FOREIGNBPK_DECRYPT_BLOB), false), Base64Utils.decode( - oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_FOREIGNBPK_DECRYPT_IV), false)); + spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_FOREIGNBPK_DECRYPT_IV), false)); byte[] serializedData = ConfigurationEncrytionUtil.getInstance().decrypt(encdata); BPKDecryptionParameters data = @@ -804,12 +770,13 @@ public PrivateKey getBPKDecBpkDecryptionKey() { */ @Override public String getPublicURLPrefix() { - return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + return spConfiguration.getUniqueIdentifier(); + } private boolean getBusinessService() { - String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); + String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else @@ -821,7 +788,7 @@ private boolean getBusinessService() { */ @Override public boolean isInderfederationIDP() { - String value = oaConfiguration.get(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); + String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); return MOAIDConfigurationConstants.PREFIX_IIDP.equals(value); } @@ -832,7 +799,7 @@ public boolean isInderfederationIDP() { */ @Override public boolean isSTORKPVPGateway() { - String value = oaConfiguration.get(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); + String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); return MOAIDConfigurationConstants.PREFIX_GATEWAY.equals(value); } @@ -845,7 +812,7 @@ public boolean isSTORKPVPGateway() { */ @Override public String getFriendlyName() { - return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME); + return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME); } @@ -866,7 +833,7 @@ public String getFriendlyName() { * @return true/false if bPK or wbPK should not be visible in AuthBlock */ public boolean isRemovePBKFromAuthBlock() { - String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCK_REMOVEBPK); + String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCK_REMOVEBPK); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else @@ -879,9 +846,9 @@ public boolean isRemovePBKFromAuthBlock() { */ @Override public List<Integer> getReversionsLoggingEventCodes() { - String isEnabled = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_ENABLED); + String isEnabled = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_ENABLED); if (MiscUtil.isNotEmpty(isEnabled) && Boolean.parseBoolean(isEnabled)) { - String eventCodes = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES); + String eventCodes = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES); if (MiscUtil.isNotEmpty(eventCodes)) { String[] codes = eventCodes.split(","); List<Integer> result = new ArrayList<Integer>(); @@ -908,7 +875,7 @@ public List<Integer> getReversionsLoggingEventCodes() { */ @Override public boolean isUseIDLTestTrustStore() { - String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_USETESTIDLTRUSTSTORE); + String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_USETESTIDLTRUSTSTORE); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else @@ -921,7 +888,7 @@ public boolean isUseIDLTestTrustStore() { */ @Override public boolean isUseAuthBlockTestTestStore() { - String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_USETESTAUTHBLOCKTRUSTSTORE); + String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_USETESTAUTHBLOCKTRUSTSTORE); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else @@ -929,10 +896,110 @@ public boolean isUseAuthBlockTestTestStore() { } public String toString() { - if (oaConfiguration != null) - return Arrays.asList(oaConfiguration).toString(); + if (spConfiguration.getFullConfiguration() != null) + return Arrays.asList(spConfiguration.getFullConfiguration()).toString(); return "Object not initialized"; } + +@Override +public boolean containsConfigurationKey(String arg0) { + return spConfiguration.containsConfigurationKey(arg0); + +} + +@Override +public List<String> foreignbPKSectorsRequested() { + String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN); + if (MiscUtil.isNotEmpty(value)) + return KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(value)); + + else + return null; + +} + + + +@Override +public Map<String, String> getFullConfiguration() { + return spConfiguration.getFullConfiguration(); +} + + +@Override +/** + * THIS METHODE IS NOT SUPPORTED IN THIS IMPLEMENTATION + */ +public List<String> getTargetsWithNoBaseIdInternalProcessingRestriction() { + return null; +} + + +@Override +/** + * THIS METHODE IS NOT SUPPORTED IN THIS IMPLEMENTATION + */ +public List<String> getTargetsWithNoBaseIdTransferRestriction() { + return null; +} + + +@Override +public String getUniqueIdentifier() { + return getPublicURLPrefix(); +} + + +@Override +public List<String> getRequiredLoA() { + String loa = getQaaLevel(); + if (loa != null) + return Arrays.asList(loa); + else + return null; +} + +@Override +public String getLoAMatchingMode() { + return EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM; +} + +@Override +public String getConfigurationValue(String key) { + return spConfiguration.getConfigurationValue(key); +} + +@Override +public String getConfigurationValue(String key, String defaultValue) { + String value = getConfigurationValue(key); + if (value == null) + return defaultValue; + else + return value; +} + + +@Override +public Boolean isConfigurationValue(String key) { + String value = getConfigurationValue(key); + if (value == null) + return Boolean.parseBoolean(value); + + return null; + +} + + +@Override +public boolean isConfigurationValue(String key, boolean defaultValue) { + String value = getConfigurationValue(key); + if (value == null) + return Boolean.parseBoolean(value); + else + return defaultValue; + +} + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java index d3e340a90..fff019ae7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java @@ -1,12 +1,6 @@ package at.gv.egovernment.moa.id.config.auth; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; import java.net.MalformedURLException; -import java.net.URI; -import java.net.URISyntaxException; import java.net.URL; import java.util.ArrayList; import java.util.Arrays; @@ -20,6 +14,11 @@ import java.util.Properties; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.transaction.annotation.Transactional; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.idp.conf.SPConfigurationImpl; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; @@ -35,7 +34,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOASP; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.SecurityLayer; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl; import at.gv.egovernment.moa.id.config.ConfigurationUtils; import at.gv.egovernment.moa.id.config.ConnectionParameter; @@ -55,111 +53,77 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide private static final boolean TRUST_MANAGER_REVOCATION_CHECKING_DEFAULT = true; - private MOAIDConfiguration configuration; - private final Properties properties = new Properties(); - + private MOAIDConfiguration configuration; private boolean requireJDBCBackupImplementation = false; - public PropertyBasedAuthConfigurationProvider(String configFileName) throws ConfigurationException { - if (configFileName == null) { - configFileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); - - if (MiscUtil.isEmpty(configFileName)) - throw new ConfigurationException("config.01", null); - } - - Logger.info("Loading MOA-ID-AUTH configuration " + configFileName); - - try { - URI fileURI = new URI(configFileName); - //instance = new PropertyBasedAuthConfigurationProvider(fileURI); - initialize(fileURI); - - } catch (URISyntaxException e){ - Logger.error("MOA-ID-Auth configuration file does not starts with file:/ as prefix.", e); - throw new ConfigurationException("config24", new Object[]{MOAIDAuthConstants.FILE_URI_PREFIX, configFileName}); + public PropertyBasedAuthConfigurationProvider(String configFileName) throws ConfigurationException, EAAFConfigurationException { + super(configFileName); +// try { + Logger.info("Loading MOA-ID-AUTH configuration " + getConfigurationFilePath().toString()); + initialize(); - } +// } catch (URISyntaxException e){ +// Logger.error("MOA-ID-Auth configuration file does not starts with file:/ as prefix.", e); +// throw new ConfigurationException("config24", new Object[]{MOAIDAuthConstants.FILE_URI_PREFIX, configFileName}); +// +// } } -// /** -// * The constructor with path to a properties file as argument. -// * -// * @param fileName the path to the properties file -// * @throws ConfigurationException if an error occurs during loading the properties file. -// */ -// public PropertyBasedAuthConfigurationProvider(URI fileName) throws ConfigurationException { -// initialize(fileName); -// -// } + + //TODO: add EAAFCore configuration prefix if required + @Override + public String getApplicationSpecificKeyPrefix() { + return null; + + } - private void initialize(URI fileName) throws ConfigurationException { - File propertiesFile = new File(fileName); - rootConfigFileDir = propertiesFile.getParent(); - try { - rootConfigFileDir = new File(rootConfigFileDir).toURI().toURL().toString(); - - } catch (MalformedURLException t) { - throw new ConfigurationException("config.03", null, t); - - } + @Override + protected String getBackupConfigPath() { + return System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); - FileInputStream in = null; - try { - in = new FileInputStream(propertiesFile); - properties.load(in); - super.initial(properties); - -// JPAPropertiesWithJavaConfig.setLocalProperties(configProp); -// System.getProperties().setProperty("location", "file:" + fileName); -// context = new ClassPathXmlApplicationContext( -// new String[] { "moaid.configuration.beans.xml", -// "configuration.beans.xml" -// }); -// AutowireCapableBeanFactory acbFactory = context.getAutowireCapableBeanFactory(); -// acbFactory.autowireBean(this); - - //Some databases do not allow the selection of a lob in SQL where expression - String dbDriver = properties.getProperty("configuration.hibernate.connection.driver_class"); - if (MiscUtil.isNotEmpty(dbDriver)) { - for (String el:MOAIDConstants.JDBC_DRIVER_NEEDS_WORKAROUND) { - if (dbDriver.startsWith(el)) { - requireJDBCBackupImplementation = true; - Logger.info("JDBC driver '" + dbDriver - + "' is blacklisted --> Switch to alternative DB access methode implementation."); - - } - } - } - - - } catch (FileNotFoundException e) { - throw new ConfigurationException("config.03", null, e); + } + + + /** + * Provides configuration information regarding the online application behind the given URL, relevant to the MOA-ID Auth component. + * + * @param oaURL URL requested for an online application + * @return an <code>OAAuthParameter</code>, or <code>null</code> if none is applicable + */ + @Override + @Transactional + public ISPConfiguration getServiceProviderConfiguration(String spIdentifier) throws EAAFConfigurationException { + Map<String, String> oa = getActiveOnlineApplication(spIdentifier); + if (oa == null) { + return null; + } + + return new OAAuthParameterDecorator(new SPConfigurationImpl(oa, this)); - } catch (IOException e) { - throw new ConfigurationException("config.03", null, e); - - } catch (org.opensaml.xml.ConfigurationException e) { - Logger.error("OpenSAML initilalization FAILED. ", e); - throw new ConfigurationException("config.23", null, e); - - } catch (Exception e) { - Logger.error("General error during start-up process.", e); - throw new ConfigurationException("init.02", null, e); - - - } finally { - if (in != null) - try { - in.close(); - - } catch (IOException e) { - Logger.warn("Close MOA-ID-Auth configuration file FAILED.", e); + } + + /** + * Provides configuration information regarding the online application behind the given URL, relevant to the MOA-ID Auth component. + * + * @param oaURL URL requested for an online application + * @return an <code>OAAuthParameter</code>, or <code>null</code> if none is applicable + */ + @SuppressWarnings("unchecked") + @Override + @Transactional + public <T> T getServiceProviderConfiguration(String spIdentifier, final Class<T> decorator) throws EAAFConfigurationException { + ISPConfiguration spConfig = getServiceProviderConfiguration(spIdentifier); + if (spConfig != null && decorator != null) { + if (decorator.isInstance(spConfig)) + return (T)spConfig; + else + Logger.error("SPConfig: " + spConfig.getClass().getName() + " is NOT instance of: " + decorator.getName()); - } } + return null; + } /** @@ -172,14 +136,6 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide } /** - * Get the properties. - * @return the properties - */ - private Properties getProperties() { - return properties; - } - - /** * Method that avoids iterating over a {@link Collection} of type {@code T} which is actual {@code null}. * @param item the collection * @return the given {@link Collection} {@code item} if it is not {@code null}, or an empty {@link List} otherwise. @@ -225,23 +181,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide } } - - public String getBasicMOAIDConfiguration(final String key) { - return properties.getProperty(key); - - } - - public String getBasicMOAIDConfiguration(final String key, final String defaultValue) { - return properties.getProperty(key, defaultValue); - - } - - public Map<String, String> getBasicMOAIDConfigurationWithPrefix(final String prefix) { - return KeyValueUtils.getSubSetWithPrefix(KeyValueUtils.concertPropertiesToMap(properties), prefix); - } - - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getPropertyWithKey(java.lang.String) */ @@ -400,22 +340,6 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide } /** - * Provides configuration information regarding the online application behind the given URL, relevant to the MOA-ID Auth component. - * - * @param oaURL URL requested for an online application - * @return an <code>OAAuthParameter</code>, or <code>null</code> if none is applicable - */ - @Transactional - public OAAuthParameter getOnlineApplicationParameter(String oaURL) { - Map<String, String> oa = getActiveOnlineApplication(oaURL); - if (oa == null) { - return null; - } - - return new OAAuthParameter(oa, this); - } - - /** * Returns a string with a url-reference to the VerifyAuthBlock trust profile id within the moa-sp part of the authentication component. * * @return a string with a url-reference to the VerifyAuthBlock trust profile ID. @@ -505,7 +429,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_URL); if (moaspURL != null) { result = - new ConnectionParameterMOASP(moaspURL, this.getProperties(), this.getRootConfigFileDir()); + new ConnectionParameterMOASP(moaspURL, getFullConfigurationProperties(), getRootConfigFileDir()); } @@ -517,41 +441,42 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide return result; } - /** - * Returns the {@link ConnectionParameter} for the ForeignID. NOTE: may return {@code null}. - * - * @return the connection parameter. - * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}. - */ - @Transactional - public ConnectionParameter getForeignIDConnectionParameter(IOAAuthParameters oaParameters) throws ConfigurationException { - String serviceURL = null; - try { - //load OA specific MIS service URL if OA configuration exists - if (oaParameters != null) - serviceURL = oaParameters.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL); - - //get first entry from general configuration if no OA specific URL exists - if (MiscUtil.isEmpty(serviceURL)) { - List<String> serviceURLs = KeyValueUtils.getListOfCSVValues( - configuration.getStringValue(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL)); - if (serviceURLs.size() > 0) - serviceURL = serviceURLs.get(0); - - } - - if (MiscUtil.isNotEmpty(serviceURL)) - return new ConnectionParameterMandate(serviceURL, this.getProperties(), this.getRootConfigFileDir()); - - else - throw new ConfigurationException("service.09", new Object[]{"NO SZR-GW Service URL"}); - - } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { - Logger.warn("Initialize SZR-GW service connection parameters FAILED.", e); - throw new ConfigurationException("service.09", new Object[]{e.getMessage()}, e); - - } - } +// /** +// * Returns the {@link ConnectionParameter} for the ForeignID. NOTE: may return {@code null}. +// * +// * @return the connection parameter. +// * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}. +// */ +// @Transactional +// @Deprecated +// public ConnectionParameter getForeignIDConnectionParameter(IOAAuthParameters oaParameters) throws ConfigurationException { +// String serviceURL = null; +// try { +// //load OA specific MIS service URL if OA configuration exists +// if (oaParameters != null) +// serviceURL = oaParameters.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL); +// +// //get first entry from general configuration if no OA specific URL exists +// if (MiscUtil.isEmpty(serviceURL)) { +// List<String> serviceURLs = KeyValueUtils.getListOfCSVValues( +// configuration.getStringValue(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL)); +// if (serviceURLs.size() > 0) +// serviceURL = serviceURLs.get(0); +// +// } +// +// if (MiscUtil.isNotEmpty(serviceURL)) +// return new ConnectionParameterMandate(serviceURL, getFullConfigurationProperties(), getRootConfigFileDir()); +// +// else +// throw new ConfigurationException("service.09", new Object[]{"NO SZR-GW Service URL"}); +// +// } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { +// Logger.warn("Initialize SZR-GW service connection parameters FAILED.", e); +// throw new ConfigurationException("service.09", new Object[]{e.getMessage()}, e); +// +// } +// } /** * Returns the {@link ConnectionParameter} for the OnlineMandates. NOTE: may return {@code null}. @@ -577,7 +502,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide } if (MiscUtil.isNotEmpty(serviceURL)) - return new ConnectionParameterMandate(serviceURL, this.getProperties(), this.getRootConfigFileDir()); + return new ConnectionParameterMandate(serviceURL, getFullConfigurationProperties(), getRootConfigFileDir()); else throw new ConfigurationException("service.06", new Object[]{"NO MIS Service URL"}); @@ -849,8 +774,9 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @return the MOASessionEncryptionKey or {@code null} */ public String getMOASessionEncryptionKey() { - String prop = properties.getProperty("configuration.moasession.key"); + String prop = getFullConfigurationProperties().getProperty("configuration.moasession.key"); return MiscUtil.isNotEmpty(prop) ? prop : null; + } /** @@ -859,7 +785,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @return the MOAConfigurationEncryptionKey or {@code null} */ public String getMOAConfigurationEncryptionKey() { - String prop = properties.getProperty("configuration.moaconfig.key"); + String prop = getFullConfigurationProperties().getProperty("configuration.moaconfig.key"); return MiscUtil.isNotEmpty(prop) ? prop : null; } @@ -867,7 +793,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @return {@code true} if IdentityLinkResigning is set, {@code false} otherwise. */ public boolean isIdentityLinkResigning() { - String prop = properties.getProperty("configuration.resignidentitylink.active", "false"); + String prop = getFullConfigurationProperties().getProperty("configuration.resignidentitylink.active", "false"); return Boolean.valueOf(prop); } @@ -877,7 +803,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @return the IdentityLinkResigningKey or {@code null} */ public String getIdentityLinkResigningKey() { - String prop = properties.getProperty("configuration.resignidentitylink.keygroup"); + String prop = getFullConfigurationProperties().getProperty("configuration.resignidentitylink.keygroup"); return MiscUtil.isNotEmpty(prop) ? prop : null; } @@ -885,7 +811,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @return {@code true} if MonitoringActive is set, {@code false} otherwise. */ public boolean isMonitoringActive() { - String prop = properties.getProperty("configuration.monitoring.active", "false"); + String prop = getFullConfigurationProperties().getProperty("configuration.monitoring.active", "false"); return Boolean.valueOf(prop); } @@ -895,7 +821,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @return the MonitoringTestIdentityLinkURL or {@code null} */ public String getMonitoringTestIdentityLinkURL() { - String prop = properties.getProperty("configuration.monitoring.test.identitylink.url"); + String prop = getFullConfigurationProperties().getProperty("configuration.monitoring.test.identitylink.url"); return MiscUtil.isNotEmpty(prop) ? prop : null; } @@ -905,7 +831,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @return the MonitoringMessageSuccess or {@code null} */ public String getMonitoringMessageSuccess() { - String prop = properties.getProperty("configuration.monitoring.message.success"); + String prop = getFullConfigurationProperties().getProperty("configuration.monitoring.message.success"); return MiscUtil.isNotEmpty(prop) ? prop : null; } @@ -913,7 +839,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @return {@code true} if AdvancedLoggingActive is set, {@code false} otherwise. */ public boolean isAdvancedLoggingActive() { - String prop = properties.getProperty("configuration.advancedlogging.active", "false"); + String prop = getFullConfigurationProperties().getProperty("configuration.advancedlogging.active", "false"); return Boolean.valueOf(prop); } @@ -965,7 +891,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @return {@code true} if PVP2AssertionEncryptionActive is set, {@code false} otherwise. */ public boolean isPVP2AssertionEncryptionActive() { - String prop = this.getProperties().getProperty("protocols.pvp2.assertion.encryption.active", "true"); + String prop = getFullConfigurationProperties().getProperty("protocols.pvp2.assertion.encryption.active", "true"); return Boolean.valueOf(prop); } @@ -973,7 +899,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @return {@code true} if CertifiacteQCActive is set, {@code false} otherwise. */ public boolean isCertifiacteQCActive() { - String prop = this.getProperties().getProperty("configuration.validation.certificate.QC.ignore", "false"); + String prop = getFullConfigurationProperties().getProperty("configuration.validation.certificate.QC.ignore", "false"); return !Boolean.valueOf(prop); } @@ -993,7 +919,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide Logger.warn("Error in MOA-ID Configuration. No STORK configuration found."); } else { - result = new STORKConfig(this.getProperties(), this.getRootConfigFileDir()); + result = new STORKConfig(getFullConfigurationProperties(), this.getRootConfigFileDir()); } } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { @@ -1055,10 +981,10 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide private Properties getGeneralProperiesConfig(final String propPrefix) { Properties configProp = new Properties(); - for (Object key : this.getProperties().keySet()) { + for (Object key : getFullConfigurationProperties().keySet()) { if (key.toString().startsWith(propPrefix)) { String propertyName = key.toString().substring(propPrefix.length()); - configProp.put(propertyName, this.getProperties().get(key.toString())); + configProp.put(propertyName, getFullConfigurationProperties().get(key.toString())); } } return configProp; @@ -1087,7 +1013,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide @Transactional public String getTrustedCACertificates() { try { - String path = rootConfigFileDir + configuration.getStringValue( + String path = getRootConfigFileDir() + configuration.getStringValue( MOAIDConfigurationConstants.GENERAL_AUTH_TRUSTSTORE_URL); if (MiscUtil.isNotEmpty(path)) return path; @@ -1098,7 +1024,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide } - } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + } catch (at.gv.egiz.components.configuration.api.ConfigurationException | ConfigurationException e) { Logger.warn("Error in MOA-ID Configuration. No TrustStoreDirectory defined.", e); return null; } @@ -1116,13 +1042,9 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide Logger.trace("Get active OnlineApplication with ID " + id + " from database."); Map<String, String> oaConfig = null; try { - - //TODO: //Some databases do not allow the selection of a lob in SQL where expression - String dbDriver = properties.getProperty("configuration.hibernate.connection.driver_class"); if (requireJDBCBackupImplementation) - oaConfig = configuration.getOnlineApplicationBackupVersion(id); - + oaConfig = configuration.getOnlineApplicationBackupVersion(id); else oaConfig = configuration.getOnlineApplication(id); @@ -1135,7 +1057,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide Logger.info("Online application with identifier " + id + " is found, but NOT active."); } else - Logger.warn("Online application with identifier " + id + " is not found."); + Logger.info("Online application with identifier " + id + " is not found."); } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { @@ -1149,13 +1071,13 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide //Load document service url from moa properties public String getDocumentServiceUrl() { - String prop = properties.getProperty("stork.documentservice.url", "false"); + String prop = getFullConfigurationProperties().getProperty("stork.documentservice.url", "false"); return prop; } public boolean isPVPSchemaValidationActive() { - String prop = properties.getProperty("protocols.pvp2.schemavalidation", "true"); + String prop = getFullConfigurationProperties().getProperty("protocols.pvp2.schemavalidation", "true"); return Boolean.valueOf(prop); } @@ -1165,7 +1087,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @return true, if fake IdLs are available for stork */ public boolean isStorkFakeIdLActive() { - String prop = properties.getProperty("stork.fakeIdL.active", "false"); + String prop = getFullConfigurationProperties().getProperty("stork.fakeIdL.active", "false"); return Boolean.valueOf(prop); } @@ -1175,7 +1097,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @return the countries */ public List<String> getStorkFakeIdLCountries() { - String prop = properties.getProperty("stork.fakeIdL.countries", ""); + String prop = getFullConfigurationProperties().getProperty("stork.fakeIdL.countries", ""); return Arrays.asList(prop.replaceAll(" ", "").split(",")); } @@ -1185,7 +1107,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide * @return the resigning key */ public String getStorkFakeIdLResigningKey() { - String prop = properties.getProperty("stork.fakeIdL.keygroup"); + String prop = getFullConfigurationProperties().getProperty("stork.fakeIdL.keygroup"); if (MiscUtil.isNotEmpty(prop)) return prop; else @@ -1198,7 +1120,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide */ @Override public List<String> getStorkNoSignatureCountries() { - String prop = properties.getProperty("stork.fakeIdL.noSignatureCountries", ""); + String prop = getFullConfigurationProperties().getProperty("stork.fakeIdL.noSignatureCountries", ""); return Arrays.asList(prop.replaceAll(" ", "").split(",")); } @@ -1208,7 +1130,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide @Override @Deprecated public boolean isHTTPAuthAllowed() { - String prop = properties.getProperty("configuration.localhttpallowed.active", "false"); + String prop = getFullConfigurationProperties().getProperty("configuration.localhttpallowed.active", "false"); return Boolean.valueOf(prop); } @@ -1220,7 +1142,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide final String[] DEFAULTORDER = new String[] {RevocationSourceTypes.OCSP, RevocationSourceTypes.CRL}; List<String> result = new ArrayList<String>(); - String prop = properties.getProperty("configuration.ssl.validation.revocation.method.order"); + String prop = getFullConfigurationProperties().getProperty("configuration.ssl.validation.revocation.method.order"); if (MiscUtil.isNotEmpty(prop)) { String[] configOrder = prop.split(","); for (String el : configOrder) { @@ -1301,19 +1223,89 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide } return false; + + } + + private void initialize() throws ConfigurationException { + try { + initial(getFullConfigurationProperties()); + String dbDriver = getFullConfigurationProperties().getProperty("configuration.hibernate.connection.driver_class"); + if (MiscUtil.isNotEmpty(dbDriver)) { + for (String el:MOAIDConstants.JDBC_DRIVER_NEEDS_WORKAROUND) { + if (dbDriver.startsWith(el)) { + requireJDBCBackupImplementation = true; + Logger.info("JDBC driver '" + dbDriver + + "' is blacklisted --> Switch to alternative DB access methode implementation."); + + } + } + } + + + } catch (org.opensaml.xml.ConfigurationException e) { + Logger.error("OpenSAML initilalization FAILED. ", e); + throw new ConfigurationException("config.23", null, e); + + } catch (Exception e) { + Logger.error("General error during start-up process.", e); + throw new ConfigurationException("init.02", null, e); + + } + } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.AuthConfiguration#getBasicMOAIDConfigurationBoolean(java.lang.String, boolean) - */ + @Override - public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) { - String value = properties.getProperty(key); + public String validateIDPURL(URL requestedURL) throws EAAFException{ + List<String> configuredPublicURLPrefix = getPublicURLPrefix(); - if (MiscUtil.isNotEmpty(value)) - return Boolean.valueOf(value.trim()); - - return defaultValue; + if (!isVirtualIDPsEnabled()) { + Logger.trace("Virtual IDPs are disabled. Use default IDP PublicURLPrefix from configuration: " + configuredPublicURLPrefix.get(0)); + return configuredPublicURLPrefix.get(0); + + } else { + Logger.debug("Extract AuthenticationServiceURL: " + requestedURL); + URL resultURL = null; + + for (String el : configuredPublicURLPrefix) { + try { + URL configuredURL = new URL(el); + + //get Ports from URL + int configPort = configuredURL.getPort(); + if (configPort == -1) + configPort = configuredURL.getDefaultPort(); + + int authURLPort = requestedURL.getPort(); + if (authURLPort == -1) + authURLPort = requestedURL.getDefaultPort(); + + //check AuthURL against ConfigurationURL + if (configuredURL.getHost().equals(requestedURL.getHost()) && + configPort == authURLPort && + ( configuredURL.getPath().equals(requestedURL.getPath()) + || requestedURL.getPath().startsWith(configuredURL.getPath()) ) + && configuredURL.getProtocol().equals(requestedURL.getProtocol()) ) { + Logger.debug("Select configurated PublicURLPrefix: " + configuredURL + + " for authURL: " + requestedURL); + resultURL = configuredURL; + } + + } catch (MalformedURLException e) { + Logger.error("Configurated IDP PublicURLPrefix is not a valid URL." + el); + + } + } + + if (resultURL == null) { + Logger.warn("Extract AuthenticationServiceURL: " + requestedURL + " is NOT found in configuration."); + throw new ConfigurationException("config.25", new Object[]{requestedURL}); + + } else { + return resultURL.toExternalForm(); + + } + } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java index f3db82315..390b77dab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -24,10 +24,12 @@ package at.gv.egovernment.moa.id.config.auth.data; import java.io.Serializable; import java.security.PrivateKey; +import java.util.Arrays; import java.util.Collection; import java.util.List; import java.util.Map; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; @@ -59,7 +61,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{ * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#hasBaseIdInternalProcessingRestriction() */ @Override - public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException { + public boolean hasBaseIdInternalProcessingRestriction() { return this.hasBaseIdProcessingRestriction; } @@ -67,7 +69,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{ * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#hasBaseIdTransferRestriction() */ @Override - public boolean hasBaseIdTransferRestriction() throws ConfigurationException { + public boolean hasBaseIdTransferRestriction() { return this.hasBaseIdTransfergRestriction; } @@ -75,7 +77,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{ * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifier() */ @Override - public String getAreaSpecificTargetIdentifier() throws ConfigurationException { + public String getAreaSpecificTargetIdentifier() { return this.oaTargetAreaIdentifier; } @@ -531,5 +533,66 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{ return false; } + + @Override + public List<String> foreignbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean containsConfigurationKey(String arg0) { + // TODO Auto-generated method stub + return false; + } + + @Override + public List<String> getTargetsWithNoBaseIdInternalProcessingRestriction() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getTargetsWithNoBaseIdTransferRestriction() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getUniqueIdentifier() { + return getPublicURLPrefix(); + } + + @Override + public List<String> getRequiredLoA() { + if (getQaaLevel() != null) + return Arrays.asList(getQaaLevel()); + else + return null; + } + + @Override + public String getConfigurationValue(String arg0, String arg1) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Boolean isConfigurationValue(String arg0) { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isConfigurationValue(String arg0, boolean arg1) { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getLoAMatchingMode() { + return EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java new file mode 100644 index 000000000..9c296e2b8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java @@ -0,0 +1,154 @@ +package at.gv.egovernment.moa.id.config.auth.data; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.net.URISyntaxException; +import java.net.URL; +import java.util.ArrayList; +import java.util.List; + +import javax.annotation.PostConstruct; + +import org.apache.commons.io.IOUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moaspss.logging.Logger; + +@Service("UserWhiteList_Store") +public class UserWhitelistStore { + + @Autowired(required=true) AuthConfiguration authConfig; + + private List<String> whitelist = new ArrayList<String>(); + private String absWhiteListUrl = null; + + @PostConstruct + private void initialize() { + String whiteListUrl = authConfig.getBasicConfiguration(UserRestrictionTask.CONFIG_PROPS_CSV_USER_FILE); + String internalTarget = authConfig.getBasicConfiguration(UserRestrictionTask.CONFIG_PROPS_CSV_USER_SECTOR); + if (MiscUtil.isEmpty(whiteListUrl) || MiscUtil.isEmpty(internalTarget)) + Logger.debug("Do not initialize user whitelist. Reason: NO configuration path to CSV file or NO internal bPK target for whitelist"); + + else { + if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_CDID)) + internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_CDID.length()); + else if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_WPBK)) + internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_WPBK.length()); + else if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_EIDAS)) + internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_EIDAS.length()); + else { + Logger.warn("Sector: " + internalTarget + " is NOT supported for user whitelist."); + Logger.info("User whitelist-store MAY NOT contains all user from whitelist"); + } + + try { + absWhiteListUrl = new URL(FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getConfigurationRootDirectory())) + .toURI().toString().substring("file:".length()); + InputStream is = new FileInputStream(new File(absWhiteListUrl)); + String whiteListString = IOUtils.toString(new InputStreamReader(is)); + List<String> preWhitelist = KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(whiteListString)); + + + + //remove prefix if required + for (String bPK : preWhitelist) { + String[] bPKSplit = bPK.split(":"); + if (bPKSplit.length == 1) + whitelist.add(bPK); + + else if (bPKSplit.length ==2 ) { + if (internalTarget.equals(bPKSplit[0])) + whitelist.add(bPKSplit[1]); + else + Logger.info("Whitelist entry: " + bPK + " has an unsupported target. Entry will be removed ..."); + + } else + Logger.info("Whitelist entry: " + bPK + " has an unsupported format. Entry will be removed ..."); + + } + + Logger.info("User whitelist is initialized with " + whitelist.size() + " entries."); + + + } catch (FileNotFoundException e) { + Logger.warn("Do not initialize user whitelist. Reason: CSV file with bPKs NOT found", e); + + } catch (IOException e) { + Logger.warn("Do not initialize user whitelist. Reason: CSV file is NOT readable", e); + + } catch (URISyntaxException e) { + Logger.warn("Do not initialize user whitelist. Reason: CSV file looks wrong", e); + + } + + } + + } + + /** + * Get the number of entries of the static whitelist + * + * @return + */ + public int getNumberOfEntries() { + return whitelist.size(); + } + + /** + * Check if bPK is in whitelist + * + * @param bPK + * @return true if bPK is in whitelist, otherwise false + */ + public boolean isUserbPKInWhitelist(String bPK) { + if (whitelist != null) + return whitelist.contains(bPK); + else + return false; + + } + + public boolean isUserbPKInWhitelistDynamic(String bPK) { + return isUserbPKInWhitelistDynamic(bPK, false); + + } + + public boolean isUserbPKInWhitelistDynamic(String bPK, boolean onlyDynamic) { + try { + if (absWhiteListUrl != null) { + InputStream is = new FileInputStream(new File(absWhiteListUrl)); + String whiteListString = IOUtils.toString(new InputStreamReader(is)); + if (whiteListString != null && whiteListString.contains(bPK)) { + Logger.trace("Find user with dynamic whitelist check"); + return true; + + } else { + Logger.debug("Can NOT find user in dynamic loaded user whitelist. Switch to static version ... "); + if (!onlyDynamic) + return isUserbPKInWhitelist(bPK); + } + + } + } catch (Exception e) { + Logger.warn("Dynamic user whitelist check FAILED. Switch to static version ... ", e); + + } + if (!onlyDynamic) + return isUserbPKInWhitelist(bPK); + + + return false; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java deleted file mode 100644 index 7f56f519b..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ /dev/null @@ -1,819 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.data; - -import java.io.Serializable; -import java.text.DateFormat; -import java.text.ParseException; -import java.text.SimpleDateFormat; -import java.util.ArrayList; -import java.util.Date; -import java.util.List; -import java.util.Map; - -import org.apache.commons.collections4.map.HashedMap; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; -import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; -import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; -import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.MiscUtil; - -/** - * @author tlenz - * - */ -public class AuthenticationData implements IAuthData, Serializable { - - private static final long serialVersionUID = -1042697056735596866L; - public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; - - /** - * URL of the MOA-ID Auth component issueing this assertion - */ - private String issuer; - /** - * time instant of issue of this assertion - */ - private Date issueInstant; - /** - * user identification value (Stammzahl); <code>null</code>, - * if the authentication module is configured not to return this data - */ - private String identificationValue; - /** - * user identification type - */ - private String identificationType; - - /** - * user identityLink specialized to OAParamter - */ - private IIdentityLink identityLink; - - /** - * application specific user identifier (bPK/wbPK) - */ - private String bPK; - - /** - * application specific user identifier type - */ - private String bPKType; - - /** - * given name of the user - */ - private String givenName; - /** - * family name of the user - */ - private String familyName; - /** - * date of birth of the user - */ - private Date dateOfBirth; - /** - * says whether the certificate is a qualified certificate or not - */ - private boolean qualifiedCertificate; - /** - * says whether the certificate is a public authority or not - */ - private boolean publicAuthority; - /** - * public authority code (Behördenkennzeichen - BKZ) - */ - private String publicAuthorityCode; - - /** - * URL of the BKU - */ - private String bkuURL; - /** - * the corresponding <code>lt;saml:Assertion></code> - */ - - private boolean isBaseIDTransferRestrication = true; - - - /** - * STORK attributes from response - */ - private String ccc = null; - - private Map<String, Object> genericDataStorate = new HashedMap<String, Object>(); - - private byte[] signerCertificate = null; - - private String authBlock = null; - private List<String> encbPKList = null; - - //ISA 1.18 attributes - private List<AuthenticationRole> roles = null; - private String pvpAttribute_OU = null; - - private boolean useMandate = false; - private IMISMandate mandate = null; - private String mandateReferenceValue = null; - - private boolean foreigner =false; - private String QAALevel = null; - - private boolean ssoSession = false; - private Date ssoSessionValidTo = null; - -// private boolean interfederatedSSOSession = false; -// private String interfederatedIDP = null; - - private String sessionIndex = null; - private String nameID = null; - private String nameIDFormat = null; - - public AuthenticationData() { - issueInstant = new Date(); - } - - /** - * Returns the publicAuthority. - * @return boolean - */ - public boolean isPublicAuthority() { - return publicAuthority; - } - - /** - * Returns the publicAuthorityCode. - * @return String - */ - public String getPublicAuthorityCode() { - return publicAuthorityCode; - } - - /** - * Returns the qualifiedCertificate. - * @return boolean - */ - public boolean isQualifiedCertificate() { - return qualifiedCertificate; - } - - /** - * Returns the bPK. - * @return String - */ - public String getBPK() { - return bPK; - } - - /** - * Sets the publicAuthority. - * @param publicAuthority The publicAuthority to set - */ - public void setPublicAuthority(boolean publicAuthority) { - this.publicAuthority = publicAuthority; - } - - /** - * Sets the publicAuthorityCode. - * @param publicAuthorityIdentification The publicAuthorityCode to set - */ - public void setPublicAuthorityCode(String publicAuthorityIdentification) { - this.publicAuthorityCode = publicAuthorityIdentification; - } - - /** - * Sets the qualifiedCertificate. - * @param qualifiedCertificate The qualifiedCertificate to set - */ - public void setQualifiedCertificate(boolean qualifiedCertificate) { - this.qualifiedCertificate = qualifiedCertificate; - } - - /** - * Sets the bPK. - * @param bPK The bPK to set - */ - public void setBPK(String bPK) { - this.bPK = bPK; - } - - /** - * Returns the dateOfBirth. - * @return String - */ - public Date getDateOfBirth() { - return dateOfBirth; - } - - public String getFormatedDateOfBirth() { - DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); - if (getDateOfBirth() != null) - return pvpDateFormat.format(getDateOfBirth()); - else - return "2999-12-31"; - } - - /** - * Returns the familyName. - * @return String - */ - public String getFamilyName() { - return familyName; - } - - /** - * Returns the givenName. - * @return String - */ - public String getGivenName() { - return givenName; - } - - /** - * Holds the baseID of a citizen - * - * @return baseID - */ - public String getIdentificationValue() { - return identificationValue; - } - - /** - * Holds the type of the baseID - * - * @return baseID-Type - */ - public String getIdentificationType() { - return identificationType; - } - - /** - * Returns the issueInstant. - * @return String - */ - public String getIssueInstantString() { - return DateTimeUtils.buildDateTimeUTC(issueInstant); - - } - - /** - * Returns the issueInstant. - * @return String - */ - public Date getIssueInstant() { - return issueInstant; - - } - - public void setIssueInstant(Date date) { - this.issueInstant = date; - } - - /** - * Returns the issuer. - * @return String - */ - public String getIssuer() { - return issuer; - } - - /** - * Returns the BKU URL. - * @return String - */ - public String getBkuURL() { - return bkuURL; - } - - /** - * Sets the dateOfBirth. - * @param dateOfBirth The dateOfBirth to set - */ - public void setDateOfBirth(Date dateOfBirth) { - this.dateOfBirth = dateOfBirth; - } - - public void setDateOfBirth(String dateOfBirth) { - try { - if (MiscUtil.isNotEmpty(dateOfBirth)) { - DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); - this.dateOfBirth = identityLinkFormat.parse(dateOfBirth); - } - - } catch (ParseException e) { - Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e); - - } - } - - /** - * Sets the familyName. - * @param familyName The familyName to set - */ - public void setFamilyName(String familyName) { - this.familyName = familyName; - } - - /** - * Sets the givenName. - * @param givenName The givenName to set - */ - public void setGivenName(String givenName) { - this.givenName = givenName; - } - - /** - * Sets the identificationValue. - * @param identificationValue The identificationValue to set - */ - public void setIdentificationValue(String identificationValue) { - this.identificationValue = identificationValue; - } - - /** - * Sets the identificationType. - * @param identificationType The identificationType to set - */ - public void setIdentificationType(String identificationType) { - this.identificationType = identificationType; - } - - /** - * Sets the issuer. - * @param issuer The issuer to set - */ - public void setIssuer(String issuer) { - this.issuer = issuer; - } - - /** - * Sets the bkuURL - * @param url The BKU URL to set - */ - public void setBkuURL(String url) { - this.bkuURL = url; - } - - public String getBPKType() { - return bPKType; - } - - public void setBPKType(String bPKType) { - this.bPKType = bPKType; - } - - /** - * @return the identityLink - */ - public IIdentityLink getIdentityLink() { - return identityLink; - } - - /** - * @param identityLink the identityLink to set - */ - public void setIdentityLink(IIdentityLink identityLink) { - this.identityLink = identityLink; - } - - /** - * @return the signerCertificate - */ - public byte[] getSignerCertificate() { - return signerCertificate; - } - - - /** - * @param signerCertificate the signerCertificate to set - */ - public void setSignerCertificate(byte[] signerCertificate) { - this.signerCertificate = signerCertificate; - } - - - /** - * @return the authBlock - */ - public String getAuthBlock() { - return authBlock; - } - - - /** - * @param authBlock the authBlock to set - */ - public void setAuthBlock(String authBlock) { - this.authBlock = authBlock; - } - - - /** - * @return the mandate - */ - public IMISMandate getMISMandate() { - return mandate; - } - - public Element getMandate() { - if (mandate == null) - return null; - - //parse Element from mandate XML - try { - byte[] byteMandate = mandate.getMandate(); - String stringMandate = new String(byteMandate); - return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement(); - - } - catch (Throwable e) { - Logger.warn("Mandate content could not be generated from MISMandate."); - return null; - } - } - - - /** - * @param mandate the mandate to set - */ - public void setMISMandate(IMISMandate mandate) { - this.mandate = mandate; - } - - - /** - * @return the useMandate - */ - public boolean isUseMandate() { - return useMandate; - } - - - /** - * @param useMandate the useMandate to set - */ - public void setUseMandate(boolean useMandate) { - this.useMandate = useMandate; - } - - - /** - * @return - */ - public String getQAALevel() { - if (this.QAALevel != null && - this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) { - String mappedQAA = PVPtoSTORKMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel); - if (MiscUtil.isNotEmpty(mappedQAA)) - return mappedQAA; - - else { - Logger.error("eIDAS QAA-level:" + this.QAALevel - + " can not be mapped to STORK QAA-level! Use " - + PVPConstants.STORK_QAA_1_1 + " as default value."); - return PVPConstants.STORK_QAA_1_1; - - } - - - } else - return this.QAALevel; - } - - - public String getEIDASQAALevel() { - if (this.QAALevel != null && - this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) { - String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel); - if (MiscUtil.isNotEmpty(mappedQAA)) - return mappedQAA; - - else { - Logger.error("STORK QAA-level:" + this.QAALevel - + " can not be mapped to eIDAS QAA-level! Use " - + PVPConstants.EIDAS_QAA_LOW + " as default value."); - return PVPConstants.EIDAS_QAA_LOW; - - } - - - } else - return this.QAALevel; - - } - - - /** - * @return - */ - public boolean isForeigner() { - return this.foreigner; - } - - - /** - * @param foreigner the foreigner to set - */ - public void setForeigner(boolean foreigner) { - this.foreigner = foreigner; - } - - - /** - * Store QAA level in eIDAS format to authentication Data - * - * @param qAALevel the qAALevel to set - * @throws AssertionAttributeExtractorExeption - */ - public void setQAALevel(String qAALevel) { - QAALevel = qAALevel; - - } - - /** - * @return the ssoSession - */ - public boolean isSsoSession() { - return ssoSession; - } - - - /** - * @param ssoSession the ssoSession to set - */ - public void setSsoSession(boolean ssoSession) { - this.ssoSession = ssoSession; - } - - /** - * @return the mandateReferenceValue - */ - public String getMandateReferenceValue() { - return mandateReferenceValue; - } - - /** - * @param mandateReferenceValue the mandateReferenceValue to set - */ - public void setMandateReferenceValue(String mandateReferenceValue) { - this.mandateReferenceValue = mandateReferenceValue; - } - - /** - * CountryCode of the citizen which is identified and authenticated - * - * @return the CountryCode <pre>like. AT, SI, ...</pre> - */ - public String getCcc() { - return ccc; - } - - /** - * @param ccc the ccc to set - */ - public void setCcc(String ccc) { - this.ccc = ccc; - } - - /** - * @return the sessionIndex - */ - public String getSessionIndex() { - return sessionIndex; - } - - /** - * @param sessionIndex the sessionIndex to set - */ - public void setSessionIndex(String sessionIndex) { - this.sessionIndex = sessionIndex; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID() - */ - @Override - public String getNameID() { - return this.nameID; - } - - /** - * @param nameID the nameID to set - */ - public void setNameID(String nameID) { - this.nameID = nameID; - } - - /** - * @return the nameIDFormat - */ - public String getNameIDFormat() { - return nameIDFormat; - } - - /** - * @param nameIDFormat the nameIDFormat to set - */ - public void setNameIDFormat(String nameIDFormat) { - this.nameIDFormat = nameIDFormat; - } - -// /** -// * @return the interfederatedSSOSession -// */ -// public boolean isInterfederatedSSOSession() { -// return interfederatedSSOSession; -// } -// -// /** -// * @param interfederatedSSOSession the interfederatedSSOSession to set -// */ -// public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { -// this.interfederatedSSOSession = interfederatedSSOSession; -// } -// -// /** -// * @return the interfederatedIDP -// */ -// public String getInterfederatedIDP() { -// return interfederatedIDP; -// } -// -// /** -// * @param interfederatedIDP the interfederatedIDP to set -// */ -// public void setInterfederatedIDP(String interfederatedIDP) { -// this.interfederatedIDP = interfederatedIDP; -// } - - /** - * @return the ssoSessionValidTo - */ - public Date getSsoSessionValidTo() { - return ssoSessionValidTo; - } - - /** - * @param ssoSessionValidTo the ssoSessionValidTo to set - */ - public void setSsoSessionValidTo(Date ssoSessionValidTo) { - this.ssoSessionValidTo = ssoSessionValidTo; - } - - /** - * @return the encbPKList - */ - public List<String> getEncbPKList() { - return encbPKList; - } - - /** - * @param encbPKList the encbPKList to set - */ - public void setEncbPKList(List<String> encbPKList) { - this.encbPKList = encbPKList; - } - - /** - * @return the roles - */ - public List<AuthenticationRole> getAuthenticationRoles() { -// if (this.roles == null) { -// this.roles = new ArrayList<AuthenticationRole>(); -// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole")); -// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole")); -// } - - return roles; - } - - //ISA 1.18 attributes - /** - * @param roles the roles to set - */ - public void addAuthenticationRole(AuthenticationRole role) { - if (this.roles == null) - this.roles = new ArrayList<AuthenticationRole>(); - - this.roles.add(role); - } - - /** - * @return the pvpAttribute_OU - */ - public String getPvpAttribute_OU() { - return pvpAttribute_OU; - } - - /** - * @param pvpAttribute_OU the pvpAttribute_OU to set - */ - public void setPvpAttribute_OU(String pvpAttribute_OU) { - this.pvpAttribute_OU = pvpAttribute_OU; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService() - */ - @Override - public boolean isBaseIDTransferRestrication() { - return isBaseIDTransferRestrication; - } - - /** - * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set - */ - public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) { - this.isBaseIDTransferRestrication = isBaseIDTransferRestrication; - } - - /** - * Returns a generic data-object with is stored with a specific identifier - * - * @param key The specific identifier of the data object - * @param clazz The class type which is stored with this key - * @return The data object or null if no data is found with this key - */ - public <T> T getGenericData(String key, final Class<T> clazz) { - if (MiscUtil.isNotEmpty(key)) { - Object data = genericDataStorate.get(key); - - if (data == null) - return null; - - try { - @SuppressWarnings("unchecked") - T test = (T) data; - return test; - - } catch (Exception e) { - Logger.warn("Generic authentication-data object can not be casted to requsted type", e); - return null; - - } - - } - - Logger.warn("Can not load generic session-data with key='null'"); - return null; - - } - - /** - * Store a generic data-object to session with a specific identifier - * - * @param key Identifier for this data-object - * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface - * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage - */ - public void setGenericData(String key, Object object) throws SessionDataStorageException { - if (MiscUtil.isEmpty(key)) { - Logger.warn("Generic session-data can not be stored with a 'null' key"); - throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null); - - } - - if (object != null) { - if (!Serializable.class.isInstance(object)) { - Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface"); - throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null); - - } - } - - if (genericDataStorate.containsKey(key)) - Logger.debug("Overwrite generic data with key:" + key); - else - Logger.trace("Add generic data with key:" + key + " to session."); - - genericDataStorate.put(key, object); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java deleted file mode 100644 index 4820b6fdc..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.data; - -import java.io.Serializable; - -import at.gv.egovernment.moa.id.commons.api.IRequest; - -/** - * @author tlenz - * - */ -public class ExceptionContainer implements Serializable { - - private static final long serialVersionUID = 5355860753609684995L; - private Throwable exceptionThrown = null; - private String uniqueSessionID = null; - private String uniqueTransactionID = null; - private String uniqueServiceProviderId = null; - - /** - * - */ - public ExceptionContainer(IRequest pendingReq, Throwable exception) { - if (pendingReq != null) { - this.uniqueSessionID = pendingReq.getUniqueSessionIdentifier(); - this.uniqueTransactionID = pendingReq.getUniqueTransactionIdentifier(); - - if (pendingReq.getOnlineApplicationConfiguration() != null) - this.uniqueServiceProviderId = pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix(); - - } - - this.exceptionThrown = exception; - } - - /** - * @return the exceptionThrown - */ - public Throwable getExceptionThrown() { - return exceptionThrown; - } - /** - * @return the uniqueSessionID - */ - public String getUniqueSessionID() { - return uniqueSessionID; - } - /** - * @return the uniqueTransactionID - */ - public String getUniqueTransactionID() { - return uniqueTransactionID; - } - - /** - * @return the uniqueServiceProviderId - */ - public String getUniqueServiceProviderId() { - return uniqueServiceProviderId; - } - - - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java deleted file mode 100644 index cb3def678..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.data; - -import java.util.Date; -import java.util.List; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; -import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; - -/** - * @author tlenz - * - */ -public interface IAuthData { - - Date getIssueInstant(); - String getIssuer(); - boolean isBaseIDTransferRestrication(); - - boolean isSsoSession(); - //boolean isInterfederatedSSOSession(); - boolean isUseMandate(); - - String getFamilyName(); - String getGivenName(); - Date getDateOfBirth(); - String getFormatedDateOfBirth(); - - String getBPK(); - String getBPKType(); - - Date getSsoSessionValidTo(); - - //String getInterfederatedIDP(); - - String getIdentificationValue(); - String getIdentificationType(); - - String getBkuURL(); - - List<String> getEncbPKList(); - - IIdentityLink getIdentityLink(); - byte[] getSignerCertificate(); - String getAuthBlock(); - - //ISA 1.18 attributes - String getPvpAttribute_OU(); - List<AuthenticationRole> getAuthenticationRoles(); - - boolean isPublicAuthority(); - String getPublicAuthorityCode(); - boolean isQualifiedCertificate(); - - IMISMandate getMISMandate(); - Element getMandate(); - String getMandateReferenceValue(); - - @Deprecated - /** - * Return STORK QAA level - * - * @return - */ - String getQAALevel(); - - /** - * Return authentication QAA level from eIDAS - * - * @return - */ - public String getEIDASQAALevel(); - - String getSessionIndex(); - String getNameID(); - String getNameIDFormat(); - - boolean isForeigner(); - String getCcc(); - - public <T> T getGenericData(String key, final Class<T> clazz); - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java new file mode 100644 index 000000000..ff4b96aab --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java @@ -0,0 +1,38 @@ +package at.gv.egovernment.moa.id.data; + +import java.util.List; + +import org.w3c.dom.Element; + +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; + +public interface IMOAAuthData extends IAuthData{ + + @Deprecated + /** + * Return STORK QAA level + * + * @return + */ + String getQAALevel(); + + List<String> getEncbPKList(); + byte[] getSignerCertificate(); + String getAuthBlock(); + boolean isPublicAuthority(); + String getPublicAuthorityCode(); + boolean isQualifiedCertificate(); + String getBkuURL(); + String getInterfederatedIDP(); + boolean isInterfederatedSSOSession(); + boolean isUseMandate(); + IMISMandate getMISMandate(); + Element getMandate(); + String getMandateReferenceValue(); + + //ISA 1.18 attributes + String getPvpAttribute_OU(); + List<AuthenticationRole> getAuthenticationRoles(); + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java deleted file mode 100644 index 38f6948d3..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.data; - -import java.util.Iterator; -import java.util.List; -import java.util.Map.Entry; -import java.util.Set; - -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; - -/** - * @author tlenz - * - */ -public interface ISLOInformationContainer { - - boolean hasFrontChannelOA(); - - Set<Entry<String, SLOInformationImpl>> getFrontChannelOASessionDescriptions(); - - void removeFrontChannelOA(String oaID); - - Iterator<String> getNextBackChannelOA(); - - SLOInformationImpl getBackChannelOASessionDescripten(String oaID); - - void removeBackChannelOA(String oaID); - - /** - * @return the sloRequest - */ - PVPTargetConfiguration getSloRequest(); - - /** - * @param sloRequest the sloRequest to set - */ - void setSloRequest(PVPTargetConfiguration sloRequest); - - /** - * @return the sloFailedOAs - */ - List<String> getSloFailedOAs(); - - void putFailedOA(String oaID); - - public String getTransactionID(); - - public String getSessionID(); -}
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java index 25d50f57a..d1e1e5c60 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java @@ -51,10 +51,10 @@ import java.io.Serializable; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.MiscUtil; public class MISMandate implements Serializable, IMISMandate{ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java new file mode 100644 index 000000000..ca0ae0687 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java @@ -0,0 +1,968 @@ +/** + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +import java.io.Serializable; +import java.util.ArrayList; +import java.util.List; + +import org.w3c.dom.Element; + +import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; +import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.util.LoALevelMapper; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + + + +/** + * @author tlenz + * + */ +public class MOAAuthenticationData extends AuthenticationData implements IMOAAuthData, Serializable { + + private static final long serialVersionUID = 1L; + private boolean qualifiedCertificate; + private boolean publicAuthority; + private String publicAuthorityCode; + private String bkuURL; + private byte[] signerCertificate = null; + private String authBlock = null; + private String QAALevel = null; + private List<String> encbPKList; + + //ISA 1.18 attributes + private List<AuthenticationRole> roles = null; + private String pvpAttribute_OU = null; + + private boolean useMandate = false; + private IMISMandate mandate = null; + private String mandateReferenceValue = null; + + private boolean interfederatedSSOSession; + private String interfederatedIDP; + + private LoALevelMapper loaMapper; + + public MOAAuthenticationData(ILoALevelMapper loaMapper) { + if (loaMapper instanceof LoALevelMapper) + this.loaMapper = (LoALevelMapper) loaMapper; + + } + + /** + * @return + */ + @Override + public String getQAALevel() { + if (this.QAALevel != null && + this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) { + if (loaMapper != null) { + String mappedQAA = loaMapper.mapeIDASQAAToSTORKQAA(this.QAALevel); + if (MiscUtil.isNotEmpty(mappedQAA)) + return mappedQAA; + else { + Logger.error("eIDAS QAA-level:" + this.QAALevel + + " can not be mapped to STORK QAA-level! Use " + + PVPConstants.STORK_QAA_1_1 + " as default value."); + } + + } else + Logger.error("NO LoALevelMapper found. Use " + + PVPConstants.STORK_QAA_1_1 + " as default value."); + + return PVPConstants.STORK_QAA_1_1; + + } else + return this.QAALevel; + + } + + @Override + public List<String> getEncbPKList() { + if (this.encbPKList == null) + this.encbPKList = new ArrayList<String>(); + + return this.encbPKList; + } + + + @Override + public byte[] getSignerCertificate() { + return signerCertificate; + } + + + /** + * @param signerCertificate the signerCertificate to set + */ + public void setSignerCertificate(byte[] signerCertificate) { + this.signerCertificate = signerCertificate; + } + + + @Override + public String getAuthBlock() { + return authBlock; + } + + + /** + * @param authBlock the authBlock to set + */ + public void setAuthBlock(String authBlock) { + this.authBlock = authBlock; + } + + + @Override + public IMISMandate getMISMandate() { + return mandate; + } + + @Override + public Element getMandate() { + if (mandate == null) + return null; + + //parse Element from mandate XML + try { + byte[] byteMandate = mandate.getMandate(); + String stringMandate = new String(byteMandate); + return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement(); + + } + catch (Throwable e) { + Logger.warn("Mandate content could not be generated from MISMandate."); + return null; + } + } + + + /** + * @param mandate the mandate to set + */ + public void setMISMandate(IMISMandate mandate) { + this.mandate = mandate; + } + + + @Override + public boolean isUseMandate() { + return useMandate; + } + + + public void setUseMandate(boolean useMandate) { + this.useMandate = useMandate; + } + + + @Override + public boolean isPublicAuthority() { + return publicAuthority; + } + + @Override + public String getPublicAuthorityCode() { + return publicAuthorityCode; + } + + @Override + public boolean isQualifiedCertificate() { + return qualifiedCertificate; + } + + + @Override + public String getBkuURL() { + return bkuURL; + + } + + /** + * Sets the bkuURL + * @param url The BKU URL to set + */ + public void setBkuURL(String url) { + this.bkuURL = url; + } + + @Override + public boolean isInterfederatedSSOSession() { + return this.interfederatedSSOSession; + } + + /** + * @param interfederatedSSOSession the interfederatedSSOSession to set + */ + public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { + this.interfederatedSSOSession = interfederatedSSOSession; + } + + @Override + public String getInterfederatedIDP() { + return this.interfederatedIDP; + } + + /** + * @param interfederatedIDP the interfederatedIDP to set + */ + public void setInterfederatedIDP(String interfederatedIDP) { + this.interfederatedIDP = interfederatedIDP; + } + + + @Override + public String getMandateReferenceValue() { + return mandateReferenceValue; + } + + /** + * @param mandateReferenceValue the mandateReferenceValue to set + */ + public void setMandateReferenceValue(String mandateReferenceValue) { + this.mandateReferenceValue = mandateReferenceValue; + } + + + @Override + public List<AuthenticationRole> getAuthenticationRoles() { + return roles; + } + + //ISA 1.18 attributes + /** + * @param roles the roles to set + */ + public void addAuthenticationRole(AuthenticationRole role) { + if (this.roles == null) + this.roles = new ArrayList<AuthenticationRole>(); + + this.roles.add(role); + } + + @Override + public String getPvpAttribute_OU() { + return pvpAttribute_OU; + } + + /** + * @param pvpAttribute_OU the pvpAttribute_OU to set + */ + public void setPvpAttribute_OU(String pvpAttribute_OU) { + this.pvpAttribute_OU = pvpAttribute_OU; + } + + /** + * Store QAA level in eIDAS format to authentication Data + * + * @param qAALevel the qAALevel to set + * @throws AssertionAttributeExtractorExeption + */ + public void setQAALevel(String qAALevel) { + this.QAALevel = qAALevel; + + } + + /** + * @param encbPKList the encbPKList to set + */ + public void setEncbPKList(List<String> encbPKList) { + this.encbPKList = encbPKList; + } + + + /** + * Sets the publicAuthority. + * @param publicAuthority The publicAuthority to set + */ + public void setPublicAuthority(boolean publicAuthority) { + this.publicAuthority = publicAuthority; + } + + /** + * Sets the publicAuthorityCode. + * @param publicAuthorityIdentification The publicAuthorityCode to set + */ + public void setPublicAuthorityCode(String publicAuthorityIdentification) { + this.publicAuthorityCode = publicAuthorityIdentification; + } + + /** + * Sets the qualifiedCertificate. + * @param qualifiedCertificate The qualifiedCertificate to set + */ + public void setQualifiedCertificate(boolean qualifiedCertificate) { + this.qualifiedCertificate = qualifiedCertificate; + } + + +// private static final long serialVersionUID = -1042697056735596866L; +// public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; +// +// /** +// * URL of the MOA-ID Auth component issueing this assertion +// */ +// private String issuer; +// /** +// * time instant of issue of this assertion +// */ +// private Date issueInstant; +// /** +// * user identification value (Stammzahl); <code>null</code>, +// * if the authentication module is configured not to return this data +// */ +// private String identificationValue; +// /** +// * user identification type +// */ +// private String identificationType; +// +// /** +// * user identityLink specialized to OAParamter +// */ +// private IIdentityLink identityLink; +// +// /** +// * application specific user identifier (bPK/wbPK) +// */ +// private String bPK; +// +// /** +// * application specific user identifier type +// */ +// private String bPKType; +// +// /** +// * given name of the user +// */ +// private String givenName; +// /** +// * family name of the user +// */ +// private String familyName; +// /** +// * date of birth of the user +// */ +// private Date dateOfBirth; +// /** +// * says whether the certificate is a qualified certificate or not +// */ +// +// /** +// * says whether the certificate is a public authority or not +// */ +// /** +// * public authority code (Behördenkennzeichen - BKZ) +// */ +// +// +// /** +// * URL of the BKU +// */ +// +// /** +// * the corresponding <code>lt;saml:Assertion></code> +// */ +// +// private boolean isBaseIDTransferRestrication = true; +// +// +// /** +// * STORK attributes from response +// */ +// private String ccc = null; +// +// private Map<String, Object> genericDataStorate = new HashedMap<String, Object>(); +// +// +// +// private String authBlock = null; +// private List<String> encbPKList = null; +// +// //ISA 1.18 attributes +// private List<AuthenticationRole> roles = null; +// private String pvpAttribute_OU = null; +// +// private boolean useMandate = false; +// private IMISMandate mandate = null; +// private String mandateReferenceValue = null; +// +// private boolean foreigner =false; +// private String QAALevel = null; +// +// private boolean ssoSession = false; +// private Date ssoSessionValidTo = null; +// +//// private boolean interfederatedSSOSession = false; +//// private String interfederatedIDP = null; +// +// private String sessionIndex = null; +// private String nameID = null; +// private String nameIDFormat = null; +// +// public AuthenticationData() { +// issueInstant = new Date(); +// } +// +// /** +// * Returns the publicAuthority. +// * @return boolean +// */ +// public boolean isPublicAuthority() { +// return publicAuthority; +// } +// +// /** +// * Returns the publicAuthorityCode. +// * @return String +// */ +// public String getPublicAuthorityCode() { +// return publicAuthorityCode; +// } +// +// /** +// * Returns the qualifiedCertificate. +// * @return boolean +// */ +// public boolean isQualifiedCertificate() { +// return qualifiedCertificate; +// } +// +// /** +// * Returns the bPK. +// * @return String +// */ +// public String getBPK() { +// return bPK; +// } +// +// /** +// * Sets the publicAuthority. +// * @param publicAuthority The publicAuthority to set +// */ +// public void setPublicAuthority(boolean publicAuthority) { +// this.publicAuthority = publicAuthority; +// } +// +// /** +// * Sets the publicAuthorityCode. +// * @param publicAuthorityIdentification The publicAuthorityCode to set +// */ +// public void setPublicAuthorityCode(String publicAuthorityIdentification) { +// this.publicAuthorityCode = publicAuthorityIdentification; +// } +// +// /** +// * Sets the qualifiedCertificate. +// * @param qualifiedCertificate The qualifiedCertificate to set +// */ +// public void setQualifiedCertificate(boolean qualifiedCertificate) { +// this.qualifiedCertificate = qualifiedCertificate; +// } +// +// /** +// * Sets the bPK. +// * @param bPK The bPK to set +// */ +// public void setBPK(String bPK) { +// this.bPK = bPK; +// } +// +// /** +// * Returns the dateOfBirth. +// * @return String +// */ +// public Date getDateOfBirth() { +// return dateOfBirth; +// } +// +// public String getFormatedDateOfBirth() { +// DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); +// if (getDateOfBirth() != null) +// return pvpDateFormat.format(getDateOfBirth()); +// else +// return "2999-12-31"; +// } +// +// /** +// * Returns the familyName. +// * @return String +// */ +// public String getFamilyName() { +// return familyName; +// } +// +// /** +// * Returns the givenName. +// * @return String +// */ +// public String getGivenName() { +// return givenName; +// } +// +// /** +// * Holds the baseID of a citizen +// * +// * @return baseID +// */ +// public String getIdentificationValue() { +// return identificationValue; +// } +// +// /** +// * Holds the type of the baseID +// * +// * @return baseID-Type +// */ +// public String getIdentificationType() { +// return identificationType; +// } +// +// /** +// * Returns the issueInstant. +// * @return String +// */ +// public String getIssueInstantString() { +// return DateTimeUtils.buildDateTimeUTC(issueInstant); +// +// } +// +// /** +// * Returns the issueInstant. +// * @return String +// */ +// public Date getIssueInstant() { +// return issueInstant; +// +// } +// +// public void setIssueInstant(Date date) { +// this.issueInstant = date; +// } +// +// /** +// * Returns the issuer. +// * @return String +// */ +// public String getIssuer() { +// return issuer; +// } +// +// /** +// * Returns the BKU URL. +// * @return String +// */ +// public String getBkuURL() { +// return bkuURL; +// } +// +// /** +// * Sets the dateOfBirth. +// * @param dateOfBirth The dateOfBirth to set +// */ +// public void setDateOfBirth(Date dateOfBirth) { +// this.dateOfBirth = dateOfBirth; +// } +// +// public void setDateOfBirth(String dateOfBirth) { +// try { +// if (MiscUtil.isNotEmpty(dateOfBirth)) { +// DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); +// this.dateOfBirth = identityLinkFormat.parse(dateOfBirth); +// } +// +// } catch (ParseException e) { +// Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e); +// +// } +// } +// +// /** +// * Sets the familyName. +// * @param familyName The familyName to set +// */ +// public void setFamilyName(String familyName) { +// this.familyName = familyName; +// } +// +// /** +// * Sets the givenName. +// * @param givenName The givenName to set +// */ +// public void setGivenName(String givenName) { +// this.givenName = givenName; +// } +// +// /** +// * Sets the identificationValue. +// * @param identificationValue The identificationValue to set +// */ +// public void setIdentificationValue(String identificationValue) { +// this.identificationValue = identificationValue; +// } +// +// /** +// * Sets the identificationType. +// * @param identificationType The identificationType to set +// */ +// public void setIdentificationType(String identificationType) { +// this.identificationType = identificationType; +// } +// +// /** +// * Sets the issuer. +// * @param issuer The issuer to set +// */ +// public void setIssuer(String issuer) { +// this.issuer = issuer; +// } +// +// /** +// * Sets the bkuURL +// * @param url The BKU URL to set +// */ +// public void setBkuURL(String url) { +// this.bkuURL = url; +// } +// +// public String getBPKType() { +// return bPKType; +// } +// +// public void setBPKType(String bPKType) { +// this.bPKType = bPKType; +// } +// + +// +// + +// +// +// public String getEIDASQAALevel() { +// if (this.QAALevel != null && +// this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) { +// String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel); +// if (MiscUtil.isNotEmpty(mappedQAA)) +// return mappedQAA; +// +// else { +// Logger.error("STORK QAA-level:" + this.QAALevel +// + " can not be mapped to eIDAS QAA-level! Use " +// + PVPConstants.EIDAS_QAA_LOW + " as default value."); +// return PVPConstants.EIDAS_QAA_LOW; +// +// } +// +// +// } else +// return this.QAALevel; +// +// } +// +// +// /** +// * @return +// */ +// public boolean isForeigner() { +// return this.foreigner; +// } +// +// +// /** +// * @param foreigner the foreigner to set +// */ +// public void setForeigner(boolean foreigner) { +// this.foreigner = foreigner; +// } +// +// + +// +// /** +// * @return the ssoSession +// */ +// public boolean isSsoSession() { +// return ssoSession; +// } +// +// +// /** +// * @param ssoSession the ssoSession to set +// */ +// public void setSsoSession(boolean ssoSession) { +// this.ssoSession = ssoSession; +// } +// +// /** +// * @return the mandateReferenceValue +// */ +// public String getMandateReferenceValue() { +// return mandateReferenceValue; +// } +// +// /** +// * @param mandateReferenceValue the mandateReferenceValue to set +// */ +// public void setMandateReferenceValue(String mandateReferenceValue) { +// this.mandateReferenceValue = mandateReferenceValue; +// } +// +// /** +// * CountryCode of the citizen which is identified and authenticated +// * +// * @return the CountryCode <pre>like. AT, SI, ...</pre> +// */ +// public String getCcc() { +// return ccc; +// } +// +// /** +// * @param ccc the ccc to set +// */ +// public void setCcc(String ccc) { +// this.ccc = ccc; +// } +// +// /** +// * @return the sessionIndex +// */ +// public String getSessionIndex() { +// return sessionIndex; +// } +// +// /** +// * @param sessionIndex the sessionIndex to set +// */ +// public void setSessionIndex(String sessionIndex) { +// this.sessionIndex = sessionIndex; +// } +// +// /* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID() +// */ +// @Override +// public String getNameID() { +// return this.nameID; +// } +// +// /** +// * @param nameID the nameID to set +// */ +// public void setNameID(String nameID) { +// this.nameID = nameID; +// } +// +// /** +// * @return the nameIDFormat +// */ +// public String getNameIDFormat() { +// return nameIDFormat; +// } +// +// /** +// * @param nameIDFormat the nameIDFormat to set +// */ +// public void setNameIDFormat(String nameIDFormat) { +// this.nameIDFormat = nameIDFormat; +// } +// +//// /** +//// * @return the interfederatedSSOSession +//// */ +//// public boolean isInterfederatedSSOSession() { +//// return interfederatedSSOSession; +//// } +//// +//// /** +//// * @param interfederatedSSOSession the interfederatedSSOSession to set +//// */ +//// public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { +//// this.interfederatedSSOSession = interfederatedSSOSession; +//// } +//// +//// /** +//// * @return the interfederatedIDP +//// */ +//// public String getInterfederatedIDP() { +//// return interfederatedIDP; +//// } +//// +//// /** +//// * @param interfederatedIDP the interfederatedIDP to set +//// */ +//// public void setInterfederatedIDP(String interfederatedIDP) { +//// this.interfederatedIDP = interfederatedIDP; +//// } +// +// /** +// * @return the ssoSessionValidTo +// */ +// public Date getSsoSessionValidTo() { +// return ssoSessionValidTo; +// } +// +// /** +// * @param ssoSessionValidTo the ssoSessionValidTo to set +// */ +// public void setSsoSessionValidTo(Date ssoSessionValidTo) { +// this.ssoSessionValidTo = ssoSessionValidTo; +// } +// +// /** +// * @return the encbPKList +// */ +// public List<String> getEncbPKList() { +// return encbPKList; +// } +// +// /** +// * @param encbPKList the encbPKList to set +// */ +// public void setEncbPKList(List<String> encbPKList) { +// this.encbPKList = encbPKList; +// } +// +// /** +// * @return the roles +// */ +// public List<AuthenticationRole> getAuthenticationRoles() { +//// if (this.roles == null) { +//// this.roles = new ArrayList<AuthenticationRole>(); +//// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole")); +//// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole")); +//// } +// +// return roles; +// } +// +// //ISA 1.18 attributes +// /** +// * @param roles the roles to set +// */ +// public void addAuthenticationRole(AuthenticationRole role) { +// if (this.roles == null) +// this.roles = new ArrayList<AuthenticationRole>(); +// +// this.roles.add(role); +// } +// +// /** +// * @return the pvpAttribute_OU +// */ +// public String getPvpAttribute_OU() { +// return pvpAttribute_OU; +// } +// +// /** +// * @param pvpAttribute_OU the pvpAttribute_OU to set +// */ +// public void setPvpAttribute_OU(String pvpAttribute_OU) { +// this.pvpAttribute_OU = pvpAttribute_OU; +// } +// +// /* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService() +// */ +// @Override +// public boolean isBaseIDTransferRestrication() { +// return isBaseIDTransferRestrication; +// } +// +// /** +// * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set +// */ +// public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) { +// this.isBaseIDTransferRestrication = isBaseIDTransferRestrication; +// } +// +// /** +// * Returns a generic data-object with is stored with a specific identifier +// * +// * @param key The specific identifier of the data object +// * @param clazz The class type which is stored with this key +// * @return The data object or null if no data is found with this key +// */ +// public <T> T getGenericData(String key, final Class<T> clazz) { +// if (MiscUtil.isNotEmpty(key)) { +// Object data = genericDataStorate.get(key); +// +// if (data == null) +// return null; +// +// try { +// @SuppressWarnings("unchecked") +// T test = (T) data; +// return test; +// +// } catch (Exception e) { +// Logger.warn("Generic authentication-data object can not be casted to requsted type", e); +// return null; +// +// } +// +// } +// +// Logger.warn("Can not load generic session-data with key='null'"); +// return null; +// +// } +// +// /** +// * Store a generic data-object to session with a specific identifier +// * +// * @param key Identifier for this data-object +// * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface +// * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage +// */ +// public void setGenericData(String key, Object object) throws SessionDataStorageException { +// if (MiscUtil.isEmpty(key)) { +// Logger.warn("Generic session-data can not be stored with a 'null' key"); +// throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null); +// +// } +// +// if (object != null) { +// if (!Serializable.class.isInstance(object)) { +// Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface"); +// throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null); +// +// } +// } +// +// if (genericDataStorate.containsKey(key)) +// Logger.debug("Overwrite generic data with key:" + key); +// else +// Logger.trace("Add generic data with key:" + key + " to session."); +// +// genericDataStorate.put(key, object); +// } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java deleted file mode 100644 index 0b46345d3..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java +++ /dev/null @@ -1,45 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.data; - -public class Pair<P1, P2> { - private final P1 first; - private final P2 second; - - private Pair(final P1 newFirst, final P2 newSecond) { - this.first = newFirst; - this.second = newSecond; - } - - public P1 getFirst() { - return this.first; - } - - public P2 getSecond() { - return this.second; - } - - public static <P1, P2> Pair<P1, P2> newInstance(final P1 newFirst, final P2 newSecond) { - return new Pair<P1, P2>(newFirst, newSecond); - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java index 20588ad0b..b1f123bbc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java @@ -30,7 +30,9 @@ import java.util.List; import java.util.Map.Entry; import java.util.Set; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; /** * @author tlenz @@ -40,9 +42,9 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon private static final long serialVersionUID = 7148730740582881862L; - private PVPTargetConfiguration sloRequest = null; - private LinkedHashMap<String, SLOInformationImpl> activeFrontChannalOAs; - private LinkedHashMap<String, SLOInformationImpl> activeBackChannelOAs; + private IRequest sloRequest = null; + private LinkedHashMap<String, SLOInformationInterface> activeFrontChannalOAs; + private LinkedHashMap<String, SLOInformationInterface> activeBackChannelOAs; private List<String> sloFailedOAs = null; private String transactionID = null; private String sessionID = null; @@ -51,8 +53,8 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon * */ public SLOInformationContainer() { - this.activeBackChannelOAs = new LinkedHashMap<String, SLOInformationImpl>(); - this.activeFrontChannalOAs = new LinkedHashMap<String, SLOInformationImpl>(); + this.activeBackChannelOAs = new LinkedHashMap<String, SLOInformationInterface>(); + this.activeFrontChannalOAs = new LinkedHashMap<String, SLOInformationInterface>(); this.sloFailedOAs = new ArrayList<String>(); } @@ -61,28 +63,28 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon /** * @return the activeFrontChannalOAs */ - public LinkedHashMap<String, SLOInformationImpl> getActiveFrontChannalOAs() { + public LinkedHashMap<String, SLOInformationInterface> getActiveFrontChannalOAs() { return activeFrontChannalOAs; } /** * @param activeFrontChannalOAs the activeFrontChannalOAs to set */ - public void setActiveFrontChannalOAs(LinkedHashMap<String, SLOInformationImpl> activeFrontChannalOAs) { + public void setActiveFrontChannalOAs(LinkedHashMap<String, SLOInformationInterface> activeFrontChannalOAs) { this.activeFrontChannalOAs = activeFrontChannalOAs; } /** * @return the activeBackChannelOAs */ - public LinkedHashMap<String, SLOInformationImpl> getActiveBackChannelOAs() { + public LinkedHashMap<String, SLOInformationInterface> getActiveBackChannelOAs() { return activeBackChannelOAs; } /** * @param activeBackChannelOAs the activeBackChannelOAs to set */ - public void setActiveBackChannelOAs(LinkedHashMap<String, SLOInformationImpl> activeBackChannelOAs) { + public void setActiveBackChannelOAs(LinkedHashMap<String, SLOInformationInterface> activeBackChannelOAs) { this.activeBackChannelOAs = activeBackChannelOAs; } @@ -98,7 +100,7 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#getFrontChannelOASessionDescriptions() */ @Override - public Set<Entry<String, SLOInformationImpl>> getFrontChannelOASessionDescriptions() { + public Set<Entry<String, SLOInformationInterface>> getFrontChannelOASessionDescriptions() { return activeFrontChannalOAs.entrySet(); } @@ -122,7 +124,7 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#getBackChannelOASessionDescripten(java.lang.String) */ @Override - public SLOInformationImpl getBackChannelOASessionDescripten(String oaID) { + public SLOInformationInterface getBackChannelOASessionDescripten(String oaID) { return activeBackChannelOAs.get(oaID); } @@ -134,19 +136,12 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon activeBackChannelOAs.remove(oaID); } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#getSloRequest() - */ - @Override - public PVPTargetConfiguration getSloRequest() { - return sloRequest; - } - + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#setSloRequest(at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration) */ @Override - public void setSloRequest(PVPTargetConfiguration sloRequest) { + public void setSloRequest(IRequest sloRequest) { this.sloRequest = sloRequest; } @@ -197,7 +192,11 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon public void setSessionID(String sessionID) { this.sessionID = sessionID; } - - + + + @Override + public IRequest getSloRequest() { + return this.sloRequest; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java deleted file mode 100644 index 2d84bf472..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java +++ /dev/null @@ -1,187 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.data; - -import java.io.Serializable; - -import org.opensaml.saml2.metadata.SingleLogoutService; - -/** - * @author tlenz - * - */ -public class SLOInformationImpl implements SLOInformationInterface, Serializable { - - private static final long serialVersionUID = 295577931870512387L; - private String sessionIndex = null; - private String nameID = null; - private String protocolType = null; - private String nameIDFormat = null; - private String binding = null; - private String serviceURL = null; - private String authURL = null; - private String spEntityID = null; - - public SLOInformationImpl(String authURL, String spEntityID, String sessionID, String nameID, String nameIDFormat, String protocolType) { - new SLOInformationImpl(authURL, spEntityID, sessionID, nameID, nameIDFormat, protocolType, null); - } - - public SLOInformationImpl(String authURL, String spEntityID, String sessionID, String nameID, String nameIDFormat, String protocolType, SingleLogoutService sloService) { - this.sessionIndex = sessionID; - this.nameID = nameID; - this.nameIDFormat = nameIDFormat; - this.protocolType = protocolType; - this.spEntityID = spEntityID; - - if (authURL.endsWith("/")) - this.authURL = authURL.substring(0, authURL.length()-1); - else - this.authURL = authURL; - - if (sloService != null) { - this.binding = sloService.getBinding(); - this.serviceURL = sloService.getLocation(); - - } - } - - - /** - * - */ - public SLOInformationImpl() { - - } - - - - /** - * @return the spEntityID - */ - public String getSpEntityID() { - return spEntityID; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getSessionIndex() - */ - @Override - public String getSessionIndex() { - return sessionIndex; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIdentifier() - */ - @Override - public String getUserNameIdentifier() { - return nameID; - - } - - - /** - * @param sessionIndex the sessionIndex to set - */ - public void setSessionIndex(String sessionIndex) { - this.sessionIndex = sessionIndex; - } - - - /** - * @param nameID the nameID to set - */ - public void setUserNameIdentifier(String nameID) { - this.nameID = nameID; - } - - - - /** - * @param protocolType the protocolType to set - */ - public void setProtocolType(String protocolType) { - this.protocolType = protocolType; - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getProtocolType() - */ - @Override - public String getProtocolType() { - return protocolType; - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIDFormat() - */ - @Override - public String getUserNameIDFormat() { - return this.nameIDFormat; - } - - - /** - * @param nameIDFormat the nameIDFormat to set - */ - public void setNameIDFormat(String nameIDFormat) { - this.nameIDFormat = nameIDFormat; - } - - /** - * @return the binding - */ - public String getBinding() { - return binding; - } - - /** - * @return the serviceURL - */ - public String getServiceURL() { - return serviceURL; - } - - /** - * @return the authURL from requested IDP without ending / - */ - public String getAuthURL() { - return authURL; - } - - /** - * @param spEntityID the spEntityID to set - */ - public void setSpEntityID(String spEntityID) { - this.spEntityID = spEntityID; - } - - - - - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java deleted file mode 100644 index 31fdaacfd..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.data; - -/** - * @author tlenz - * - */ -public interface SLOInformationInterface{ - - - /** - * get AssertionID which was used for Service Provider Single LogOut request - * - * @return - * SessionID (SessionIndex in case of SAML2) - */ - public String getSessionIndex(); - - /** - * get user identifier which was used - * - * @return - * bPK / wbPK (nameID in case of SAML2) - */ - public String getUserNameIdentifier(); - - - /** - * get protocol type which was used for authentication - * - * @return - * return authentication protocol type - */ - public String getProtocolType(); - - /** - * @return - */ - public String getUserNameIDFormat(); - - /** - * Get the unique entityID of this Service-Provider - * - * @return unique identifier, but never null - */ - public String getSpEntityID(); - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java deleted file mode 100644 index 78e8be452..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java +++ /dev/null @@ -1,51 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.data; - -public class Trible<P1, P2, P3> { - private final P1 first; - private final P2 second; - private final P3 third; - - private Trible(final P1 newFirst, final P2 newSecond, final P3 newThird) { - this.first = newFirst; - this.second = newSecond; - this.third = newThird; - } - - public P1 getFirst() { - return this.first; - } - - public P2 getSecond() { - return this.second; - } - - public P3 getThird() { - return this.third; - } - - public static <P1, P2, P3> Trible<P1, P2, P3> newInstance(final P1 newFirst, final P2 newSecond, final P3 newThird) { - return new Trible<P1, P2, P3>(newFirst, newSecond, newThird); - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 7f183c5eb..77abe07af 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -22,491 +22,82 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.moduls; -import java.io.IOException; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collection; import java.util.Enumeration; -import java.util.Iterator; import java.util.List; -import java.util.Map.Entry; -import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang3.StringUtils; import org.opensaml.saml2.core.LogoutRequest; -import org.opensaml.saml2.core.LogoutResponse; -import org.opensaml.saml2.core.StatusCode; -import org.opensaml.saml2.metadata.SingleLogoutService; -import org.opensaml.ws.soap.common.SOAPException; -import org.opensaml.xml.XMLObject; -import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; -import at.gv.egovernment.moa.id.auth.modules.SingleSignOnConsentsModuleImpl; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.data.SLOInformationContainer; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.process.ExecutionContextImpl; -import at.gv.egovernment.moa.id.process.ProcessEngine; -import at.gv.egovernment.moa.id.process.ProcessExecutionException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @Service("MOAID_AuthenticationManager") -public class AuthenticationManager extends MOAIDAuthConstants { +public class AuthenticationManager extends AbstractAuthenticationManager { - private static List<String> reqParameterWhiteListeForModules = new ArrayList<String>(); + public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_LoA"; + public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes"; public static final String MOA_SESSION = "MoaAuthenticationSession"; public static final String MOA_AUTHENTICATED = "MoaAuthenticated"; - public static final int SLOTIMEOUT = 30 * 1000; //30 sec + @Autowired private IAuthenticationSessionStoreage authenticatedSessionStore; + @Autowired private SingleLogOutBuilder sloBuilder;; - @Autowired private ProcessEngine processEngine; - @Autowired private SSOManager ssoManager; - @Autowired private IRequestStorage requestStoreage; - @Autowired private ITransactionStorage transactionStorage; - @Autowired private IAuthenticationSessionStoreage authenticatedSessionStore; - @Autowired private MOAReversionLogger revisionsLogger; - @Autowired protected AuthConfiguration authConfig; - @Autowired private SingleLogOutBuilder sloBuilder; - @Autowired private SAMLVerificationEngineSP samlVerificationEngine; - @Autowired private IGUIFormBuilder guiBuilder; - @Autowired(required=true) private MOAMetadataProvider metadataProvider; - public void performSingleLogOut(HttpServletRequest httpReq, - HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException { - performSingleLogOut(httpReq, httpResp, session, pvpReq, null); - - } - - public void performSingleLogOut(HttpServletRequest httpReq, - HttpServletResponse httpResp, IAuthenticationSession session, String authURL) throws MOAIDException { - performSingleLogOut(httpReq, httpResp, session, null, authURL); - - } - - /** - * @param req - * @param resp - * @param moasessionid - */ - public void performOnlyIDPLogOut(AuthenticationSession authSession) { - - if (authSession == null) { - Logger.info("No internal MOA SSO-Session found. Nothing to destroy"); - return; - - } - - try { - - authSession.setAuthenticated(false); - //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session - - //log Session_Destroy to reversionslog - AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(authSession.getSessionID()); - revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId()); - - authenticatedSessionStore.destroyInternalSSOSession(authSession.getSessionID()); - - //session.invalidate(); - - } catch (MOADatabaseException e) { - Logger.info("NO MOA Authentication data for ID " + authSession.getSessionID()); - return; - } - - } - - - public void performOnlyIDPLogOut(HttpServletRequest request, - HttpServletResponse response, String internalMOASsoSessionID) { - Logger.info("Remove active user-session"); - - if(internalMOASsoSessionID == null) { - internalMOASsoSessionID = StringEscapeUtils.escapeHtml((String) request.getParameter(PARAM_SESSIONID)); - } - - if(internalMOASsoSessionID == null) { - Logger.info("NO MOA Session to logout"); - return; - } - - AuthenticationSession authSession; - try { - authSession = authenticatedSessionStore.getInternalSSOSession(internalMOASsoSessionID); - - if(authSession == null) { - Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID); - return; - } - - performOnlyIDPLogOut(authSession); - - } catch (MOADatabaseException e) { - Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID); - return; - } - - } - - - /** - * Authenticates the authentication request {pendingReq}, which is actually processed - * - * @param httpReq HttpServletRequest - * @param httpResp HttpServletResponse - * @param protocolRequest Authentication request which is actually in process - * - * @return Return already authenticated MOASession if exists, otherwise return null - * @throws MOADatabaseException - * @throws MOAIDException - * @throws IOException - * @throws ServletException - * - */ - public AuthenticationSession doAuthentication(HttpServletRequest httpReq, - HttpServletResponse httpResp, RequestImpl pendingReq) throws MOADatabaseException, ServletException, IOException, MOAIDException { - - //load OA configuration from pending request - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); - - //set logging context and log unique OA identifier to revision log - TransactionIDUtils.setServiceProviderId(pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix()); - revisionsLogger.logEvent(oaParam, - pendingReq, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, pendingReq.getOAURL()); - - //generic authentication request validation - if (pendingReq.isPassiv() - && pendingReq.forceAuth()) { - // conflict! - throw new NoPassivAuthenticationException(); - } - - //get SSO cookie from http request - String ssoId = ssoManager.getSSOSessionID(httpReq); - - //check if interfederation IDP is requested - ssoManager.checkInterfederationIsRequested(httpReq, httpResp, pendingReq); - - //check if SSO session cookie is already used - if (ssoId != null) { - String correspondingMOASession = ssoManager.existsOldSSOSession(ssoId); - - if (correspondingMOASession != null) { - Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " + - "Invalidate the corresponding MOASession with ID="+ correspondingMOASession); - - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID); - - //destroy internal SSO-session object and SSO-session cooky - authenticatedSessionStore.destroyInternalSSOSession(correspondingMOASession); - ssoManager.deleteSSOSessionID(httpReq, httpResp); - } - } - - //check if SSO Session is valid - boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq); - - // check if Service-Provider allows SSO sessions - boolean useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP(); - - //if a legacy request is used SSO should not be allowed in case of mandate authentication - boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(httpReq); - - //check if SSO is allowed for the actually executed request - //INFO: Actually, useMandate disables SSO functionality!!!!! - boolean isSSOAllowed = (useSSOOA && !isUseMandateRequested); - pendingReq.setNeedSingleSignOnFunctionality(isSSOAllowed); - - //get MOASession from SSO-Cookie if SSO is allowed - AuthenticationSession ssoMOASession = null; - if (isValidSSOSession && isSSOAllowed) { - ssoMOASession = ssoManager.getInternalMOASession(ssoId); - - if (ssoMOASession == null) - Logger.info("No MOASession FOUND with provided SSO-Cookie."); - - else { - Logger.debug("Found authenticated MOASession with provided SSO-Cookie."); - revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO); - - } - } - - //check if session is already authenticated - boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, ssoMOASession); - - //force new authentication authentication process - if (pendingReq.forceAuth()) { - startAuthenticationProcess(httpReq, httpResp, pendingReq); - return null; - - //perform SSO-Consents evaluation if it it required - } else if (isSessionAuthenticated && oaParam.useSSOQuestion()) { - sendSingleSignOnConsentsEvaluation(httpReq, httpResp, pendingReq); - return null; - - } else if (pendingReq.isPassiv()) { - if (isSessionAuthenticated) { - // Passive authentication ok! - revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED); - return ssoMOASession; - - } else { - throw new NoPassivAuthenticationException(); - - } - } else { - if (isSessionAuthenticated) { - // Is authenticated .. proceed - revisionsLogger.logEvent(oaParam, - pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED); - return ssoMOASession; - - } else { - // Start authentication! - startAuthenticationProcess(httpReq, httpResp, pendingReq); - return null; - } - } - } - - /** - * Add a request parameter to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext} - * - * @param httpReqParam http parameter name, but never null - */ - public void addParameterNameToWhiteList(String httpReqParam) { - if (MiscUtil.isNotEmpty(httpReqParam)) - reqParameterWhiteListeForModules.add(httpReqParam); - - } - - - /** - * Checks if a authenticated MOASession already exists and if {protocolRequest} is authenticated - * - * @param protocolRequest Authentication request which is actually in process - * @param moaSession MOASession with authentication information or null if no active MOASession exists - * - * @return true if session is already authenticated, otherwise false - * @throws MOAIDException - */ - private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession ssoMOASession) { - - //if no MOASession exist -> authentication is required - if (ssoMOASession == null) { - return false; - - } else { - //if MOA SSO-Session is found but not authenticated --> authentication is required - if (!ssoMOASession.isAuthenticated()) { - return false; - } - - //if MOASession is already authenticated and protocol-request is authenticated - // --> no authentication is required any more - else if (ssoMOASession.isAuthenticated() && protocolRequest.isAuthenticated()) { - protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID()); - return true; - - // if MOASession is authenticated and SSO is allowed --> authenticate pendingRequest - } else if (!protocolRequest.isAuthenticated() - && ssoMOASession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) { - Logger.debug("Found active MOASession and SSO is allowed --> pendingRequest is authenticted"); - protocolRequest.setAuthenticated(true); - protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID()); - return true; - - } - - // force authentication as backup solution - else { - Logger.warn("Authentication-required check find an unsuspected state --> force authentication"); - return false; - - } - } - } - - private void startAuthenticationProcess(HttpServletRequest httpReq, - HttpServletResponse httpResp, RequestImpl pendingReq) - throws ServletException, IOException, MOAIDException { - - Logger.info("Starting authentication ..."); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_START); - - //is legacy allowed - List<String> legacyallowed_prot = authConfig.getLegacyAllowedProtocols(); - boolean legacyallowed = legacyallowed_prot.contains(pendingReq.requestedModule()); - - //check legacy request parameter - boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(httpReq); - - //create authentication process execution context - ExecutionContext executionContext = new ExecutionContextImpl(); - - //set oaIdentifeir - executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_UNIQUE_OA_IDENTFIER, - pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix()); - - //set interfederation authentication flag - executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH, - MiscUtil.isNotEmpty( - pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class))); - - //set legacy mode or BKU-selection flags - boolean leagacyMode = (legacyallowed && legacyparamavail); - executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_ISLEGACYREQUEST, leagacyMode); - executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, !leagacyMode - && MiscUtil.isEmpty(pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class))); - - //add X509 SSL client certificate if exist - if (httpReq.getAttribute("javax.servlet.request.X509Certificate") != null) { - Logger.debug("Find SSL-client-certificate on request --> Add it to context"); - executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_SSL_CLIENT_CERTIFICATE, - ((X509Certificate[])httpReq.getAttribute("javax.servlet.request.X509Certificate"))); - - } - - //add additional http request parameter to context - if (!reqParameterWhiteListeForModules.isEmpty() || leagacyMode) { - Enumeration<String> reqParamNames = httpReq.getParameterNames(); - while(reqParamNames.hasMoreElements()) { - String paramName = reqParamNames.nextElement(); - if (MiscUtil.isNotEmpty(paramName) && - ( MOAIDAuthConstants.LEGACYPARAMETERWHITELIST.contains(paramName) - || reqParameterWhiteListeForModules.contains(paramName) )) - executionContext.put(paramName, - StringEscapeUtils.escapeHtml(httpReq.getParameter(paramName))); - } - } - - //start process engine - startProcessEngine(pendingReq, executionContext); - - } - - private void sendSingleSignOnConsentsEvaluation(HttpServletRequest request, - HttpServletResponse response, RequestImpl pendingReq) - throws ServletException, IOException, MOAIDException { - - Logger.info("Start SSO user-consents evaluation ..."); - - //set authenticated flag to false, because user consents is required - pendingReq.setAuthenticated(false); - - //create execution context - ExecutionContext executionContext = new ExecutionContextImpl(); - executionContext.put(SingleSignOnConsentsModuleImpl.PARAM_SSO_CONSENTS_EVALUATION, true); - - //start process engine - startProcessEngine(pendingReq, executionContext); - - } - - private void startProcessEngine(RequestImpl pendingReq, ExecutionContext executionContext) throws MOAIDException { - try { - //put pending-request ID on execurtionContext - executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID()); - - // create process instance - String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext); - - if (processDefinitionId == null) { - Logger.warn("No suitable process found for SessionID " + pendingReq.getRequestID() ); - throw new MOAIDException("process.02",new Object[] { - pendingReq.getRequestID()}); - } - - String processInstanceId = processEngine.createProcessInstance(processDefinitionId, executionContext); - - // keep process instance id in protocol pending-request - pendingReq.setProcessInstanceId(processInstanceId); - - //store pending-request - requestStoreage.storePendingRequest(pendingReq); - - // start process - processEngine.start(pendingReq); - - } catch (ProcessExecutionException e) { - Throwable cause = e.getCause(); - if (cause != null && cause instanceof TaskExecutionException) { - Throwable taskCause = cause.getCause(); - if (taskCause != null && taskCause instanceof MOAIDException) { - MOAIDException moaTaskCause = (MOAIDException) taskCause; - Logger.warn(taskCause); - throw moaTaskCause; - - } - } - - throw new MOAIDException("process.01", new Object[] { pendingReq.getProcessInstanceId(), pendingReq.getRequestID() }, e); - } - } - - private void performSingleLogOut(HttpServletRequest httpReq, - HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException { + @Override + public ISLOInformationContainer performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq, String internalSSOId) + throws EAAFException { String pvpSLOIssuer = null; - String inboundRelayState = null; String uniqueSessionIdentifier = "notSet"; String uniqueTransactionIdentifier = "notSet"; - + PVPSProfilePendingRequest pvpReq = null; Logger.debug("Start technical Single LogOut process ... "); - if (pvpReq != null) { - MOARequest samlReq = (MOARequest) pvpReq.getRequest(); - LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest(); - pvpSLOIssuer = logOutReq.getIssuer().getValue(); - inboundRelayState = samlReq.getRelayState(); - uniqueSessionIdentifier = pvpReq.getUniqueSessionIdentifier(); - uniqueTransactionIdentifier = pvpReq.getUniqueTransactionIdentifier(); + + if (pendingReq != null) { + uniqueSessionIdentifier = pendingReq.getUniqueSessionIdentifier(); + uniqueTransactionIdentifier = pendingReq.getUniqueTransactionIdentifier(); + + if (pendingReq instanceof PVPSProfileRequest) { + pvpReq = ((PVPSProfilePendingRequest)pendingReq); + PVPSProfileRequest samlReq = (PVPSProfileRequest) pvpReq.getRequest(); + LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest(); + pvpSLOIssuer = logOutReq.getIssuer().getValue(); + } + if (MiscUtil.isEmpty(internalSSOId)) + internalSSOId = pendingReq.getInternalSSOSessionIdentifier(); + } else { AuthenticationSessionExtensions sessionExt; try { - sessionExt = authenticatedSessionStore.getAuthenticationSessionExtensions(session.getSessionID()); + sessionExt = authenticatedSessionStore.getAuthenticationSessionExtensions(internalSSOId); if (sessionExt != null) uniqueSessionIdentifier = sessionExt.getUniqueSessionId(); @@ -520,8 +111,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { } //store active OAs to SLOContaine - List<OASessionStore> dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(session); - List<InterfederationSessionStore> dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(session); + List<OASessionStore> dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(internalSSOId); + List<InterfederationSessionStore> dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(internalSSOId); SLOInformationContainer sloContainer = new SLOInformationContainer(); sloContainer.setTransactionID(uniqueTransactionIdentifier); sloContainer.setSessionID(uniqueSessionIdentifier); @@ -534,13 +125,13 @@ public class AuthenticationManager extends MOAIDAuthConstants { + " BackChannel:" + sloContainer.getActiveBackChannelOAs().size() + " FrontChannel:" + sloContainer.getActiveFrontChannalOAs().size() + " NO_SLO_Support:" + sloContainer.getSloFailedOAs().size()); - + + //terminate MOASession try { - authenticatedSessionStore.destroyInternalSSOSession(session.getSessionID()); - ssoManager.deleteSSOSessionID(httpReq, httpResp); + authenticatedSessionStore.destroyInternalSSOSession(internalSSOId); + ssoManager.destroySSOSessionOnIDPOnly(httpReq, httpResp, pendingReq); revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier); - Logger.debug("Active SSO Session on IDP is remove."); } catch (MOADatabaseException e) { @@ -549,165 +140,48 @@ public class AuthenticationManager extends MOAIDAuthConstants { } - Logger.trace("Starting Service-Provider logout process ... "); - revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_STARTED); - //start service provider back channel logout process - Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA(); - while (nextOAInterator.hasNext()) { - SLOInformationImpl sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next()); - LogoutRequest sloReq = sloBuilder.buildSLORequestMessage(sloDescr); - - try { - Logger.trace("Send backchannel SLO Request to " + sloDescr.getSpEntityID()); - List<XMLObject> soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq); - - LogoutResponse sloResp = null; - for (XMLObject el : soapResp) { - if (el instanceof LogoutResponse) - sloResp = (LogoutResponse) el; - } - - if (sloResp == null) { - Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID() - + " FAILED. NO LogOut response received."); - sloContainer.putFailedOA(sloDescr.getSpEntityID()); - - } else { - samlVerificationEngine.verifySLOResponse(sloResp, - TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); - - } - - sloBuilder.checkStatusCode(sloContainer, sloResp); - - } catch (SOAPException e) { - Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID() - + " FAILED.", e); - sloContainer.putFailedOA(sloDescr.getSpEntityID()); - - } catch (SecurityException | InvalidProtocolRequestException e) { - Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID() - + " FAILED.", e); - sloContainer.putFailedOA(sloDescr.getSpEntityID()); - - } - } - - //start service provider front channel logout process - try { - if (sloContainer.hasFrontChannelOA()) { - String relayState = Random.nextRandom(); - - Collection<Entry<String, SLOInformationImpl>> sloDescr = sloContainer.getFrontChannelOASessionDescriptions(); - List<String> sloReqList = new ArrayList<String>(); - for (Entry<String, SLOInformationImpl> el : sloDescr) { - Logger.trace("Build frontChannel SLO Request for " + el.getValue().getSpEntityID()); - - LogoutRequest sloReq = sloBuilder.buildSLORequestMessage(el.getValue()); - try { - sloReqList.add(sloBuilder.getFrontChannelSLOMessageURL(el.getValue().getServiceURL(), el.getValue().getBinding(), - sloReq, httpReq, httpResp, relayState)); - - } catch (Exception e) { - Logger.warn("Failed to build SLO request for OA:" + el.getKey()); - sloContainer.putFailedOA(el.getKey()); - - } - } - - //put SLO process-information into transaction storage - transactionStorage.put(relayState, sloContainer, -1); - - if (MiscUtil.isEmpty(authURL)) - authURL = pvpReq.getAuthURL(); - - String timeOutURL = authURL - + "/idpSingleLogout" - + "?restart=" + relayState; - - DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( - authURL, - DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, - null); - - config.putCustomParameterWithOutEscaption("redirectURLs", sloReqList); - config.putCustomParameterWithOutEscaption("timeoutURL", timeOutURL); - config.putCustomParameter("timeout", String.valueOf(SLOTIMEOUT)); - - guiBuilder.build(httpResp, config, "Single-LogOut GUI"); - - - } else { - if (pvpReq != null) { - //send SLO response to SLO request issuer - SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq); - LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs()); - sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq); - - } else { - //print SLO information directly - DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( - authURL, - DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, - null); - - if (sloContainer.getSloFailedOAs() == null || - sloContainer.getSloFailedOAs().size() == 0) { - revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID); - config.putCustomParameter("successMsg", - MOAIDMessageProvider.getInstance().getMessage("slo.00", null)); - - } else { - revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); - config.putCustomParameterWithOutEscaption("errorMsg", - MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - - } - guiBuilder.build(httpResp, config, "Single-LogOut GUI"); - - } - - } + return sloContainer; - } catch (GUIBuildException e) { - Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage()); - throw new MOAIDException("builder.09", new Object[]{e.getMessage()}, e); + } + + @Override + protected void populateExecutionContext(ExecutionContext executionContext, RequestImpl pendingReq, HttpServletRequest httpReq) + throws EAAFException { + //is legacy allowed + boolean legacyallowed = false; + if (authConfig instanceof AuthConfiguration) { + List<String> legacyallowed_prot = ((AuthConfiguration)authConfig).getLegacyAllowedProtocols(); + legacyallowed = legacyallowed_prot.contains(pendingReq.requestedModule()); - } catch (MOADatabaseException e) { - Logger.error("MOA AssertionDatabase ERROR", e); - if (pvpReq != null) { - SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq); - LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); - sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq); + } else + Logger.info("Base configuration is NOT of type 'AuthConfiguration'. LegacyMode is disabled"); + - revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); + //check legacy request parameter + boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(httpReq); - }else { - //print SLO information directly - DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( - authURL, - DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, - null); + + //set interfederation authentication flag + executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH, + MiscUtil.isNotEmpty( + pendingReq.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class))); + + //set legacy mode or BKU-selection flags + boolean leagacyMode = (legacyallowed && legacyparamavail); + executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_ISLEGACYREQUEST, leagacyMode); + executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, !leagacyMode + && MiscUtil.isEmpty(pendingReq.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class))); - revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); - config.putCustomParameterWithOutEscaption("errorMsg", - MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - - try { - guiBuilder.build(httpResp, config, "Single-LogOut GUI"); - - } catch (GUIBuildException e1) { - Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage()); - throw new MOAIDException("builder.09", new Object[]{e.getMessage()}, e); - - } - - } - - } catch (Exception e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } + //add additional http request parameter to context + if (leagacyMode) { + Enumeration<String> reqParamNames = httpReq.getParameterNames(); + while(reqParamNames.hasMoreElements()) { + String paramName = reqParamNames.nextElement(); + if (StringUtils.isNotEmpty(paramName) && MOAIDAuthConstants.LEGACYPARAMETERWHITELIST.contains(paramName) ) + executionContext.put(paramName, StringEscapeUtils.escapeHtml(httpReq.getParameter(paramName))); + } + } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java deleted file mode 100644 index ae2771427..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java +++ /dev/null @@ -1,39 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.moduls; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; - -public interface IAction { - public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) - throws MOAIDException; - public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp); - - public String getDefaultActionName(); -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java deleted file mode 100644 index b9b161bb6..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java +++ /dev/null @@ -1,42 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.moduls; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.commons.api.IRequest; - - -public interface IModulInfo { - //public List<ServletInfo> getServlets(); - public String getName(); - public String getPath(); - - public boolean generateErrorMessage(Throwable e, - HttpServletRequest request, HttpServletResponse response, - IRequest protocolRequest) throws Throwable; - - public boolean validate(HttpServletRequest request, - HttpServletResponse response, IRequest pending); -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java deleted file mode 100644 index 987d92e16..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.moduls; - -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; - -/** - * @author tlenz - * - */ -public interface IRequestStorage { - - public IRequest getPendingRequest(String pendingReqID); - - public void storePendingRequest(IRequest pendingRequest) throws MOAIDException; - - public void removePendingRequest(String requestID); - - public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException, MOADatabaseException; - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java deleted file mode 100644 index f1db466e9..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java +++ /dev/null @@ -1,38 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.moduls; - -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; - -public class NoPassivAuthenticationException extends MOAIDException { - - public NoPassivAuthenticationException() { - super("auth.18", null); - } - - /** - * - */ - private static final long serialVersionUID = 596920452166197688L; - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java deleted file mode 100644 index b87574d52..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ /dev/null @@ -1,454 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.moduls; - -import java.io.Serializable; -import java.net.MalformedURLException; -import java.net.URL; -import java.util.Collection; -import java.util.Date; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; - -import org.opensaml.saml2.metadata.provider.MetadataProvider; - -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; -import at.gv.egovernment.moa.id.commons.MOAIDConstants; -import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants; -import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -public abstract class RequestImpl implements IRequest, Serializable{ - - public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL"; - public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse"; - public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes"; - public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID"; - - public static final String DATAID_REQUESTER_IP_ADDRESS = "requesterIP"; - -// public static final String eIDAS_GENERIC_REQ_DATA_COUNTRY = "country"; - public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_LoA"; - - - - private static final long serialVersionUID = 1L; - - private String module = null; - private String action = null; - - private String requestID; - private String processInstanceId; - private String ssoMoaSessionId; - - private String uniqueTransactionIdentifer; - private String uniqueSessionIdentifer; - - private String oaURL; - private String authURL = null; - - private IOAAuthParameters OAConfiguration = null; - - private boolean passiv = false; - private boolean force = false; - private boolean needSSO = false; - private boolean isAbortedByUser = false; - - //every request needs authentication by default - private boolean needAuthentication = true; - - //every request is not authenticated by default - private boolean isAuthenticated = false; - - private Map<String, Object> genericDataStorage = new HashMap<String, Object>(); - - private IAuthenticationSession moaSSOSessionContainer = null; - - - /** - * @throws ConfigurationException - * - */ - public final void initialize(HttpServletRequest req) throws ConfigurationException { - //set requestID - requestID = Random.nextLongRandom(); - - //set unique transaction identifier for logging - uniqueTransactionIdentifer = Random.nextLongRandom(); - TransactionIDUtils.setTransactionId(uniqueTransactionIdentifer); - - //initialize session object - genericDataStorage.put(AuthProzessDataConstants.VALUE_CREATED, new Date()); - genericDataStorage.put(AuthProzessDataConstants.VALUE_SESSIONID, Random.nextLongRandom()); - - //check if End-Point is valid - String authURLString = HTTPUtils.extractAuthURLFromRequest(req); - URL authURL; - try { - authURL = new URL(authURLString); - - } catch (MalformedURLException e) { - Logger.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + authURLString, e); - throw new ConfigurationException("1299", null, e); - - } - - AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); - List<String> configuredPublicURLPrefix = config.getPublicURLPrefix(); - - if (!config.isVirtualIDPsEnabled()) { - Logger.trace("Virtual IDPs are disabled. Use default IDP PublicURLPrefix from configuration: " + configuredPublicURLPrefix.get(0)); - this.authURL = configuredPublicURLPrefix.get(0); - - } else { - Logger.debug("Extract AuthenticationServiceURL: " + authURLString); - URL resultURL = null; - - for (String el : configuredPublicURLPrefix) { - try { - URL configuredURL = new URL(el); - - //get Ports from URL - int configPort = configuredURL.getPort(); - if (configPort == -1) - configPort = configuredURL.getDefaultPort(); - - int authURLPort = authURL.getPort(); - if (authURLPort == -1) - authURLPort = authURL.getDefaultPort(); - - //check AuthURL against ConfigurationURL - if (configuredURL.getHost().equals(authURL.getHost()) && - configPort == authURLPort && - configuredURL.getPath().equals(authURL.getPath())) { - Logger.debug("Select configurated PublicURLPrefix: " + configuredURL - + " for authURL: " + authURLString); - resultURL = configuredURL; - } - - } catch (MalformedURLException e) { - Logger.error("Configurated IDP PublicURLPrefix is not a valid URL." + el); - - } - } - - if (resultURL == null) { - Logger.warn("Extract AuthenticationServiceURL: " + authURL + " is NOT found in configuration."); - throw new ConfigurationException("config.25", new Object[]{authURLString}); - - } else { - this.authURL = resultURL.toExternalForm(); - - } - } - - //set unique session identifier - String uniqueID = (String) req.getAttribute(MOAIDConstants.UNIQUESESSIONIDENTIFIER); - if (MiscUtil.isNotEmpty(uniqueID)) - uniqueSessionIdentifer = uniqueID; - - else - Logger.warn("No unique session-identifier FOUND, but it should be allready set into request!?!"); - - //set requester's IP address - try { - setGenericDataToSession(DATAID_REQUESTER_IP_ADDRESS, req.getRemoteAddr()); - - } catch (SessionDataStorageException e) { - Logger.warn("Can not store remote IP address to 'pendingRequest' during an exception." , e); - - } - - } - - /** - * This method map the protocol specific requested attributes to PVP 2.1 attributes. - * - * @return List of PVP 2.1 attribute names with maps all protocol specific attributes - */ - public abstract Collection<String> getRequestedAttributes(MetadataProvider metadataProvider); - - public void setOAURL(String value) { - oaURL = value; - } - - public String getOAURL() { - return oaURL; - } - - public boolean isPassiv() { - return passiv; - } - - public boolean forceAuth() { - return force; - } - - public void setPassiv(boolean passiv) { - this.passiv = passiv; - } - - public void setForce(boolean force) { - this.force = force; - } - - public String requestedAction() { - return action; - } - - public void setAction(String action) { - this.action = action; - } - - /** - * @return the module - */ - public String requestedModule() { - return module; - } - - /** - * @param module the module to set - */ - public void setModule(String module) { - this.module = module; - } - - public void setRequestID(String id) { - this.requestID = id; - - } - - public String getRequestID() { - return requestID; - } - - public String getInternalSSOSessionIdentifier() { - return this.ssoMoaSessionId; - } - - /** - * Set the internal SSO session identifier, which associated with this pending request - * - * @param internalSSOSessionId - */ - public void setInternalSSOSessionIdentifier(String internalSSOSessionId) { - this.ssoMoaSessionId = internalSSOSessionId; - - } - - public IAuthenticationSession getMOASession() { - //if SSO session information are set, use this - if (moaSSOSessionContainer != null) - return moaSSOSessionContainer; - - else - return new AuthenticationSessionWrapper(genericDataStorage); - - } - - public void populateMOASessionWithSSOInformation(IAuthenticationSession ssoSession) { - if (ssoSession instanceof AuthenticationSession) { - moaSSOSessionContainer = ssoSession; - - } else - throw new IllegalStateException("Session information can only be populated with SSO information from database"); - - - } - - - public IOAAuthParameters getOnlineApplicationConfiguration() { - return this.OAConfiguration; - - } - - public void setOnlineApplicationConfiguration(IOAAuthParameters oaConfig) { - this.OAConfiguration = oaConfig; - - } - - public String getUniqueTransactionIdentifier() { - return this.uniqueTransactionIdentifer; - - } - - public String getUniqueSessionIdentifier() { - return this.uniqueSessionIdentifer; - - } - - public String getProcessInstanceId() { - return this.processInstanceId; - - } - - public void setUniqueTransactionIdentifier(String id) { - this.uniqueTransactionIdentifer = id; - - } - - public void setUniqueSessionIdentifier(String id) { - this.uniqueSessionIdentifer = id; - - } - - public void setProcessInstanceId(String id) { - this.processInstanceId = id; - - } - - /** - * @return the authURL - */ - public String getAuthURL() { - return authURL; - } - - public String getAuthURLWithOutSlash() { - if (authURL.endsWith("/")) - return authURL.substring(0, authURL.length()-1); - else - return authURL; - - } - - /** - * @return the needAuthentication - */ - public boolean isNeedAuthentication() { - return needAuthentication; - } - - /** - * @param needAuthentication the needAuthentication to set - */ - public void setNeedAuthentication(boolean needAuthentication) { - this.needAuthentication = needAuthentication; - } - - /** - * @return the isAuthenticated - */ - public boolean isAuthenticated() { - return isAuthenticated; - } - - /** - * @param isAuthenticated the isAuthenticated to set - */ - public void setAuthenticated(boolean isAuthenticated) { - this.isAuthenticated = isAuthenticated; - } - - public boolean needSingleSignOnFunctionality() { - return needSSO; - } - public void setNeedSingleSignOnFunctionality(boolean needSSO) { - this.needSSO = needSSO; - - } - - public boolean isAbortedByUser() { - return this.isAbortedByUser; - } - - public void setAbortedByUser(boolean isAborted) { - this.isAbortedByUser = isAborted; - - } - - public Object getGenericData(String key) { - if (MiscUtil.isNotEmpty(key)) { - return genericDataStorage.get(key); - - } - - Logger.warn("Can not load generic request-data with key='null'"); - return null; - } - - public <T> T getGenericData(String key, final Class<T> clazz) { - if (MiscUtil.isNotEmpty(key)) { - Object data = genericDataStorage.get(key); - - if (data == null) - return null; - - try { - @SuppressWarnings("unchecked") - T test = (T) data; - return test; - - } catch (Exception e) { - Logger.warn("Generic request-data object can not be casted to requested type", e); - return null; - - } - - } - - Logger.warn("Can not load generic request-data with key='null'"); - return null; - - } - - public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException { - if (MiscUtil.isEmpty(key)) { - Logger.warn("Generic request-data can not be stored with a 'null' key"); - throw new SessionDataStorageException("Generic request-data can not be stored with a 'null' key", null); - - } - - if (object != null) { - if (!Serializable.class.isInstance(object)) { - Logger.warn("Generic request-data can only store objects which implements the 'Seralizable' interface"); - throw new SessionDataStorageException("Generic request-data can only store objects which implements the 'Seralizable' interface", null); - - } - } - - if (genericDataStorage.containsKey(key)) - Logger.debug("Overwrite generic request-data with key:" + key); - else - Logger.trace("Add generic request-data with key:" + key + " to session."); - - genericDataStorage.put(key, object); - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java deleted file mode 100644 index 90ccb3c27..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java +++ /dev/null @@ -1,135 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.moduls; - -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; - -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAO; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.logging.Logger; - -@Service("RequestStorage") -public class RequestStorage implements IRequestStorage{ - - @Autowired ITransactionStorage transactionStorage; - @Autowired ProcessInstanceStoreDAO processInstanceStore; - - @Override - public IRequest getPendingRequest(String pendingReqID) { - - try { - IRequest pendingRequest = transactionStorage.get(pendingReqID, IRequest.class); - if (pendingRequest == null) { - Logger.info("No PendingRequst found with pendingRequestID " + pendingReqID); - return null; - - } - - //set transactionID and sessionID to Logger - TransactionIDUtils.setAllLoggingVariables(pendingRequest); - - return pendingRequest; - - } catch (MOADatabaseException | NullPointerException e) { - Logger.info("No PendingRequst found with pendingRequestID " + pendingReqID); - return null; - - } - } - - @Override - public void storePendingRequest(IRequest pendingRequest) throws MOAIDException { - try { - if (pendingRequest instanceof IRequest) { - transactionStorage.put(((IRequest)pendingRequest).getRequestID(), pendingRequest, -1); - - } else { - throw new MOAIDException("auth.20", null); - - } - - } catch (MOADatabaseException e) { - Logger.warn("Pending Request with ID=" + ((IRequest)pendingRequest).getRequestID() + - " can not stored.", e); - throw new MOAIDException("auth.20", null); - } - - } - - @Override - public void removePendingRequest(String requestID) { - - if (requestID != null) { - - //remove process-management execution instance - try { - IRequest pendingReq = getPendingRequest(requestID); - - if (pendingReq != null && - pendingReq.getProcessInstanceId() != null) { - processInstanceStore.remove(pendingReq.getProcessInstanceId()); - - } - - } catch (MOADatabaseException e) { - Logger.warn("Removing process associated with pending-request:" + requestID + " FAILED.", e); - - } - - transactionStorage.remove(requestID); - - } - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.storage.IRequestStorage#changePendingRequestID(at.gv.egovernment.moa.id.moduls.IRequest) - */ - @Override - public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException, MOADatabaseException { - - if (pendingRequest instanceof RequestImpl) { - String newRequestID = Random.nextRandom(); - String oldRequestID = pendingRequest.getRequestID(); - - Logger.debug("Change pendingRequestID from " + pendingRequest.getRequestID() - + " to " + newRequestID); - - ((RequestImpl)pendingRequest).setRequestID(newRequestID); - transactionStorage.changeKey(oldRequestID, newRequestID, pendingRequest); - //only delete oldRequestID, no change. - - return newRequestID; - - } else { - Logger.error("PendingRequest object is not of type 'RequestImpl.class'"); - throw new MOAIDException("internal.00", null); - } - - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index 557d9af48..b5005d0c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -23,32 +23,49 @@ package at.gv.egovernment.moa.id.moduls; import java.util.Date; +import java.util.Map; +import java.util.Map.Entry; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.core.exceptions.EAAFSSOException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @Service("MOAID_SSOManager") -public class SSOManager { +public class SSOManager implements ISSOManager { + private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; private static final String HTMLTEMPLATEFULL = "slo_template.html"; public static String CONTEXTPATH = "contextPath"; @@ -58,10 +75,228 @@ public class SSOManager { private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec + public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL"; + public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse"; + public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID"; + + @Autowired private IAuthenticationSessionStoreage authenticatedSessionStore; - @Autowired protected AuthConfiguration authConfig; + @Autowired private AuthConfiguration authConfig; + @Autowired private IRevisionLogger revisionsLogger; + + + + //@Autowired private MOASessionDBUtils moaSessionDBUtils; + @Override + public boolean checkAndValidateSSOSession(IRequest pendingReq, HttpServletRequest httpReq, HttpServletResponse httpResp) throws EAAFSSOException { + try { + //get SSO cookie from http request + String ssoId = getSSOSessionID(httpReq); + + //check if interfederation IDP is requested + checkInterfederationIsRequested(httpReq, httpResp, pendingReq); + + //check if SSO session cookie is already used + if (ssoId != null) { + String correspondingMOASession = existsOldSSOSession(ssoId); + + if (correspondingMOASession != null) { + Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " + + "Invalidate the corresponding MOASession with ID="+ correspondingMOASession); + + revisionsLogger.logEvent(pendingReq, EVENT_SSO_SESSION_INVALID); + + //destroy internal SSO-session object and SSO-session cooky + authenticatedSessionStore.destroyInternalSSOSession(correspondingMOASession); + deleteSSOSessionID(httpReq, httpResp); + } + } + + //check if SSO Session is valid + boolean isSSOValid = isValidSSOSession(ssoId, pendingReq); + + return isSSOValid; + + + } catch (SessionDataStorageException | ConfigurationException | EAAFStorageException e) { + Logger.warn("Cann not process SSO session. Reason: " + e.getMessage(), e); + Logger.info("All SSO session will be ignored."); + + } + + return false; + + } + + + @Override + public void isSSOAllowedForSP(IRequest pendingReq, HttpServletRequest httpReq) { + // check if Service-Provider allows SSO sessions + IOAAuthParameters oaConfig = pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class); + boolean useSSOOA = oaConfig.useSSO() || oaConfig.isInderfederationIDP(); + + //if a legacy request is used SSO should not be allowed in case of mandate authentication + boolean isUseMandateRequested = false; + try { + isUseMandateRequested = LegacyHelper.isUseMandateRequested(httpReq); + + //check if SSO is allowed for the actually executed request + //INFO: Actually, useMandate disables SSO functionality!!!!! + pendingReq.setNeedSingleSignOnFunctionality((useSSOOA && !isUseMandateRequested)); + + //check if current service provider needs user consent for SSO + pendingReq.setNeedUserConsent(oaConfig.useSSOQuestion()); + + } catch (WrongParametersException e) { + Logger.warn("Find suspect http parameter for mandates! Reason: " + e.getMessage()); + + } + + } + + @Override + public void populatePendingRequestWithSSOInformation(IRequest pendingReq) throws EAAFSSOException { + //populate pending request with eID data from SSO session if no userConsent is required + try { + AuthenticationSession ssoMOASession = authenticatedSessionStore.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier()); + + if (ssoMOASession == null) + Logger.info("No MOASession FOUND with provided SSO-Cookie."); + + else { + Logger.debug("Found authenticated MOASession with provided SSO-Cookie."); + revisionsLogger.logEvent(pendingReq, EVENT_SSO_SESSION_VALID); + + Logger.trace("Populatint pending request with SSO session information .... "); + Map<String, Object> fullSSOData = ssoMOASession.getKeyValueRepresentationFromAuthSession(); + if (Logger.isTraceEnabled()) { + Logger.trace("Full SSO DataSet: "); + for (Entry<String, Object> el : fullSSOData.entrySet()) { + Logger.trace(" Key: " + el.getKey() + " Value: " + el.getValue()); + + } + + } + pendingReq.setRawDataToTransaction(fullSSOData); + pendingReq.setAuthenticated(true); + + } + + } catch (EAAFStorageException e) { + Logger.warn("Can NOT populate pending request from SSO session.", e); + throw new EAAFSSOException("", new Object[] {}, e); + + } + + } + + + @Override + public boolean destroySSOSessionOnIDPOnly(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq) throws EAAFSSOException { + //get SSO token from request + String internalSSOSessionId = null; + try { + if (pendingReq != null && MiscUtil.isNotEmpty(pendingReq.getInternalSSOSessionIdentifier())) { + internalSSOSessionId = pendingReq.getInternalSSOSessionIdentifier(); + + } else { + String ssoid = getSSOSessionID(httpReq); + if (isValidSSOSession(ssoid, null)) { + internalSSOSessionId = authenticatedSessionStore.getInternalSSOSessionWithSSOID(ssoid); + + } + } + + //destroy SSO session if it was found + if (StringUtils.isNotEmpty(internalSSOSessionId)) { + //delete SSO session and MOA session + AuthenticationSession ssoMOASession = authenticatedSessionStore.getInternalSSOSession(internalSSOSessionId); + + if (ssoMOASession == null) { + Logger.info("No internal MOA SSO-Session found. Nothing to destroy"); + return false; + + } + + + ssoMOASession.setAuthenticated(false); + + //log Session_Destroy to reversionslog + AuthenticationSessionExtensions sessionExtensions = + authenticatedSessionStore.getAuthenticationSessionExtensions(ssoMOASession.getSSOSessionID()); + revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId()); + authenticatedSessionStore.destroyInternalSSOSession(ssoMOASession.getSSOSessionID()); + } + + } catch (ConfigurationException | SessionDataStorageException | EAAFStorageException e) { + Logger.info("NO MOA Authentication data for ID " + internalSSOSessionId); + return false; + + } + + + //Remove SSO token + deleteSSOSessionID(httpReq, httpResp); + + return true; + + } + + @Override + public String createNewSSOSessionCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq) + throws EAAFSSOException { + Logger.debug("Creating new SSO session-cookie for http response ... "); + + //Store SSO information into database + String newSSOSessionId = Random.nextHexRandom32(); + + //set SSO cookie to response + if (StringUtils.isNotEmpty(newSSOSessionId)) + setSSOSessionID(httpReq, httpResp, newSSOSessionId); + else + deleteSSOSessionID(httpReq, httpResp); + + return newSSOSessionId; + } + + +@Override +public void createNewSSOSession(IRequest pendingReq, String newSSOSessionId) throws EAAFSSOException { + AuthenticationSession internalDBSSOSession; + try { + internalDBSSOSession = authenticatedSessionStore.createInternalSSOSession(pendingReq); + pendingReq.setInternalSSOSessionIdentifier(internalDBSSOSession.getSSOSessionID()); + + } catch (MOADatabaseException | BuildException e) { + Logger.warn("Can NOT create SSO session.", e); + throw new EAAFSSOException("builder.10", null, e); + + } + +} + + +@Override +public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInformationInterface sloInformation) throws EAAFSSOException { + try { + authenticatedSessionStore.addSSOInformation( + pendingReq.getInternalSSOSessionIdentifier(), + newSSOSessionId, + sloInformation, + pendingReq); + + } catch (AuthenticationException e) { + Logger.warn("Can NOT update SSO session.", e); + throw new EAAFSSOException("builder.10", null, e); + } + +} + + + //*********************************** old ************************************** + /** * Check if interfederation IDP is requested via HTTP GET parameter or if interfederation cookie exists. * Set the requested interfederation IDP as attribte of the {protocolRequest} @@ -70,14 +305,15 @@ public class SSOManager { * @param httpResp HttpServletResponse * @param protocolRequest Authentication request which is actually in process * @throws SessionDataStorageException + * @throws EAAFStorageException * **/ public void checkInterfederationIsRequested(HttpServletRequest httpReq, HttpServletResponse httpResp, - IRequest protocolRequest) throws SessionDataStorageException { + IRequest protocolRequest) throws SessionDataStorageException, EAAFStorageException { String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP); String interfederationIDP = - protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class); + protocolRequest.getRawData(DATAID_INTERFEDERATIOIDP_URL, String.class); if (MiscUtil.isNotEmpty(interfederationIDP)) { Logger.debug("Protocolspecific preprocessing already set interfederation IDP " + interfederationIDP); return; @@ -89,14 +325,14 @@ public class SSOManager { RequestImpl moaReq = (RequestImpl) protocolRequest; if (MiscUtil.isNotEmpty(interIDP)) { Logger.info("Receive SSO request for interfederation IDP " + interIDP); - moaReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, interIDP); + moaReq.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, interIDP); } else { //check if IDP cookie is set String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION); if (MiscUtil.isNotEmpty(cookie)) { Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie); - moaReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, cookie); + moaReq.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, cookie); deleteCookie(httpReq, httpResp, SSOINTERFEDERATION); } @@ -113,8 +349,7 @@ public class SSOManager { } - - public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException, SessionDataStorageException { + public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException, SessionDataStorageException, EAAFStorageException { // search SSO Session if (ssoSessionID == null) { @@ -144,7 +379,7 @@ public class SSOManager { //in case of federated SSO session, jump to federated IDP for authentication String interfederationIDP = - protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class); + protocolRequest.getRawData(DATAID_INTERFEDERATIOIDP_URL, String.class); if (MiscUtil.isEmpty(interfederationIDP)) { InterfederationSessionStore selectedIDP = authenticatedSessionStore.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid()); @@ -152,8 +387,8 @@ public class SSOManager { if (selectedIDP != null) { //no local SSO session exist -> request interfederated IDP Logger.info("SSO Session refer to federated IDP: " + selectedIDP.getIdpurlprefix()); - protocolRequest.setGenericDataToSession( - RequestImpl.DATAID_INTERFEDERATIOIDP_URL, selectedIDP.getIdpurlprefix()); + protocolRequest.setRawDataToTransaction( + DATAID_INTERFEDERATIOIDP_URL, selectedIDP.getIdpurlprefix()); } else { Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ..."); @@ -170,25 +405,32 @@ public class SSOManager { return false; } - + + //set internal SSO SessionID + if (protocolRequest != null) + protocolRequest.setInternalSSOSessionIdentifier(storedSession.getSessionid()); + return true; } } - public AuthenticationSession getInternalMOASession(String ssoSessionID) throws MOADatabaseException { - return authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID); - - } +// public String getInternalSSOSession(String ssoSessionID) throws MOADatabaseException { +// return authenticatedSessionStore.getInternalSSOSessionWithSSOID(ssoSessionID); +// +// } //TODO: refactor for faster DB access public String getUniqueSessionIdentifier(String ssoSessionID) { try { if (MiscUtil.isNotEmpty(ssoSessionID)) { - AuthenticationSession moaSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID); - if (moaSession != null) { - AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSession.getSessionID()); + String ssoSessionId = authenticatedSessionStore.getInternalSSOSessionWithSSOID(ssoSessionID); + if (MiscUtil.isNotEmpty(ssoSessionId)) { + AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(ssoSessionId); + if (extSessionInformation != null) return extSessionInformation.getUniqueSessionId(); + else + Logger.warn("Extended SSO-Session Information ARE NULL. Something looks wrong!"); } } @@ -199,55 +441,13 @@ public class SSOManager { return null; } - - public String existsOldSSOSession(String ssoId) { - - Logger.trace("Check that the SSOID has already been used"); - - OldSSOSessionIDStore oldSSOSession = authenticatedSessionStore.checkSSOTokenAlreadyUsed(ssoId); - - if (oldSSOSession == null) { - Logger.debug("SSO session-cookie was not used in parst"); - return null; - } - - AuthenticatedSessionStore correspondingMoaSession = oldSSOSession.getMoasession(); - - if (correspondingMoaSession == null) { - Logger.info("Get request with old SSO SessionID but no corresponding SSO Session is found."); - return null; - } - - return correspondingMoaSession.getSessionid(); - - } - - public String createSSOSessionInformations(String moaSessionID, String OAUrl) { - - String newSSOId = Random.nextRandom(); - - if (MiscUtil.isEmpty(moaSessionID) || MiscUtil.isEmpty(OAUrl)) { - Logger.warn("MoaSessionID or OAUrl are empty -> SSO is not enabled!"); - return null; - } - - return newSSOId; - - } - - public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) { - setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1); - - } - + public String getSSOSessionID(HttpServletRequest httpReq) { return getValueFromCookie(httpReq, SSOCOOKIE); } - public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) { - deleteCookie(httpReq, httpResp, SSOCOOKIE); - } + /** * @param entityID @@ -284,7 +484,41 @@ public class SSOManager { return false; } - + + + private String existsOldSSOSession(String ssoId) { + + Logger.trace("Check that the SSOID has already been used"); + + OldSSOSessionIDStore oldSSOSession = authenticatedSessionStore.checkSSOTokenAlreadyUsed(ssoId); + + if (oldSSOSession == null) { + Logger.debug("SSO session-cookie was not used in parst"); + return null; + } + + AuthenticatedSessionStore correspondingMoaSession = oldSSOSession.getMoasession(); + + if (correspondingMoaSession == null) { + Logger.info("Get request with old SSO SessionID but no corresponding SSO Session is found."); + return null; + } + + return correspondingMoaSession.getSessionid(); + + } + + + private void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) { + setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1); + + } + + private void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) { + deleteCookie(httpReq, httpResp, SSOCOOKIE); + + } + private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) { Cookie[] cookies = httpReq.getCookies(); @@ -312,6 +546,7 @@ public class SSOManager { private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) { setCookie(httpReq, httpResp, cookieName, "", 0); + } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java deleted file mode 100644 index b05e60e94..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java +++ /dev/null @@ -1,114 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.opemsaml; - -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.io.OutputStreamWriter; -import java.io.Writer; - -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; -import org.opensaml.common.binding.SAMLMessageContext; -import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; -import org.opensaml.ws.message.encoder.MessageEncodingException; -import org.opensaml.ws.transport.http.HTTPOutTransport; -import org.opensaml.ws.transport.http.HTTPTransportUtils; - -import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; -import at.gv.egovernment.moa.logging.Logger; - -/** - * @author tlenz - * - */ -public class MOAIDHTTPPostEncoder extends HTTPPostEncoder { - - private VelocityEngine velocityEngine; - private IGUIBuilderConfiguration guiConfig; - private GUIFormBuilderImpl guiBuilder; - - /** - * @param engine - * @param templateId - */ - public MOAIDHTTPPostEncoder(IGUIBuilderConfiguration guiConfig, GUIFormBuilderImpl guiBuilder, VelocityEngine engine) { - super(engine, null); - this.velocityEngine = engine; - this.guiConfig = guiConfig; - this.guiBuilder = guiBuilder; - - } - - /** - * Base64 and POST encodes the outbound message and writes it to the outbound transport. - * - * @param messageContext current message context - * @param endpointURL endpoint URL to which to encode message - * - * @throws MessageEncodingException thrown if there is a problem encoding the message - */ - protected void postEncode(SAMLMessageContext messageContext, String endpointURL) throws MessageEncodingException { - Logger.debug("Invoking Velocity template to create POST body"); - InputStream is = null; - try { - //build Velocity Context from GUI input paramters - VelocityContext context = guiBuilder.generateVelocityContextFromConfiguration(guiConfig); - - //load template - is = guiBuilder.getTemplateInputStream(guiConfig); - - //populate velocity context with SAML2 parameters - populateVelocityContext(context, messageContext, endpointURL); - - //populate transport parameter - HTTPOutTransport outTransport = (HTTPOutTransport) messageContext.getOutboundMessageTransport(); - HTTPTransportUtils.addNoCacheHeaders(outTransport); - HTTPTransportUtils.setUTF8Encoding(outTransport); - HTTPTransportUtils.setContentType(outTransport, "text/html"); - - //evaluate template and write content to response - Writer out = new OutputStreamWriter(outTransport.getOutgoingStream(), "UTF-8"); - velocityEngine.evaluate(context, out, "SAML2_POST_BINDING", new BufferedReader(new InputStreamReader(is))); - out.flush(); - - } catch (Exception e) { - Logger.error("Error invoking Velocity template", e); - throw new MessageEncodingException("Error creating output document", e); - - } finally { - if (is != null) { - try { - is.close(); - - } catch (IOException e) { - Logger.error("Can NOT close GUI-Template InputStream.", e); - } - } - - } - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAKeyStoreX509CredentialAdapter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAKeyStoreX509CredentialAdapter.java deleted file mode 100644 index 81afcfbc1..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAKeyStoreX509CredentialAdapter.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.opemsaml; - -import java.security.KeyStore; - -import org.opensaml.xml.security.x509.X509Credential; - - -/** - * @author tlenz - * - */ -public class MOAKeyStoreX509CredentialAdapter extends - org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter { - - /** - * @param store - * @param alias - * @param password - */ - public MOAKeyStoreX509CredentialAdapter(KeyStore store, String alias, - char[] password) { - super(store, alias, password); - } - - public Class<? extends X509Credential> getCredentialType() { - return X509Credential.class; - } - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java deleted file mode 100644 index acbb67b34..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.opemsaml; - -import org.opensaml.common.binding.SAMLMessageContext; -import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; -import org.opensaml.ws.message.MessageContext; -import org.opensaml.ws.message.encoder.MessageEncodingException; - -import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; -import at.gv.egovernment.moa.logging.Logger; - -/** - * @author tlenz - * - */ -public class MOAStringRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder { - - private String redirectURL = null; - - public void encode(MessageContext messageContext) - throws MessageEncodingException { - if (!(messageContext instanceof SAMLMessageContext)) { - Logger.error("Invalid message context type, this encoder only support SAMLMessageContext"); - throw new MessageEncodingException( - "Invalid message context type, this encoder only support SAMLMessageContext"); - } - - //load default PVP security configurations - MOADefaultBootstrap.initializeDefaultPVPConfiguration(); - - SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext; - - String endpointURL = getEndpointURL(samlMsgCtx).buildURL(); - - setResponseDestination(samlMsgCtx.getOutboundSAMLMessage(), endpointURL); - - removeSignature(samlMsgCtx); - - String encodedMessage = deflateAndBase64Encode(samlMsgCtx - .getOutboundSAMLMessage()); - - redirectURL = buildRedirectURL(samlMsgCtx, endpointURL, - encodedMessage); - } - - /** - * @return the redirectURL - */ - public String getRedirectURL() { - return redirectURL; - } - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ExecutionContextImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ExecutionContextImpl.java deleted file mode 100644 index 080990f71..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ExecutionContextImpl.java +++ /dev/null @@ -1,79 +0,0 @@ -package at.gv.egovernment.moa.id.process; - -import java.io.Serializable; -import java.util.Collections; -import java.util.HashMap; -import java.util.Map; -import java.util.Set; - -import at.gv.egovernment.moa.id.process.api.ExecutionContext; - -/** - * ExecutionContext implementation, related to a certain process instance. - * - * @author tknall - * - */ -public class ExecutionContextImpl implements ExecutionContext { - - private static final long serialVersionUID = 1L; - - private Map<String, Serializable> ctxData = Collections.synchronizedMap(new HashMap<String, Serializable>()); - - private String processInstanceId; - - /** - * Creates a new instance. - */ - public ExecutionContextImpl() { - } - - /** - * Creates a new instance and associated it with a certain process instance. - */ - public ExecutionContextImpl(String processInstanceId) { - this.processInstanceId = processInstanceId; - } - - @Override - public void setProcessInstanceId(String processInstanceId) { - this.processInstanceId = processInstanceId; - } - - @Override - public String getProcessInstanceId() { - return processInstanceId; - } - - @Override - public Serializable get(String key) { - return ctxData.get(key); - } - - @Override - public Serializable remove(String key) { - return ctxData.remove(key); - } - - @Override - public void put(String key, Serializable object) { - ctxData.put(key, object); - } - - @Override - public Set<String> keySet() { - return Collections.unmodifiableSet(ctxData.keySet()); - } - - @Override - public String toString() { - StringBuilder builder = new StringBuilder(); - builder.append("ExecutionContextImpl ["); - builder.append("id=").append(processInstanceId); - builder.append(", variables="); - builder.append(ctxData.keySet()); - builder.append("]"); - return builder.toString(); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ExpressionEvaluationContextImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ExpressionEvaluationContextImpl.java deleted file mode 100644 index f0d1c861d..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ExpressionEvaluationContextImpl.java +++ /dev/null @@ -1,44 +0,0 @@ -package at.gv.egovernment.moa.id.process; - -import java.io.Serializable; -import java.util.Collections; -import java.util.HashMap; -import java.util.Map; -import java.util.Set; - -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext; - -/** - * Context implementation used for expression evaluation only. - * - * @author tknall - * - */ -public class ExpressionEvaluationContextImpl implements ExpressionEvaluationContext { - - private static final long serialVersionUID = 1L; - - private Map<String, Serializable> ctxData; - - /** - * Creates a new instance and initializes it with data from a given process instance. - * - * @param processInstance - * The process instance. - */ - ExpressionEvaluationContextImpl(ProcessInstance processInstance) { - ExecutionContext executionContext = processInstance.getExecutionContext(); - Set<String> keys = executionContext.keySet(); - ctxData = Collections.synchronizedMap(new HashMap<String, Serializable>(keys.size())); - for (String key : keys) { - ctxData.put(key, executionContext.get(key)); - } - } - - @Override - public Map<String, Serializable> getCtx() { - return Collections.unmodifiableMap(ctxData); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParser.java deleted file mode 100644 index 162ee624a..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParser.java +++ /dev/null @@ -1,224 +0,0 @@ -package at.gv.egovernment.moa.id.process; - -import java.io.IOException; -import java.io.InputStream; -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; -import java.util.Objects; - -import javax.xml.XMLConstants; -import javax.xml.namespace.QName; -import javax.xml.stream.XMLEventReader; -import javax.xml.stream.XMLInputFactory; -import javax.xml.stream.XMLStreamConstants; -import javax.xml.stream.XMLStreamException; -import javax.xml.stream.events.Attribute; -import javax.xml.stream.events.StartElement; -import javax.xml.stream.events.XMLEvent; -import javax.xml.stream.util.EventReaderDelegate; -import javax.xml.transform.stax.StAXSource; -import javax.xml.transform.stream.StreamSource; -import javax.xml.validation.Schema; -import javax.xml.validation.SchemaFactory; -import javax.xml.validation.Validator; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.xml.sax.SAXException; - -import at.gv.egovernment.moa.id.process.model.EndEvent; -import at.gv.egovernment.moa.id.process.model.ProcessDefinition; -import at.gv.egovernment.moa.id.process.model.ProcessNode; -import at.gv.egovernment.moa.id.process.model.StartEvent; -import at.gv.egovernment.moa.id.process.model.TaskInfo; -import at.gv.egovernment.moa.id.process.model.Transition; - -/** - * Parses an XML representation of a process definition as defined by the respective XML schema. - * <p/ - * The parser is thread-safe. - * @author tknall - * - */ -public class ProcessDefinitionParser { - - private static final String NS = "http://reference.e-government.gv.at/namespace/moa/process/definition/v1"; - - private static Logger log = LoggerFactory.getLogger(ProcessDefinitionParser.class); - - private static class LazyProcessDefinitionSchemaHolder { - private static final Schema PD_SCHEMA_INSTANCE; - static { - try (InputStream in = ProcessDefinitionParser.class.getResourceAsStream("ProcessDefinition.xsd")) { - log.trace("Compiling process definition schema."); - SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI); - // schema is thread-safe - PD_SCHEMA_INSTANCE = factory.newSchema(new StreamSource(in)); - } catch (Exception e) { - throw new RuntimeException("Unable to compile process definition schema.", e); - } - } - } - - /** - * Parses an XML representation of a process definition. The representation is being validated in order to suffice - * the related XML schema. - * - * @param processDefinitionInputStream - * The process definition. - * @return A new process definition. - * @throws ProcessDefinitionParserException - * Thrown in case of error parsing the process definition. - */ - public ProcessDefinition parse(InputStream processDefinitionInputStream) throws ProcessDefinitionParserException { - XMLEventReader reader = null; - final ProcessDefinition pd = new ProcessDefinition(); - log.debug("Parsing and validating process definition."); - try { - - // Standard implementation of XMLInputFactory seems not to be thread-safe - XMLInputFactory inputFactory = XMLInputFactory.newInstance(); - reader = inputFactory.createXMLEventReader(processDefinitionInputStream); - - final List<StartElement> transitionElements = new ArrayList<>(); - final List<StartEvent> startEvents = new ArrayList<>(); - - reader = new EventReaderDelegate(reader) { - - @Override - public XMLEvent nextEvent() throws XMLStreamException { - XMLEvent event = super.nextEvent(); - - switch (event.getEventType()) { - case XMLStreamConstants.START_ELEMENT: - StartElement element = event.asStartElement(); - QName qname = element.getName(); - - if (NS.equals(qname.getNamespaceURI())) { - log.trace("Found process description element '{}'.", qname.getLocalPart()); - Attribute id = element.getAttributeByName(new QName("id")); - - switch (qname.getLocalPart()) { - case "ProcessDefinition": - if (id != null) { - pd.setId(id.getValue()); - } - break; - case "StartEvent": - StartEvent startEvent = new StartEvent(); - if (id != null) { - startEvent.setId(id.getValue()); - } - startEvents.add(startEvent); - break; - case "EndEvent": - EndEvent endEvent = new EndEvent(); - if (id != null) { - endEvent.setId(id.getValue()); - pd.getEndEvents().put(id.getValue(), endEvent); - } - break; - case "Transition": - transitionElements.add(element); - break; - case "Task": - TaskInfo taskInfo = new TaskInfo(); - if (id != null) { - taskInfo.setId(id.getValue()); - pd.getTaskInfos().put(id.getValue(), taskInfo); - } - Attribute async = element.getAttributeByName(new QName("async")); - if (async != null) { - taskInfo.setAsync(Boolean.valueOf(async.getValue())); - } - Attribute implementingClass = element.getAttributeByName(new QName("class")); - if (implementingClass != null) { - taskInfo.setTaskImplementingClass(implementingClass.getValue()); - } - break; - } - - } - - break; - } - - return event; - } - - }; - - // validator is not thread-safe - Validator validator = LazyProcessDefinitionSchemaHolder.PD_SCHEMA_INSTANCE.newValidator(); - validator.validate(new StAXSource(reader)); - log.trace("Process definition successfully schema validated."); - - // perform some basic checks - log.trace("Building model and performing some plausibility checks."); - if (startEvents.size() != 1) { - throw new ProcessDefinitionParserException("A ProcessDefinition must contain exactly one single StartEvent."); - } - pd.setStartEvent(startEvents.get(0)); - - // link transitions - Iterator<StartElement> transitions = transitionElements.iterator(); - while (transitions.hasNext()) { - StartElement element = transitions.next(); - Transition transition = new Transition(); - Attribute id = element.getAttributeByName(new QName("id")); - if (id != null) { - transition.setId(id.getValue()); - } - Attribute conditionExpression = element.getAttributeByName(new QName("conditionExpression")); - if (conditionExpression != null) { - transition.setConditionExpression(conditionExpression.getValue()); - } - Attribute from = element.getAttributeByName(new QName("from")); - if (from != null) { - ProcessNode fromNode = pd.getProcessNode(from.getValue()); - if (fromNode == null) { - throw new ProcessDefinitionParserException("Transition's 'from'-attribute refers to a non-existing event or task '" + from.getValue() + '.'); - } - if (fromNode instanceof EndEvent) { - throw new ProcessDefinitionParserException("Transition cannot start from end event."); - } - transition.setFrom(fromNode); - fromNode.getOutgoingTransitions().add(transition); - } - Attribute to = element.getAttributeByName(new QName("to")); - if (to != null) { - ProcessNode toNode = pd.getProcessNode(to.getValue()); - if (toNode == null) { - throw new ProcessDefinitionParserException("Transition's 'to'-attribute refers to a non-existing event or task '" + to.getValue() + '.'); - } - transition.setTo(toNode); - toNode.getIncomingTransitions().add(transition); - } - if (transition.getConditionExpression() == null && Objects.equals(transition.getFrom(), transition.getTo())) { - throw new ProcessDefinitionParserException("Transition's 'from' equals its 'to'. Since no 'conditionExpression' has been set this will cause a loop."); - } - } - log.debug("Process definition '{}' successfully parsed.", pd.getId()); - return pd; - - } catch (ProcessDefinitionParserException e) { - throw e; - } catch (XMLStreamException|IOException e) { - throw new ProcessDefinitionParserException("Unable to read process definition from inputstream.", e); - } catch (SAXException e) { - throw new ProcessDefinitionParserException("Schema validation of process description failed.", e); - } catch (Exception e) { - throw new ProcessDefinitionParserException("Internal error creating process definition from inputstream.", e); - } finally { - if (reader != null) { - try { - reader.close(); - } catch (XMLStreamException e) { - // error freeing resources - } - } - } - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParserException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParserException.java deleted file mode 100644 index 0c214750d..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParserException.java +++ /dev/null @@ -1,35 +0,0 @@ -package at.gv.egovernment.moa.id.process; - -/** - * Exception thrown in case of error parsing a process definition. - * - * @author tknall - * - */ -public class ProcessDefinitionParserException extends Exception { - - private static final long serialVersionUID = 1L; - - /** - * Creates a new parser exception providing a {@code message} describing the reason and the {@code cause}. - * - * @param message - * The message. - * @param cause - * The cause. - */ - public ProcessDefinitionParserException(String message, Throwable cause) { - super(message, cause); - } - - /** - * Creates a new parser exception providing a {@code message} describing the reason. - * - * @param message - * The message. - */ - public ProcessDefinitionParserException(String message) { - super(message); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java deleted file mode 100644 index 44f622fa0..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java +++ /dev/null @@ -1,110 +0,0 @@ -package at.gv.egovernment.moa.id.process; - - -import java.io.InputStream; - -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.process.model.ProcessDefinition; - -/** - * Process engine providing means for starting and resuming processes. - * - * @author tknall - */ -public interface ProcessEngine { - - /** - * Registers a new process definition. Note that existing definitions with the same identifier will be replaced. - * - * @param processDefinition - * The process definition to be registered. - */ - void registerProcessDefinition(ProcessDefinition processDefinition); - - /** - * Registers a new process definition given as {@link InputStream}. Note that existing definitions with the same identifier will be replaced. - * - * @param processDefinitionInputStream The input stream to the definition to be registered. - * @throws ProcessDefinitionParserException Thrown in case of an error parsing the process definition. - * @return The process definition's identifier. - */ - String registerProcessDefinition(InputStream processDefinitionInputStream) throws ProcessDefinitionParserException; - - /** - * Creates a process instance according to the referenced process definition, persists it into the database and returns it identifier. - * <p/> - * Note that the method returns the identifier of a process instance which will be needed in order to start a process or to continue - * process execution after asynchronous task execution (refer to {@link #start(String)} and - * {@link #signal(String)} for further information). - * - * @param processDefinitionId - * The identifier of the respective process definition. - * @param executionContext The execution context (may be {@code null}). - * @return The id of the newly created process instance (never {@code null}). - * @throws ProcessExecutionException - * Thrown in case of error, e.g. when a {@code processDefinitionId} is referenced that does not exist. - */ - String createProcessInstance(String processDefinitionId, ExecutionContext executionContext) throws ProcessExecutionException; - - /** - * Creates a process instance according to the referenced process definition, persists it into the database and returns it identifier. - * <p/> - * Note that the method returns the identifier of a process instance which will be needed in order to start a process or to continue - * process execution after asynchronous task execution (refer to {@link #start(String)} and - * {@link #signal(String)} for further information). - * - * @param processDefinitionId - * The identifier of the respective process definition. - * @return The id of the newly created process instance (never {@code null}). - * @throws ProcessExecutionException - * Thrown in case of error, e.g. when a {@code processDefinitionId} is referenced that does not exist. - */ - String createProcessInstance(String processDefinitionId) throws ProcessExecutionException; - - - /** - * Delete a process instance - * - * @param processInstanceId - * The identifier of the respective process. - * @throws ProcessExecutionException - * Thrown in case of error, e.g. when a {@code processInstanceId} is referenced that does not exist. - */ - void deleteProcessInstance(String processInstanceId) throws ProcessExecutionException; - - /** - * Returns the process instance with a given {@code processInstanceId}. - * - * @param processInstanceId - * The process instance id. - * @return The process instance (never {@code null}). - * @throws IllegalArgumentException - * In case the process instance does not/no longer exist. - * @throws RuntimeException - * In case the process instance could not be retrieved from persistence. - */ - ProcessInstance getProcessInstance(String processInstanceId); - - /** - * Starts the process using the given {@code pendingReq}. - * - * @param pendingReq - * The protocol request for which a process should be started. - * @throws ProcessExecutionException - * Thrown in case of error. - */ - void start(IRequest pendingReq) throws ProcessExecutionException; - - - /** - * Resumes process execution after an asynchronous task has been executed. - * - * @param pendingReq - * The process instance id. - * @throws ProcessExecutionException - * Thrown in case of error. - */ - void signal(IRequest pendingReq) throws ProcessExecutionException; - -}
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java deleted file mode 100644 index 76e6605c1..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java +++ /dev/null @@ -1,420 +0,0 @@ -package at.gv.egovernment.moa.id.process; - -import java.io.InputStream; -import java.io.Serializable; -import java.util.HashMap; -import java.util.Map; -import java.util.concurrent.ConcurrentHashMap; - -import org.apache.commons.collections4.CollectionUtils; -import org.apache.commons.collections4.Predicate; -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.slf4j.MDC; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; - -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext; -import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator; -import at.gv.egovernment.moa.id.process.api.Task; -import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStore; -import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAO; -import at.gv.egovernment.moa.id.process.model.EndEvent; -import at.gv.egovernment.moa.id.process.model.ProcessDefinition; -import at.gv.egovernment.moa.id.process.model.ProcessNode; -import at.gv.egovernment.moa.id.process.model.StartEvent; -import at.gv.egovernment.moa.id.process.model.TaskInfo; -import at.gv.egovernment.moa.id.process.model.Transition; -import at.gv.egovernment.moa.util.MiscUtil; - -/** - * Process engine implementation allowing starting and continuing processes as well as providing means for cleanup actions. - */ -public class ProcessEngineImpl implements ProcessEngine { - - private Logger log = LoggerFactory.getLogger(getClass()); - - @Autowired ProcessInstanceStoreDAO piStoreDao; - @Autowired ApplicationContext context; - - private ProcessDefinitionParser pdp = new ProcessDefinitionParser(); - - private Map<String, ProcessDefinition> processDefinitions = new ConcurrentHashMap<String, ProcessDefinition>(); - - private final static String MDC_CTX_PI_NAME = "processInstanceId"; - private final static String MDC_CTX_TASK_NAME = "taskId"; - - private ExpressionEvaluator transitionConditionExpressionEvaluator; - - @Override - public void registerProcessDefinition(ProcessDefinition processDefinition) { - log.info("Registering process definition '{}'.", processDefinition.getId()); - processDefinitions.put(processDefinition.getId(), processDefinition); - } - - @Override - public String registerProcessDefinition(InputStream processDefinitionInputStream) throws ProcessDefinitionParserException{ - ProcessDefinition pd = pdp.parse(processDefinitionInputStream); - registerProcessDefinition(pd); - return pd.getId(); - } - - /** - * Sets the process definitions. - * - * @param processDefinitions - * The process definitions. - * @throws IllegalArgumentException - * In case the process definitions contain definitions with the same identifier. - */ - public void setProcessDefinitions(Iterable<ProcessDefinition> processDefinitions) { - this.processDefinitions.clear(); - for (ProcessDefinition pd : processDefinitions) { - if (this.processDefinitions.containsKey(pd.getId())) { - throw new IllegalArgumentException("Duplicate process definition identifier '" + pd.getId() + "'."); - } - registerProcessDefinition(pd); - } - } - - /** - * Sets an expression evaluator that should be used to process transition condition expressions. - * @param transitionConditionExpressionEvaluator The expression evaluator. - */ - public void setTransitionConditionExpressionEvaluator( - ExpressionEvaluator transitionConditionExpressionEvaluator) { - this.transitionConditionExpressionEvaluator = transitionConditionExpressionEvaluator; - } - - - @Override - public String createProcessInstance(String processDefinitionId, ExecutionContext executionContext) throws ProcessExecutionException { - // look for respective process definition - ProcessDefinition pd = processDefinitions.get(processDefinitionId); - if (pd == null) { - throw new ProcessExecutionException("Unable to find process definition for process '" + processDefinitionId + "'."); - } - // create and keep process instance - ProcessInstance pi = new ProcessInstance(pd, executionContext); - log.info("Creating process instance from process definition '{}': {}", processDefinitionId, pi.getId()); - - try { - saveOrUpdateProcessInstance(pi); - } catch (MOADatabaseException e) { - throw new ProcessExecutionException("Unable to persist process instance.", e); - } - - return pi.getId(); - } - - @Override - public String createProcessInstance(String processDefinitionId) throws ProcessExecutionException { - return createProcessInstance(processDefinitionId, null); - } - - @Override - public void start(IRequest pendingReq) throws ProcessExecutionException { - try { - if (MiscUtil.isEmpty(pendingReq.getProcessInstanceId())) { - log.error("Pending-request with id:" + pendingReq.getRequestID() - + " includes NO 'ProcessInstanceId'"); - throw new ProcessExecutionException("Pending-request with id:" + pendingReq.getRequestID() - + " includes NO 'ProcessInstanceId'"); - } - - ProcessInstance pi = loadProcessInstance(pendingReq.getProcessInstanceId()); - - if (pi == null ) { - throw new ProcessExecutionException("Process instance '" + pendingReq.getProcessInstanceId() + "' does not exist."); - - } - - MDC.put(MDC_CTX_PI_NAME, pi.getId()); - - if (!ProcessInstanceState.NOT_STARTED.equals(pi.getState())) { - throw new ProcessExecutionException("Process instance '" + pi.getId() + "' has already been started (current state is " + pi.getState() + ")."); - } - log.info("Starting process instance '{}'.", pi.getId()); - // execute process - pi.setState(ProcessInstanceState.STARTED); - execute(pi, pendingReq); - - //store ProcessInstance if it is not already ended - if (!ProcessInstanceState.ENDED.equals(pi.getState())) - saveOrUpdateProcessInstance(pi); - - } catch (MOADatabaseException e) { - throw new ProcessExecutionException("Unable to load/save process instance.", e); - - } finally { - MDC.remove(MDC_CTX_PI_NAME); - } - } - - @Override - public void signal(IRequest pendingReq) throws ProcessExecutionException { - - try { - if (MiscUtil.isEmpty(pendingReq.getProcessInstanceId())) { - log.error("Pending-request with id:" + pendingReq.getRequestID() - + " includes NO 'ProcessInstanceId'"); - throw new ProcessExecutionException("Pending-request with id:" + pendingReq.getRequestID() - + " includes NO 'ProcessInstanceId'"); - } - - ProcessInstance pi = loadProcessInstance(pendingReq.getProcessInstanceId()); - - if (pi == null ) { - throw new ProcessExecutionException("Process instance '" + pendingReq.getProcessInstanceId() + "' does not exist."); - - } - - MDC.put(MDC_CTX_PI_NAME, pi.getId()); - - if (!ProcessInstanceState.SUSPENDED.equals(pi.getState())) { - throw new ProcessExecutionException("Process instance '" + pi.getId() + "' has not been suspended (current state is " + pi.getState() + ")."); - } - - log.info("Waking up process instance '{}'.", pi.getId()); - pi.setState(ProcessInstanceState.STARTED); - - //put pending-request ID on execution-context because it could be changed - pi.getExecutionContext().put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID()); - - execute(pi, pendingReq); - - //store ProcessInstance if it is not already ended - if (!ProcessInstanceState.ENDED.equals(pi.getState())) - saveOrUpdateProcessInstance(pi); - - } catch (MOADatabaseException e) { - throw new ProcessExecutionException("Unable to load/save process instance.", e); - - } finally { - MDC.remove(MDC_CTX_PI_NAME); - } - } - - - /** - * Instantiates a task implementation given by a {@link TaskInfo}. - * @param ti The task info. - * @return A Task implementation or {@code null} if the task info does not reference any task implementing classes. - * @throws ProcessExecutionException Thrown in case of error (when the referenced class does not implement {@link Task} for instance). - */ - private Task createTaskInstance(TaskInfo ti) throws ProcessExecutionException { - String clazz = StringUtils.trimToNull(ti.getTaskImplementingClass()); - Task task = null; - - if (clazz != null) { - log.debug("Instantiating task implementing class '{}'.", clazz); - Object instanceClass = null; - try { - instanceClass = context.getBean(clazz); - - } catch (Exception e) { - throw new ProcessExecutionException("Unable to get class '" + clazz + "' associated with task '" + ti.getId() + "' .", e); - - } - if (instanceClass == null || !(instanceClass instanceof Task)) { - throw new ProcessExecutionException("Class '" + clazz + "' associated with task '" + ti.getId() + "' is not assignable to " + Task.class.getName() + "."); - - } - try { - task = (Task) instanceClass; - - } catch (Exception e) { - throw new ProcessExecutionException("Unable to instantiate class '" + clazz + "' associated with task '" + ti.getId() + "' .", e); - } - } - - return task; - } - - /** - * Starts/executes a given process instance. - * @param pi The process instance. - * @param pendingReq - * @throws ProcessExecutionException Thrown in case of error. - */ - private void execute(final ProcessInstance pi, IRequest pendingReq) throws ProcessExecutionException { - if (ProcessInstanceState.ENDED.equals(pi.getState())) { - throw new ProcessExecutionException("Process for instance '" + pi.getId() + "' has already been ended."); - } - ProcessDefinition pd = pi.getProcessDefinition(); - ProcessNode processNode = pd.getProcessNode(pi.getNextId()); - log.debug("Processing node '{}'.", processNode.getId()); - - // distinguish process node types StartEvent, TaskInfo and EndEvent - - if (processNode instanceof TaskInfo) { - // TaskInfo types need to be executed - TaskInfo ti = (TaskInfo) processNode; - MDC.put(MDC_CTX_TASK_NAME, ti.getId()); - try { - log.info("Processing task '{}'.", ti.getId()); - Task task = createTaskInstance(ti); - if (task != null) { - try { - log.info("Executing task implementation for task '{}'.", ti.getId()); - log.debug("Execution context before task execution: {}", pi.getExecutionContext().keySet()); - pendingReq = task.execute(pendingReq, pi.getExecutionContext()); - log.info("Returned from execution of task '{}'.", ti.getId()); - log.debug("Execution context after task execution: {}", pi.getExecutionContext().keySet()); - } catch (Throwable t) { - throw new ProcessExecutionException("Error executing task '" + ti.getId() + "'.", t); - } - } else { - log.debug("No task implementing class set."); - } - } finally { - MDC.remove(MDC_CTX_TASK_NAME); - } - - } else if (processNode instanceof EndEvent) { - log.info("Finishing process instance '{}'.", pi.getId()); - - try { - piStoreDao.remove(pi.getId()); - - } catch (MOADatabaseException e) { - throw new ProcessExecutionException("Unable to remove process instance.", e); - - } - pi.setState(ProcessInstanceState.ENDED); - log.debug("Final process context: {}", pi.getExecutionContext().keySet()); - return; - } - - final ExpressionEvaluationContext expressionContext = new ExpressionEvaluationContextImpl(pi); - - // traverse pointer - Transition t = CollectionUtils.find(processNode.getOutgoingTransitions(), new Predicate<Transition>() { - @Override - public boolean evaluate(Transition transition) { - if (transitionConditionExpressionEvaluator != null && transition.getConditionExpression() != null) { - log.trace("Evaluating transition expression '{}'.", transition.getConditionExpression()); - return transitionConditionExpressionEvaluator.evaluate(expressionContext, transition.getConditionExpression()); - } - return true; - } - }); - if (t == null) { - throw new ProcessExecutionException("No valid transition starting from process node '" + processNode.getId()+ "'."); - } - log.trace("Found suitable transition: {}", t); - // update pointer - log.trace("Shifting process token from '{}' to '{}'.", pi.getNextId(), t.getTo().getId()); - pi.setNextId(t.getTo().getId()); - - // inspect current task - if (t.getTo() instanceof TaskInfo && (((TaskInfo) t.getTo()).isAsync())) { - // immediately return in case of asynchonous task - log.info("Suspending process instance '{}' for asynchronous task '{}'.", pi.getId(), t.getTo().getId()); - pi.setState(ProcessInstanceState.SUSPENDED); - return; - } - - // continue execution in case of StartEvent or Task - if (processNode instanceof StartEvent || processNode instanceof TaskInfo) { - execute(pi, pendingReq); - } - } - - @Override - public ProcessInstance getProcessInstance(String processInstanceId) { - - ProcessInstance processInstance; - try { - processInstance = loadProcessInstance(processInstanceId); - - } catch (MOADatabaseException e) { - throw new RuntimeException("The process instance '" + processInstanceId + "' could not be retrieved.", e); - } - - if (processInstance == null) { - throw new IllegalArgumentException("The process instance '" + processInstanceId + "' does not/no longer exist."); - } - - return processInstance; - } - - /** - * Persists a {@link ProcessInstance} to the database. - * @param processInstance The object to persist. - * @throws MOADatabaseException Thrown if an error occurs while accessing the database. - */ - private void saveOrUpdateProcessInstance(ProcessInstance processInstance) throws MOADatabaseException { - ProcessInstanceStore store = new ProcessInstanceStore(); - - ExecutionContext ctx = processInstance.getExecutionContext(); - - Map<String, Serializable> ctxData = new HashMap<String, Serializable>(); - for (String key : ctx.keySet()) { - ctxData.put(key, ctx.get(key)); - } - store.setExecutionContextData(ctxData); - - store.setNextTaskId(processInstance.getNextId()); - store.setProcessDefinitionId(processInstance.getProcessDefinition().getId()); - - store.setProcessInstanceId(processInstance.getId()); - store.setProcessState(processInstance.getState()); - - piStoreDao.saveOrUpdate(store); - } - - /** - * Load a {@link ProcessInstance} with a certain id from the database. - * @param processInstanceId The process instance id - * @return The process instance corresponding to the id or {@code null} if no such object is found. - * @throws MOADatabaseException Thrown if an error occurs while accessing the database. - */ - private ProcessInstance loadProcessInstance(String processInstanceId) throws MOADatabaseException { - - ProcessInstanceStore piStore = piStoreDao.load(processInstanceId); - - if (piStore == null) { - return null; - } - - ExecutionContext executionContext = new ExecutionContextImpl(piStore.getProcessInstanceId()); - - Map<String, Serializable> executionContextData = piStore.getExecutionContextData(); - for (String key : executionContextData.keySet()) { - executionContext.put(key, executionContextData.get(key)); - } - - ProcessInstance pi = new ProcessInstance(processDefinitions.get(piStore.getProcessDefinitionId()), executionContext); - pi.setNextId(piStore.getNextTaskId()); - pi.setState(piStore.getProcessState()); - - return pi; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.process.ProcessEngine#deleteProcessInstance(java.lang.String) - */ - @Override - public void deleteProcessInstance(String processInstanceId) throws ProcessExecutionException { - if (MiscUtil.isEmpty(processInstanceId)) { - throw new ProcessExecutionException("Unable to remove process instance: ProcessInstanceId is empty"); - - } - - try { - piStoreDao.remove(processInstanceId); - - } catch (MOADatabaseException e) { - throw new ProcessExecutionException("Unable to remove process instance.", e); - - } - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessExecutionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessExecutionException.java deleted file mode 100644 index 821bbe6dc..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessExecutionException.java +++ /dev/null @@ -1,36 +0,0 @@ -package at.gv.egovernment.moa.id.process; - -/** - * Indicates a problem when executing a process. - * - * @author tknall - * - */ -public class ProcessExecutionException extends Exception { - - private static final long serialVersionUID = 1L; - - /** - * Creates a new process execution exception providing a {@code message} describing the reason and the respective - * {@code cause}. - * - * @param message - * The message. - * @param cause - * The cause. - */ - public ProcessExecutionException(String message, Throwable cause) { - super(message, cause); - } - - /** - * Creates a new process execution exception providing a {@code message} describing the reason. - * - * @param message - * The message. - */ - public ProcessExecutionException(String message) { - super(message); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessInstance.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessInstance.java deleted file mode 100644 index a6cf3b57f..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessInstance.java +++ /dev/null @@ -1,164 +0,0 @@ -package at.gv.egovernment.moa.id.process; - -import java.io.Serializable; -import java.util.Date; - -import org.apache.commons.lang3.RandomStringUtils; -import org.apache.commons.lang3.time.DurationFormatUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.process.model.ProcessDefinition; -import at.gv.egovernment.moa.id.process.support.SecureRandomHolder; - -/** - * Represents a process being executed. The process instance provides information about the process and its state. - * - * @author tknall - * - */ -public class ProcessInstance implements Serializable { - - private static final long serialVersionUID = 1L; - private static final int RND_ID_LENGTH = 22; - - private ProcessDefinition processDefinition; - private String nextId; - private Date lru; - private ExecutionContext executionContext; - private ProcessInstanceState state = ProcessInstanceState.NOT_STARTED; - - private Logger log = LoggerFactory.getLogger(getClass()); - - /** - * Creates a new process instance, based on a given process definition and a - * given execution context. If the given execution context is {@code null} a new execution context will be created.<p/> - * The process instance id of the execution context will be newly generated if it is {@code null} in the execution context. - * - * @param processDefinition - * The process definition. - * @param executionContext - * The execution context (may be {@code null}). If {@code null} a new execution context will be created internally. - */ - ProcessInstance(ProcessDefinition processDefinition, ExecutionContext executionContext) { - this.processDefinition = processDefinition; - nextId = processDefinition.getStartEvent().getId(); - if (executionContext == null) { - executionContext = new ExecutionContextImpl(); - } - if (executionContext.getProcessInstanceId() == null) { - String pdIdLocalPart = RandomStringUtils.random(RND_ID_LENGTH, 0, 0, true, true, null, - SecureRandomHolder.getInstance()); - executionContext.setProcessInstanceId(this.processDefinition.getId() + "-" + pdIdLocalPart); - } else { - log.debug("Using process instance id from execution context."); - } - log.debug("Creating process instance with id '{}'.", executionContext.getProcessInstanceId()); - this.executionContext = executionContext; - touch(); - } - - /** - * Returns the underlying process definition. - * - * @return The underlying process definition. - */ - ProcessDefinition getProcessDefinition() { - touch(); - return processDefinition; - } - - /** - * Returns the id of the process node to be executed next. - * - * @return The process node pointer indicating the process node to be executed next. - */ - public String getNextId() { - touch(); - return nextId; - } - - /** - * Sets the internal pointer to the process node to be executed next. - * - * @param nextId - * The process node id to be executed next. - */ - void setNextId(String nextId) { - touch(); - this.nextId = nextId; - } - - /** - * Returns the current state of the process instance. - * - * @return The current state. - */ - public ProcessInstanceState getState() { - touch(); - return state; - } - - /** - * Sets the current state of the process instance. - * - * @param state - * The current state. - */ - void setState(ProcessInstanceState state) { - touch(); - this.state = state; - } - - public String getId() { - touch(); - return executionContext.getProcessInstanceId(); - } - - /** - * Updates the last recently used date of the process instance. - */ - private void touch() { - lru = new Date(); - } - - /** - * Returns the date the process instance has been accessed last. - * - * @return The last recently used date. - */ - Date getLru() { - return lru; - } - - /** - * Returns the associated execution context. - * @return The execution context (never {@code null}). - */ - public ExecutionContext getExecutionContext() { - touch(); - return executionContext; - } - - @Override - public String toString() { - StringBuilder builder = new StringBuilder(); - builder.append("ProcessInstance ["); - builder.append("id=").append(executionContext.getProcessInstanceId()); - builder.append(", idle since=").append( - DurationFormatUtils.formatDurationWords(new Date().getTime() - this.lru.getTime(), true, true)); - if (processDefinition != null) { - builder.append(", processDefinition.id="); - builder.append(processDefinition.getId()); - } - if (nextId != null) { - builder.append(", nextId="); - builder.append(nextId); - } - builder.append(", executionContext=").append(executionContext); - builder.append("]"); - return builder.toString(); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessInstanceState.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessInstanceState.java deleted file mode 100644 index 2765283a0..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessInstanceState.java +++ /dev/null @@ -1,30 +0,0 @@ -package at.gv.egovernment.moa.id.process; - -/** - * Represents a certain process instance state. - * @author tknall - * - */ -public enum ProcessInstanceState { - - /** - * Indicates that the process with this process instance has not yet been started. - */ - NOT_STARTED, - - /** - * Indicates that the process is currently running. - */ - STARTED, - - /** - * Indicates that the process has been suspended until being waken up by someonce calling {@code signal}. - */ - SUSPENDED, - - /** - * Indicates that the process has been completed. - */ - ENDED - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExecutionContext.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExecutionContext.java deleted file mode 100644 index 4a9dfc336..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExecutionContext.java +++ /dev/null @@ -1,63 +0,0 @@ -package at.gv.egovernment.moa.id.process.api; - -import java.io.Serializable; -import java.util.Set; - -/** - * Encapsulates data needed for or provided by task execution. - * - * @author tknall - * - */ -public interface ExecutionContext extends Serializable { - - /** - * Returns the identifier of underlying process instance. - * - * @return The identifier of the process instance. - */ - String getProcessInstanceId(); - - /** - * Sets the identifier of underlying process instance. - * - * @param processInstanceId - * The identifier of the process instance. - */ - void setProcessInstanceId(String processInstanceId); - - /** - * Stores a serializable object using {@code key}. - * - * @param key - * The key under that the {@code object} should be stored. - * @param object The object to be stored. - */ - void put(String key, Serializable object); - - /** - * Returns an serializable object stored within this process context using {@code key}. - * - * @param key - * The key that has been used to store the serializable object (may be {@code null}). - * @return The object or {@code null} in case the key does not relate to a stored object or the stored object itself - * was {@code null}. - */ - Serializable get(String key); - - /** - * Removes the object stored using {@code key}. - * @param key - * The key that has been used to store the serializable object (may be {@code null}). - * @return The object that has been removed or {@code null} there was no object stored using {@code key}. - */ - Serializable remove(String key); - - /** - * Returns an unmodifiable set containing the stored keys. - * - * @return The keyset (never {@code null}). - */ - Set<String> keySet(); - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExpressionEvaluationContext.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExpressionEvaluationContext.java deleted file mode 100644 index 94854dcad..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExpressionEvaluationContext.java +++ /dev/null @@ -1,23 +0,0 @@ -package at.gv.egovernment.moa.id.process.api; - -import java.io.Serializable; -import java.util.Map; - -import at.gv.egovernment.moa.id.process.model.Transition; - -/** - * Context used for evaluation of condition expressions set for {@linkplain Transition Transitions}. - * - * @author tknall - * - */ -public interface ExpressionEvaluationContext extends Serializable { - - /** - * Returns the context data map used for expression evaluation. - * - * @return An unmodifiable map (never {@code null}). - */ - Map<String, Serializable> getCtx(); - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExpressionEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExpressionEvaluator.java deleted file mode 100644 index fe0743201..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExpressionEvaluator.java +++ /dev/null @@ -1,25 +0,0 @@ -package at.gv.egovernment.moa.id.process.api; - -/** - * Evaluates a given {@code expression} returning a boolean value. - * - * @author tknall - */ -public interface ExpressionEvaluator { - - /** - * Evaluates a given {@code expression} returning a boolean value. - * - * @param expressionContext - * The context which can be used for evaluation of the expression. - * @param expression - * The expression resulting in a boolean (must not be {@code null}). - * @return A boolean value. - * @throws IllegalArgumentException - * In case of an invalid {@code expression}. - * @throws NullPointerException - * In case of a {@code null} expression. - */ - boolean evaluate(ExpressionEvaluationContext expressionContext, String expression); - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java deleted file mode 100644 index cff85ad60..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java +++ /dev/null @@ -1,26 +0,0 @@ -package at.gv.egovernment.moa.id.process.api; - -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.api.IRequest; - - -/** - * Represents a single task to be performed upon process execution. - * - * @author tknall - * - */ -public interface Task { - - /** - * Executes this task. - * @param pendingReq - * Provides the current processed protocol request - * @param executionContext - * Provides execution related information. - * @return The pending-request object, because Process-management works recursive - * @throws Exception An exception upon task execution. - */ - IRequest execute(IRequest pendingReq, ExecutionContext executionContext) throws TaskExecutionException; - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStore.java deleted file mode 100644 index 3620f2950..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStore.java +++ /dev/null @@ -1,91 +0,0 @@ -package at.gv.egovernment.moa.id.process.dao; - -import java.io.Serializable; -import java.util.Map; - -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.EnumType; -import javax.persistence.Enumerated; -import javax.persistence.Id; -import javax.persistence.Lob; -import javax.persistence.Table; - -import org.hibernate.internal.util.SerializationHelper; - -import at.gv.egovernment.moa.id.process.ProcessInstanceState; - -@Entity -@Table(name = "processinstance") -public class ProcessInstanceStore implements Serializable{ - - private static final long serialVersionUID = -6147519767313903808L; - - /** - * A process instance identifier qualifies as natural primary key by satisfying these requirements - * ("unique, constant, required"): - * <ul> - * <li>unique value</li> - * <li>never changes (immutable)</li> - * <li>never {@code null}</li> - * </ul> - */ - @Id - private String processInstanceId; - - @Column(name = "processDefinitionId", nullable = false) - private String processDefinitionId; - - @Column(name = "nextTaskId", nullable = false) - private String nextTaskId; - - @Column(name = "processState", nullable = false) - @Enumerated(value = EnumType.STRING) - private ProcessInstanceState processState; - - @Column(name = "executionContextData", nullable = false) - @Lob - private byte[] executionContextData; - - public String getProcessInstanceId() { - return processInstanceId; - } - - public String getProcessDefinitionId() { - return processDefinitionId; - } - - public String getNextTaskId() { - return nextTaskId; - } - - public ProcessInstanceState getProcessState() { - return processState; - } - - @SuppressWarnings("unchecked") - public Map<String, Serializable> getExecutionContextData() { - return (Map<String, Serializable>) SerializationHelper.deserialize(executionContextData); - } - - public void setProcessInstanceId(String processInstanceId) { - this.processInstanceId = processInstanceId; - } - - public void setProcessDefinitionId(String processDefinitionId) { - this.processDefinitionId = processDefinitionId; - } - - public void setNextTaskId(String nextTaskId) { - this.nextTaskId = nextTaskId; - } - - public void setProcessState(ProcessInstanceState processState) { - this.processState = processState; - } - - public void setExecutionContextData(Map<String, Serializable> executionContextData) { - this.executionContextData = SerializationHelper.serialize((Serializable) executionContextData); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAO.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAO.java deleted file mode 100644 index 57ce70c08..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAO.java +++ /dev/null @@ -1,43 +0,0 @@ -package at.gv.egovernment.moa.id.process.dao; - -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.ProcessInstance; - -public interface ProcessInstanceStoreDAO { - - /** - * Stores a {@link ProcessInstance} defined by {@code pIStore} in the - * database. - * - * @param pIStore - * the {@link ProcessInstanceStore} to persist. - * @throws MOADatabaseException - * is thrown if a problem occurs while accessing the database. - */ - void saveOrUpdate(ProcessInstanceStore pIStore) throws MOADatabaseException; - - /** - * Returns a {@link ProcessInstanceStore}, defined by - * {@code processInstanceID} from the database, or {@code null} if the - * object could not be found. - * - * @param processInstanceId - * the id of the {@code ProcessInstanceStore} to retrieve. - * @return a ProcessInstanceStore, or {@code null}. - * @throws MOADatabaseException - * is thrown if a problem occurs while accessing the database. - */ - ProcessInstanceStore load(String processInstanceId) throws MOADatabaseException; - - /** - * Deletes the {@link ProcessInstance} corresponding with the - * {@code processInstanceId}. - * - * @param processInstanceId - * the id of the {@code ProcessInstance} to be deleted. - * @throws MOADatabaseException - * is thrown if a problem occurs while accessing the database. - */ - void remove(String processInstanceId) throws MOADatabaseException; - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java deleted file mode 100644 index 428931b5e..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java +++ /dev/null @@ -1,93 +0,0 @@ -package at.gv.egovernment.moa.id.process.dao; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; - -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; - -/** - * Database backed implementation of the {@link ProcessInstanceStoreDAO} - * interface. - */ -@Service("ProcessInstanceStoreage") -public class ProcessInstanceStoreDAOImpl implements ProcessInstanceStoreDAO { - - private Logger log = LoggerFactory.getLogger(getClass()); - - @Autowired ITransactionStorage transactionStorage; - - @Override - public void saveOrUpdate(ProcessInstanceStore pIStore) throws MOADatabaseException { - try { - transactionStorage.put(pIStore.getProcessInstanceId(), pIStore, -1); - -// MOASessionDBUtils.saveOrUpdate(pIStore); - log.debug("Store process instance with='{}' in the database.", pIStore.getProcessInstanceId()); - } catch (MOADatabaseException e) { - log.warn("ProcessInstanceStore could not be persisted to the database."); - throw e; - } - } - - @Override - public ProcessInstanceStore load(String processInstanceId) throws MOADatabaseException { - - log.debug("Retrieve the ProcessInstanceStore for id='{}' from the database.", processInstanceId); - - -// Session session = MOASessionDBUtils.getCurrentSession(); -// - ProcessInstanceStore result = null; -// Transaction tx = null; -// synchronized (session) { - try { - - result = transactionStorage.get(processInstanceId, ProcessInstanceStore.class); - -// tx = session.beginTransaction(); -// // select all where processInstanceId equals processInstanceId -// Criteria criteria = session.createCriteria(ProcessInstanceStore.class); -// criteria.add(Restrictions.eq("processInstanceId", processInstanceId)); -// result = (ProcessInstanceStore) criteria.uniqueResult(); -// tx.commit(); -// - } catch (Exception e) { - log.error("There are multiple persisted processes with the same process instance id '{}'", - processInstanceId); -// if (tx != null) { -// tx.rollback(); -// } - throw e; - } finally { - //MOASessionDBUtils.closeSession(); - } -// } - if (result != null) { - log.debug("Found process instance store for instance '{}'.", processInstanceId); - } else { - log.debug("Unable to find process instance store for instance '{}'.", processInstanceId); - } - return result; - } - - @Override - public void remove(String processInstanceId) throws MOADatabaseException { - - log.debug("Delete the ProcessInstanceStore for id='{}' from the database.", processInstanceId); - //ProcessInstanceStore toBeDeleted = load(processInstanceId); - - if (transactionStorage.containsKey(processInstanceId)) { - transactionStorage.remove(processInstanceId); -// if (!MOASessionDBUtils.delete(toBeDeleted)) { -// log.warn("Could not delete the ProcessInstanceStore with process instance id '{}'", processInstanceId); -// throw new MOADatabaseException("Could not delete the ProcessInstanceStore with process instance id '" -// + processInstanceId + "'."); -// } - } else - log.trace("ProcessInstanceStore for id='{}' was not found and could therefore not be deleted.", processInstanceId); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/EndEvent.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/EndEvent.java deleted file mode 100644 index 49fb082ea..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/EndEvent.java +++ /dev/null @@ -1,42 +0,0 @@ -package at.gv.egovernment.moa.id.process.model; - -import java.io.Serializable; - -import org.apache.commons.collections4.CollectionUtils; - -/** - * Represents an end event. Process execution terminates when an end event is reached. - * - * @author tknall - */ -public class EndEvent extends ProcessNode implements Serializable { - - private static final long serialVersionUID = 1L; - - @Override - public String toString() { - StringBuilder builder = new StringBuilder(); - builder.append("EndEvent ["); - if (getId() != null) { - builder.append("id="); - builder.append(getId()); - } - if (CollectionUtils.isNotEmpty(getIncomingTransitions())) { - if (builder.length() > 0) { - builder.append(", "); - } - builder.append("incomingTransitions="); - builder.append(getIncomingTransitions()); - } - if (CollectionUtils.isNotEmpty(getOutgoingTransitions())) { - if (builder.length() > 0) { - builder.append(", "); - } - builder.append("outgoingTransitions="); - builder.append(getOutgoingTransitions()); - } - builder.append("]"); - return builder.toString(); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/ProcessDefinition.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/ProcessDefinition.java deleted file mode 100644 index 518409ecf..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/ProcessDefinition.java +++ /dev/null @@ -1,158 +0,0 @@ -package at.gv.egovernment.moa.id.process.model; - -import java.util.LinkedHashMap; -import java.util.Map; -import java.util.Objects; - -import at.gv.egovernment.moa.id.process.ProcessDefinitionParser; - -/** - * Represents a single process definition containing - * <ul> - * <li>a {@link StartEvent},</li> - * <li>one or more {@linkplain TaskInfo Tasks},</li> - * <li>one or more {@linkplain EndEvent EndEvents} and</li> - * <li>some {@linkplain Transition Transitions} linking StartEvents, Tasks and EndEvents. - * </ul> - * - * @author tknall - * - */ -public class ProcessDefinition { - - private String id; - private StartEvent startEvent; - private Map<String, TaskInfo> taskInfos = new LinkedHashMap<>(); - private Map<String, EndEvent> endEvents = new LinkedHashMap<>(); - - /** - * Returns the unique identifier of the process definition. - * - * @return The unique identifier (never {@code null} if process definition comes from - * {@link ProcessDefinitionParser}). - */ - public String getId() { - return id; - } - - /** - * Sets the unique identifier of the process definition. - * - * @param id - * The unique identifier. - */ - public void setId(String id) { - this.id = id; - } - - /** - * Returns the start event of the process definition. - * - * @return The start event (never {@code null} if process definition comes from {@link ProcessDefinitionParser}). - */ - public StartEvent getStartEvent() { - return startEvent; - } - - /** - * Sets the start event of the process definition. - * - * @param startEvent - * The start event. - */ - public void setStartEvent(StartEvent startEvent) { - this.startEvent = startEvent; - } - - /** - * Returns a map containing the tasks of the process definition. - * - * @return The tasks (map is never {@code null} if process definition comes from {@link ProcessDefinitionParser}). - */ - public Map<String, TaskInfo> getTaskInfos() { - return taskInfos; - } - - /** - * Sets the map containing the tasks. - * - * @param taskInfos - * The map containing the tasks. - */ - public void setTaskInfos(Map<String, TaskInfo> taskInfos) { - this.taskInfos = taskInfos; - } - - /** - * Returns a map containing the end events of the process description. - * - * @return The map containing the end events (map is never {@code null} if process definition comes from - * {@link ProcessDefinitionParser}). - */ - public Map<String, EndEvent> getEndEvents() { - return endEvents; - } - - /** - * Sets a map containing the end events of the process description. - * - * @param endEvents - * The map containing the end events. - */ - public void setEndEvents(Map<String, EndEvent> endEvents) { - this.endEvents = endEvents; - } - - /** - * Returns the process node associated with the given {@code id}. - * - * @param id - * The identifier of the process node. - * @return The process node (may be {code null} when no process node with the given {@code id} exists). - */ - public ProcessNode getProcessNode(String id) { - Objects.requireNonNull(id, "Identifier must not be null."); - if (startEvent != null && id.equals(startEvent.getId())) { - return startEvent; - } - TaskInfo task = taskInfos.get(id); - if (task != null) { - return task; - } - return endEvents.get(id); - } - - @Override - public String toString() { - StringBuilder builder = new StringBuilder(); - if (id != null) { - builder.append("id="); - builder.append(id); - } - if (startEvent != null) { - if (builder.length() > 0) { - builder.append(", "); - } - builder.append("startEvent="); - builder.append(startEvent); - } - if (taskInfos != null && !taskInfos.isEmpty()) { - if (builder.length() > 0) { - builder.append(", "); - } - builder.append("tasksInfos="); - builder.append(taskInfos.values()); - } - if (endEvents != null && !endEvents.isEmpty()) { - if (builder.length() > 0) { - builder.append(", "); - } - builder.append("endEvents="); - builder.append(endEvents.values()); - } - builder.insert(0, "ProcessDefinition ["); - builder.append("]"); - return builder.toString(); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/ProcessNode.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/ProcessNode.java deleted file mode 100644 index 42f2e3cc2..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/ProcessNode.java +++ /dev/null @@ -1,69 +0,0 @@ -package at.gv.egovernment.moa.id.process.model; - -import java.util.ArrayList; -import java.util.List; - -import at.gv.egovernment.moa.id.process.ProcessDefinitionParser; - -/** - * Represents a {@link StartEvent}, an {@link EndEvent} or a {@linkplain TaskInfo Task}. - * @author tknall - * - */ -public abstract class ProcessNode { - - private String id; - private List<Transition> outgoingTransitions = new ArrayList<>(); - private List<Transition> incomingTransitions = new ArrayList<>(); - - /** - * Returns the unique identifier of the process node. - * - * @return The unique identifier (never {@code null} if process node comes from a process definition from - * {@link ProcessDefinitionParser}). - */ - public String getId() { - return id; - } - - /** - * Sets the unique identifier of the process node. - * @param id The unique identifier. - */ - public void setId(String id) { - this.id = id; - } - - /** - * Returns a list of transitions pointing from this process node to another one. - * @return A list of transitions (never {@code null} if process node comes from a process definition from {@link ProcessDefinitionParser}). - */ - public List<Transition> getOutgoingTransitions() { - return outgoingTransitions; - } - - /** - * Sets the list of transitions pointing from this process node to another one. - * @param outgoingTransitions The list of transitions originating from this process node. - */ - public void setOutgoingTransitions(List<Transition> outgoingTransitions) { - this.outgoingTransitions = outgoingTransitions; - } - - /** - * Returns a list of transitions pointing from another process node to this one. - * @return A list of transitions (never {@code null} if process node comes from a process definition from {@link ProcessDefinitionParser}). - */ - public List<Transition> getIncomingTransitions() { - return incomingTransitions; - } - - /** - * Sets the list of transitions pointing from another process node to this one. - * @param incomingTransitions A list of transitions pointing to this process node. - */ - public void setIncomingTransitions(List<Transition> incomingTransitions) { - this.incomingTransitions = incomingTransitions; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/StartEvent.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/StartEvent.java deleted file mode 100644 index 60175e09c..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/StartEvent.java +++ /dev/null @@ -1,45 +0,0 @@ -package at.gv.egovernment.moa.id.process.model; - -import java.io.Serializable; - -import org.apache.commons.collections4.CollectionUtils; - -/** - * Represents a start event. Each process description contains a single start event. Process execution starts with a - * start event. - * - * @author tknall - * - */ -public class StartEvent extends ProcessNode implements Serializable { - - private static final long serialVersionUID = 1L; - - @Override - public String toString() { - StringBuilder builder = new StringBuilder(); - builder.append("StartEvent ["); - if (getId() != null) { - builder.append("id="); - builder.append(getId()); - } - if (CollectionUtils.isNotEmpty(getIncomingTransitions())) { - if (builder.length() > 0) { - builder.append(", "); - } - builder.append("incomingTransitions="); - builder.append(getIncomingTransitions()); - } - if (CollectionUtils.isNotEmpty(getOutgoingTransitions())) { - if (builder.length() > 0) { - builder.append(", "); - } - builder.append("outgoingTransitions="); - - builder.append(getOutgoingTransitions()); - } - builder.append("]"); - return builder.toString(); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/TaskInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/TaskInfo.java deleted file mode 100644 index 78a9d6a0a..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/TaskInfo.java +++ /dev/null @@ -1,94 +0,0 @@ -package at.gv.egovernment.moa.id.process.model; - -import java.io.Serializable; - -import org.apache.commons.collections4.CollectionUtils; - -import at.gv.egovernment.moa.id.process.api.Task; - -/** - * Represents information about a single task to be performed upon process execution. - * @author tknall - * - */ -public class TaskInfo extends ProcessNode implements Serializable { - - private static final long serialVersionUID = 1L; - private static final boolean DEFAULT_ASYNC = false; - - private String taskImplementingClass; - private boolean async = DEFAULT_ASYNC; - - /** - * Determines if the task is marked asynchronous ({@code true}) or synchronous ({@code false}). - * @return A flag indicating if the task should be executed asynchronously or synchronously. (Default: {@code false}) - */ - public boolean isAsync() { - return async; - } - - /** - * Marks a task to executed asynchronously ({@code true}) or synchronously ({@code false}). - * @param async The flag. - */ - public void setAsync(boolean async) { - this.async = async; - } - - /** - * Returns the class that implements the actual task (must implement {@link Task}). - * @return The task implementing class. - */ - public String getTaskImplementingClass() { - return taskImplementingClass; - } - - /** - * Sets the class that implements the actual task (must implement {@link Task}). - * @param taskImplementingClass The task implementing class. - */ - public void setTaskImplementingClass(String taskImplementingClass) { - this.taskImplementingClass = taskImplementingClass; - } - - @Override - public String toString() { - StringBuilder builder = new StringBuilder(); - if (getId() != null) { - builder.append("id="); - builder.append(getId()); - } - if (async != DEFAULT_ASYNC) { - if (builder.length() > 0) { - builder.append(", "); - } - builder.append("async="); - builder.append(async); - } - if (taskImplementingClass != null) { - if (builder.length() > 0) { - builder.append(", "); - } - builder.append("taskImplementingClass="); - builder.append(taskImplementingClass); - } - if (CollectionUtils.isNotEmpty(getIncomingTransitions())) { - if (builder.length() > 0) { - builder.append(", "); - } - builder.append("incomingTransitions="); - builder.append(getIncomingTransitions()); - } - if (CollectionUtils.isNotEmpty(getOutgoingTransitions())) { - if (builder.length() > 0) { - builder.append(", "); - } - builder.append("outgoingTransitions="); - builder.append(getOutgoingTransitions()); - } - builder.insert(0, "TaskInfo ["); - builder.append("]"); - return builder.toString(); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/Transition.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/Transition.java deleted file mode 100644 index bc3005534..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/Transition.java +++ /dev/null @@ -1,136 +0,0 @@ -package at.gv.egovernment.moa.id.process.model; - -import java.io.Serializable; - -import at.gv.egovernment.moa.id.process.ProcessDefinitionParser; - -/** - * Represents a single transition from a {@link StartEvent} or {@linkplain TaskInfo Task} to another - * {@linkplain TaskInfo Task} or {@link EndEvent}. - * - * @author tknall - * - */ -public class Transition implements Serializable { - - private static final long serialVersionUID = 1L; - - private String id; - private String conditionExpression; - private ProcessNode from; - private ProcessNode to; - - /** - * Returns the process node (effectively a {@link StartEvent} or {@linkplain TaskInfo Task}) the transition is - * pointing from. - * - * @return The transition's source process node (never {@code null} if transition comes from a process definition - * from {@link ProcessDefinitionParser}). - */ - public ProcessNode getFrom() { - return from; - } - - /** - * Sets the process node the transition is pointing from. - * - * @param from - * The transition's source process node. - */ - public void setFrom(ProcessNode from) { - this.from = from; - } - - /** - * Returns the process node (effectively a {@linkplain TaskInfo Task} or {@link EndEvent}) the transition is - * pointing to. - * - * @return The transition's destination process node (never {@code null} if transition comes from a process - * definition from {@link ProcessDefinitionParser}). - */ - public ProcessNode getTo() { - return to; - } - - /** - * Sets the process node the transition is pointing to. - * - * @param to - * The transition's destination process node. - */ - public void setTo(ProcessNode to) { - this.to = to; - } - - /** - * Returns the unique identifier of the transition. - * - * @return The unique identifier (may be {@code null}). - */ - public String getId() { - return id; - } - - /** - * Sets the unique identifier of the transition. - * - * @param id - * The unique identifier. - */ - public void setId(String id) { - this.id = id; - } - - /** - * Returns the condition expression for this transition. - * - * @return The condition expression (may be {@code null}). - */ - public String getConditionExpression() { - return conditionExpression; - } - - /** - * Sets the condition expression for this transition. - * - * @param conditionExpression - * The condition expression. - */ - public void setConditionExpression(String conditionExpression) { - this.conditionExpression = conditionExpression; - } - - @Override - public String toString() { - StringBuilder builder = new StringBuilder(); - if (id != null) { - builder.append("id="); - builder.append(id); - } - if (from != null) { - if (builder.length() > 0) { - builder.append(", "); - } - builder.append("from.id="); - builder.append(from.getId()); - } - if (to != null) { - if (builder.length() > 0) { - builder.append(", "); - } - builder.append("to.id="); - builder.append(to.getId()); - } - if (conditionExpression != null) { - if (builder.length() > 0) { - builder.append(", "); - } - builder.append("conditionExpression="); - builder.append(conditionExpression); - } - builder.insert(0, "Transition ["); - builder.append("]"); - return builder.toString(); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/spring/SpringExpressionEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/spring/SpringExpressionEvaluator.java deleted file mode 100644 index 5b30c7172..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/spring/SpringExpressionEvaluator.java +++ /dev/null @@ -1,61 +0,0 @@ -package at.gv.egovernment.moa.id.process.spring; - -import java.util.Objects; - -import javax.annotation.PostConstruct; - -import org.apache.commons.lang3.BooleanUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.context.expression.BeanFactoryResolver; -import org.springframework.expression.Expression; -import org.springframework.expression.ExpressionParser; -import org.springframework.expression.spel.standard.SpelExpressionParser; -import org.springframework.expression.spel.support.StandardEvaluationContext; - -import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext; -import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator; -import at.gv.egovernment.moa.id.process.model.Transition; - -/** - * Expression evaluator for processing {@link Transition} conditions allowing to reference Spring beans from the - * application context. - * - * @author tknall - * - */ -public class SpringExpressionEvaluator implements ExpressionEvaluator { - - private Logger log = LoggerFactory.getLogger(getClass()); - private ExpressionParser parser = new SpelExpressionParser(); - private StandardEvaluationContext evaluationContext = new StandardEvaluationContext(); - - @Autowired(required = false) - private ApplicationContext ctx; - - @PostConstruct - private void init() { - if (ctx != null) { - evaluationContext.setBeanResolver(new BeanFactoryResolver(ctx)); - } - } - - @Override - public boolean evaluate(ExpressionEvaluationContext expressionContext, String expression) { - Objects.requireNonNull(expression, "Expression must not be null."); - log.trace("Evaluating '{}'.", expression); - - Expression expr = parser.parseExpression(expression); - Boolean result = expr.getValue(evaluationContext, expressionContext, Boolean.class); - if (result == null) { - log.warn("Evaluation of '{}' results in null-value.", expression); - } else { - log.debug("Expression '{}' -> {}", expression, result); - } - - return BooleanUtils.isTrue(result); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/AbstractAuthSourceServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/AbstractAuthSourceServlet.java deleted file mode 100644 index 738b58834..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/AbstractAuthSourceServlet.java +++ /dev/null @@ -1,116 +0,0 @@ -package at.gv.egovernment.moa.id.process.springweb; - -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; - -import org.apache.commons.lang3.StringUtils; -import org.springframework.beans.BeansException; -import org.springframework.beans.factory.NoSuchBeanDefinitionException; -import org.springframework.beans.factory.NoUniqueBeanDefinitionException; -import org.springframework.web.context.WebApplicationContext; -import org.springframework.web.context.support.WebApplicationContextUtils; - -import at.gv.egovernment.moa.id.process.ProcessEngine; -import at.gv.egovernment.moa.id.process.ProcessInstance; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; - -/** - * Abstract HttpServlet that provides means for retrieving the process engine (Spring Web required) as well as - * retrieving the underlying process instance and execution context evaluating a certain request parameter. - * - * @author tknall - * - */ -public abstract class AbstractAuthSourceServlet extends HttpServlet { - - private static final long serialVersionUID = 1L; - - private ProcessEngine processEngine; - - /** - * Returns the name of the request parameter representing the respective instance id. - * <p/>Default is {@code processInstanceId}. - * @return The request parameter name. - */ - public String getProcessInstanceIdParameterName() { - return "processInstanceId"; - } - - /** - * Returns the underlying process engine instance. - * - * @return The process engine (never {@code null}). - * @throws NoSuchBeanDefinitionException - * if no {@link ProcessEngine} bean was found. - * @throws NoUniqueBeanDefinitionException - * if more than one {@link ProcessEngine} bean was found. - * @throws BeansException - * if a problem getting the {@link ProcessEngine} bean occurred. - * @throws IllegalStateException - * if the Spring WebApplicationContext was not found, which means that the servlet is used outside a - * Spring web environment. - */ - public synchronized ProcessEngine getProcessEngine() { - if (processEngine == null) { - WebApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(getServletContext()); - if (ctx == null) { - throw new IllegalStateException( - "Unable to find Spring WebApplicationContext. Servlet needs to be executed within a Spring web environment."); - } - processEngine = ctx.getBean(ProcessEngine.class); - } - return processEngine; - } - - /** - * Retrieves the process instance referenced by the request parameter {@link #getProcessInstanceIdParameterName()}. - * - * @param request - * The HttpServletRequest. - * @return The process instance (never {@code null}). - * @throws NoSuchBeanDefinitionException - * if no {@link ProcessEngine} bean was found. - * @throws NoUniqueBeanDefinitionException - * if more than one {@link ProcessEngine} bean was found. - * @throws BeansException - * if a problem getting the {@link ProcessEngine} bean occurred. - * @throws IllegalStateException - * if the Spring WebApplicationContext was not found, which means that the servlet is used outside a - * Spring web environment. - * @throws IllegalArgumentException - * in case the process instance id referenced by the request parameter - * {@link #getProcessInstanceIdParameterName()} does not exist. - */ - public ProcessInstance getProcessInstance(HttpServletRequest request) { - String processInstanceId = StringUtils.trimToNull(request.getParameter(getProcessInstanceIdParameterName())); - if (processInstanceId == null) { - throw new IllegalArgumentException("Missing request parameter '" + getProcessInstanceIdParameterName() + "'."); - } - return getProcessEngine().getProcessInstance(processInstanceId); - } - - /** - * Retrieves the execution context for the respective process instance referenced by the request parameter - * {@link #getProcessInstanceIdParameterName()}. - * - * @param request - * The HttpServletRequest. - * @return The execution context (never {@code null}). - * @throws NoSuchBeanDefinitionException - * if no {@link ProcessEngine} bean was found. - * @throws NoUniqueBeanDefinitionException - * if more than one {@link ProcessEngine} bean was found. - * @throws BeansException - * if a problem getting the {@link ProcessEngine} bean occurred. - * @throws IllegalStateException - * if the Spring WebApplicationContext was not found, which means that the servlet is used outside a - * Spring web environment. - * @throws IllegalArgumentException - * in case the process instance id referenced by the request parameter - * {@link #getProcessInstanceIdParameterName()} does not exist. - */ - public ExecutionContext getExecutionContext(HttpServletRequest request) { - return getProcessInstance(request).getExecutionContext(); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java deleted file mode 100644 index dd0d87dd7..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java +++ /dev/null @@ -1,99 +0,0 @@ -package at.gv.egovernment.moa.id.process.springweb; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.web.context.request.RequestAttributes; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; -import org.springframework.web.filter.RequestContextFilter; - -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.process.api.Task; - -/** - * Abstract task implementation providing {@link HttpServletRequest} and {@link HttpServletResponse}. - * <p/> - * Note that this abstract task requires the Spring (web) framework including a {@link RequestContextFilter} to be set - * within {@code web.xml}. - * - * <pre> - * ... - * <filter> - * <filter-name>requestContextFilter</filter-name> - * <filter-class>org.springframework.web.filter.RequestContextFilter</filter-class> - * </filter> - * <filter-mapping> - * <filter-name>requestContextFilter</filter-name> - * <url-pattern>/*</url-pattern> - * </filter-mapping> - * ... - * </pre> - * - * @author tknall - * @author tlenz - * - */ -public abstract class MoaIdTask implements Task { - - /** - * Executes the task providing the underlying {@link ExecutionContext} {@code executionContext} as well as the - * respective {@link HttpServletRequest} and {@link HttpServletResponse}. - * - * @param executionContext - * The execution context (never {@code null}). - * @param request - * The HttpServletRequest (never {@code null}). - * @param response - * The HttpServletResponse (never {@code null}). - * @throws IllegalStateException - * Thrown in case the task is nur being run within the required environment. Refer to javadoc for - * further information. - * @throws Exception - * Thrown in case of error executing the task. - */ - public abstract void execute(ExecutionContext executionContext, HttpServletRequest request, - HttpServletResponse response) throws TaskExecutionException; - - /** - * Executes the task providing the underlying {@link ExecutionContext} {@code executionContext} - * and the {@link IRequest} {@code pendingReq }as well as the - * respective {@link HttpServletRequest} and {@link HttpServletResponse}. - * - * This method sets the pending-request object of the task implementation and starts the - * {@code execute} method of the task - * - * @param pendingReq The pending-request object (never {@code null}). - * @param executionContext The execution context (never {@code null}). - * @param request The HttpServletRequest (never {@code null}). - * @param response The HttpServletResponse (never {@code null}). - * @return The pending-request object, because Process-management works recursive - * - * @throws IllegalStateException - * Thrown in case the task is being run within the required environment. Refer to javadoc for - * further information. - * @throws Exception - * Thrown in case of error executing the task. - */ - protected abstract IRequest internalExecute(IRequest pendingReq, ExecutionContext executionContext, HttpServletRequest request, - HttpServletResponse response) throws TaskExecutionException; - - @Override - public IRequest execute(IRequest pendingReq, ExecutionContext executionContext) throws TaskExecutionException { - RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes(); - if (requestAttributes != null && requestAttributes instanceof ServletRequestAttributes) { - HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest(); - HttpServletResponse response = ((ServletRequestAttributes) requestAttributes).getResponse(); - if (request == null || response == null) { - throw new IllegalStateException( - "Spring's RequestContextHolder did not provide HttpServletResponse. Did you forget to set the required org.springframework.web.filter.RequestContextFilter in your web.xml."); - } - return internalExecute(pendingReq, executionContext, request, response); - } else { - throw new IllegalStateException("Task needs to be executed within a Spring web environment."); - } - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/SpringWebExpressionEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/SpringWebExpressionEvaluator.java deleted file mode 100644 index af6822ba6..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/SpringWebExpressionEvaluator.java +++ /dev/null @@ -1,143 +0,0 @@ -package at.gv.egovernment.moa.id.process.springweb; - -import java.io.Serializable; -import java.util.Collections; -import java.util.HashMap; -import java.util.Iterator; -import java.util.Map; -import java.util.Map.Entry; -import java.util.Objects; - -import javax.annotation.PostConstruct; -import javax.servlet.http.HttpServletRequest; - -import org.apache.commons.lang3.ArrayUtils; -import org.apache.commons.lang3.BooleanUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.context.expression.BeanFactoryResolver; -import org.springframework.expression.Expression; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import org.springframework.expression.ExpressionParser; -import org.springframework.expression.spel.standard.SpelExpressionParser; -import org.springframework.expression.spel.support.StandardEvaluationContext; - -import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext; -import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator; -import at.gv.egovernment.moa.id.process.model.Transition; - -/** - * Expression evaluator for processing {@link Transition} conditions allowing to - * <ul> - * <li>reference Spring beans from the application context using {@code @myBeanName...},</li> - * <li>{@link ExecutionContext} properties using {@code ctx['property']},</li> - * <li>Multi valued {@link HttpServletRequest} parameters using {@code requestParameters['foo']} (keep in mind that this - * expression returns an array of String values) and</li> - * <li>Single valued {@link HttpServletRequest} parameters using {@code requestParameter['foo']}</li> - * </ul> - * - * @author tknall - * - */ -public class SpringWebExpressionEvaluator implements ExpressionEvaluator { - - private Logger log = LoggerFactory.getLogger(getClass()); - private ExpressionParser parser = new SpelExpressionParser(); - private StandardEvaluationContext evaluationContext = new StandardEvaluationContext(); - - @Autowired(required = false) - private ApplicationContext ctx; - - @Autowired(required = false) - private HttpServletRequest request; - - @PostConstruct - private void init() { - if (ctx != null) { - evaluationContext.setBeanResolver(new BeanFactoryResolver(ctx)); - } - } - - /** - * Evaluation context that provides access to {@link HttpServletRequest} parameters using - * {@code requestParameter['foo']} for single value parameters or {@code requestParameters['foo']} for multi value - * parameters. Basic calls to {@code ctx} will be delegated. - * - * @author tknall - * - */ - private class SpringWebExpressionEvaluationContext implements ExpressionEvaluationContext { - - private static final long serialVersionUID = 1L; - - /** - * Creates a new expression evaluation context, providing access to HttpServletRequest parameter(s). - * - * @param delegate - * The original {@link ExpressionEvaluationContext} to be delegated to for {@code ctx['foo']} - * expressions. - */ - public SpringWebExpressionEvaluationContext(ExpressionEvaluationContext delegate) { - this.delegate = delegate; - } - - private ExpressionEvaluationContext delegate; - - @Override - public Map<String, Serializable> getCtx() { - return delegate.getCtx(); - } - - @SuppressWarnings("unused") - public Map<String, String> getRequestParameter() { - if (request != null) { - Map<String, String> singleValueMap = new HashMap<String, String>(); - Iterator<Entry<String, String[]>> it = request.getParameterMap().entrySet().iterator(); - while (it.hasNext()) { - Entry<String, String[]> entry = it.next(); - if (ArrayUtils.isNotEmpty(entry.getValue())) { - singleValueMap.put(entry.getKey(), entry.getValue()[0]); - } - } - return singleValueMap; - } else { - return Collections.<String, String> emptyMap(); - } - } - - @SuppressWarnings("unused") - public Map<String, String[]> getRequestParameters() { - if (request != null) { - return request.getParameterMap(); - } else { - return Collections.<String, String[]> emptyMap(); - } - } - - } - - @Override - public boolean evaluate(ExpressionEvaluationContext expressionContext, String expression) { - Objects.requireNonNull(expression, "Expression must not be null."); - log.trace("Evaluating '{}'.", expression); - - Expression expr = parser.parseExpression(expression); - Boolean result = null; - try { - result = expr.getValue(evaluationContext, new SpringWebExpressionEvaluationContext(expressionContext), - Boolean.class); - if (result == null) { - log.warn("Evaluation of '{}' results in null-value.", expression); - } else { - log.debug("Expression '{}' -> {}", expression, result); - } - } catch (Exception e) { - log.warn("Expression '{}' could not be processed.", expression, e); - } - - return BooleanUtils.isTrue(result); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/support/SecureRandomHolder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/support/SecureRandomHolder.java deleted file mode 100644 index 72677739a..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/support/SecureRandomHolder.java +++ /dev/null @@ -1,35 +0,0 @@ -package at.gv.egovernment.moa.id.process.support; - -import java.security.NoSuchAlgorithmException; -import java.security.SecureRandom; - -/** - * Holder for a secure random instance following the initialization on demand holder design pattern. The secure random - * instance is a singleton that is initialized on first usage. - * - * @author tknall - * - */ -public class SecureRandomHolder { - - private SecureRandomHolder() { - } - - private static final SecureRandom SRND_INSTANCE; - static { - try { - SRND_INSTANCE = SecureRandom.getInstance("SHA1PRNG"); - } catch (NoSuchAlgorithmException e) { - throw new RuntimeException("Unable to instantiate SHA1PRNG.", e); - } - } - - /** - * Returns a secure random generator instance. - * @return The secure random instance. - */ - public static SecureRandom getInstance() { - return SecureRandomHolder.SRND_INSTANCE; - } - -}
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java deleted file mode 100644 index 9b30368e3..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java +++ /dev/null @@ -1,309 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols; - -import java.io.IOException; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; - -import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.servlet.AbstractController; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.AuthenticationManager; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IModulInfo; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -/** - * @author tlenz - * - */ - -public abstract class AbstractAuthProtocolModulController extends AbstractController implements IModulInfo { - - public static final String FINALIZEPROTOCOL_ENDPOINT = "finalizeAuthProtocol"; - - @Autowired protected ApplicationContext applicationContext; - @Autowired private SSOManager ssomanager; - @Autowired protected AuthenticationManager authmanager; - @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage; - @Autowired private AuthenticationDataBuilder authDataBuilder; - - /** - * Initialize an authentication process for this protocol request - * - * @param httpReq HttpServletRequest - * @param httpResp HttpServletResponse - * @param protocolRequest Authentication request which is actually in process - * @throws IOException - */ - protected void performAuthentication(HttpServletRequest req, HttpServletResponse resp, - RequestImpl pendingReq) throws IOException { - try { - if (pendingReq.isNeedAuthentication()) { - //request needs authentication --> start authentication process ... - - //load Parameters from OnlineApplicationConfiguration - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); - - if (oaParam == null) { - throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() }); - } - - - AuthenticationSession ssoMoaSession = authmanager.doAuthentication(req, resp, pendingReq); - if (ssoMoaSession != null) { - //authenticated MOASession already exists --> protocol-specific postProcessing can start directly - finalizeAuthenticationProcess(req, resp, pendingReq, ssoMoaSession); - - //transaction is finished, log transaction finished event - revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier()); - - } - - } else { - executeProtocolSpecificAction(req, resp, pendingReq, null); - - } - - } catch (Exception e) { - buildProtocolSpecificErrorResponse(e, req, resp, pendingReq); - - removeUserSession(pendingReq, req, resp); - - } - } - - - protected String createNewSSOSessionCookie(HttpServletRequest req, HttpServletResponse resp, - IRequest pendingReq, IAuthenticationSession moaSession) { - Logger.debug("Add SSO information to MOASession."); - - //Store SSO information into database - String newSSOSessionId = ssomanager.createSSOSessionInformations(moaSession.getSessionID(), - pendingReq.getOAURL()); - - //set SSO cookie to response - if (MiscUtil.isNotEmpty(newSSOSessionId)) { - ssomanager.setSSOSessionID(req, resp, newSSOSessionId); - - } else { - ssomanager.deleteSSOSessionID(req, resp); - - } - - return newSSOSessionId; - } - - /** - * Finalize the requested protocol operation - * - * @param httpReq HttpServletRequest - * @param httpResp HttpServletResponse - * @param protocolRequest Authentication request which is actually in process - * @param moaSession MOASession object, which is used to generate the protocol specific authentication information - * @throws Exception - */ - protected void finalizeAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp, - IRequest pendingReq, IAuthenticationSession moaSession) throws Exception { - - String newSSOSessionId = null; - - //if Single Sign-On functionality is enabled for this request - if (pendingReq.needSingleSignOnFunctionality()) { - newSSOSessionId = createNewSSOSessionCookie(req, resp, pendingReq, moaSession); - - } - - //build authenticationdata from session information and OA configuration - IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq, moaSession); - - //execute the protocol-specific action - SLOInformationInterface sloInformation = executeProtocolSpecificAction(req, resp, pendingReq, authData); - - //check if SSO - boolean isSSOCookieSetted = MiscUtil.isNotEmpty(newSSOSessionId); - - //Store OA specific SSO session information if an SSO cookie is set - if (isSSOCookieSetted) { - try { - AuthenticationSession internalDBSSOSession = null; - - //create new SSO session, if actually no SSO session exists - if (MiscUtil.isEmpty(pendingReq.getInternalSSOSessionIdentifier())) { - internalDBSSOSession = authenticatedSessionStorage.createInternalSSOSession(pendingReq); - authenticatedSessionStorage.addSSOInformation(internalDBSSOSession.getSessionID(), - newSSOSessionId, sloInformation, pendingReq); - - //MOA SSO-session already exists only update is required - } else if (MiscUtil.isNotEmpty(pendingReq.getInternalSSOSessionIdentifier()) && - moaSession instanceof AuthenticationSession) { - authenticatedSessionStorage.addSSOInformation(moaSession.getSessionID(), - newSSOSessionId, sloInformation, pendingReq); - - } else { - Logger.fatal("MOA-Session data object has a suspect or unsupported type:" + moaSession.getClass().getName() - + " pendingReq_internalSsoId:" + pendingReq.getInternalSSOSessionIdentifier()); - throw new AuthenticationException("1299", null); - - } - - } catch (AuthenticationException e) { - Logger.warn("SSO Session information can not be stored -> SSO is not enabled!"); - authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); - - } - - } else { - //remove MOASession from database - authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); - - } - - //Advanced statistic logging - statisticLogger.logSuccessOperation(pendingReq, authData, isSSOCookieSetted); - - } - - /** - * Executes the requested protocol action - * - * @param httpReq HttpServletRequest - * @param httpResp HttpServletResponse - * @param protocolRequest Authentication request which is actually in process - * @param authData Service-provider specific authentication data - * - * @return Return Single LogOut information or null if protocol supports no SSO - * - * @throws Exception - */ - private SLOInformationInterface executeProtocolSpecificAction(HttpServletRequest httpReq, HttpServletResponse httpResp, - IRequest pendingReq, IAuthData authData) throws Exception { - try { - // request needs no authentication --> start request processing - Class<?> clazz = Class.forName(pendingReq.requestedAction()); - if (clazz == null || - !IAction.class.isAssignableFrom(clazz)) { - Logger.fatal("Requested protocol-action processing Class is NULL or does not implement the IAction interface."); - throw new Exception("Requested protocol-action processing Class is NULL or does not implement the IAction interface."); - - } - - IAction protocolAction = (IAction) applicationContext.getBean(clazz); - return protocolAction.processRequest(pendingReq, httpReq, httpResp, authData); - - } catch (ClassNotFoundException e) { - Logger.fatal("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface."); - throw new Exception("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface."); - } - - } - - protected void removeUserSession(IRequest pendingReq, HttpServletRequest req, - HttpServletResponse resp) { - authmanager.performOnlyIDPLogOut(req, resp, pendingReq.getInternalSSOSessionIdentifier()); - - } - - protected void buildProtocolSpecificErrorResponse(Throwable throwable, HttpServletRequest req, - HttpServletResponse resp, IRequest protocolRequest) throws IOException { - try { - - Class<?> clazz = Class.forName(protocolRequest.requestedModule()); - - if (clazz == null || - !IModulInfo.class.isAssignableFrom(clazz)) { - Logger.fatal("Requested protocol module Class is NULL or does not implement the IModulInfo interface."); - throw new Exception("Requested protocol module Class is NULL or does not implement the IModulInfo interface."); - - } - - IModulInfo handlingModule = (IModulInfo) applicationContext.getBean(clazz); - - if (handlingModule.generateErrorMessage( - throwable, req, resp, protocolRequest)) { - - //log Error to technical log - logExceptionToTechnicalLog(throwable); - - //log Error Message - statisticLogger.logErrorOperation(throwable, protocolRequest); - - //write revision log entries - revisionsLogger.logEvent(protocolRequest, MOAIDEventConstants.TRANSACTION_ERROR, protocolRequest.getUniqueTransactionIdentifier()); - - return; - - } else { - handleErrorNoRedirect(throwable, req, resp, true); - - } - - } catch (Throwable e) { - handleErrorNoRedirect(throwable, req, resp, true); - - } - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IModulInfo#getName() - */ - @Override - public abstract String getName(); - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IModulInfo#getPath() - */ - @Override - public abstract String getPath(); - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IModulInfo#generateErrorMessage(java.lang.Throwable, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest) - */ - @Override - public abstract boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, - IRequest protocolRequest) throws Throwable; - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IModulInfo#validate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest) - */ - @Override - public abstract boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending); - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java deleted file mode 100644 index 41a4c9835..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java +++ /dev/null @@ -1,195 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols; - -import java.io.IOException; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang.StringEscapeUtils; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - -import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.ExceptionContainer; -import at.gv.egovernment.moa.logging.Logger; - -/** - * @author tlenz - * - */ -@Controller -public class ProtocolFinalizationController extends AbstractAuthProtocolModulController { - - @RequestMapping(value = "/finalizeAuthProtocol", method = {RequestMethod.GET}) - public void finalizeAuthProtocol(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { - - //read pendingRequest from http request - Object idObject = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_TARGET_PENDINGREQUESTID)); - IRequest pendingReq = null; - String pendingRequestID = null; - if (idObject != null && (idObject instanceof String)) { - pendingRequestID = (String) idObject; - pendingReq = requestStorage.getPendingRequest(pendingRequestID); - - } - - //receive an authentication error - String errorid = StringEscapeUtils.escapeHtml(req.getParameter(ERROR_CODE_PARAM)); - if (errorid != null) { - try { - //load stored exception from database - ExceptionContainer container = transactionStorage.get(errorid, ExceptionContainer.class); - if (container != null) { - //remove exception if it was found - transactionStorage.remove(errorid); - - Throwable throwable = container.getExceptionThrown(); - - if (pendingReq != null) { - //build protocol-specific error message if possible - buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq); - - //remove active user-session - removeUserSession(pendingReq, req, resp); - - return; - - } else { - handleErrorNoRedirect(throwable, req, resp, true); - - } - } else { - handleErrorNoRedirect(new MOAIDException("auth.26", null), req, resp, false); - - } - - } catch (Throwable e) { - Logger.error(e); - handleErrorNoRedirect(e, req, resp, false); - - } - - // receive a pending request - } else { - if (pendingReq == null) { - Logger.error("No PendingRequest with ID " + pendingRequestID + " found.!"); - handleErrorNoRedirect(new MOAIDException("auth.28", new Object[]{pendingRequestID}), req, resp, false); - return; - - } - try { - Logger.debug("Finalize PendingRequest with ID " + pendingRequestID); - - //get MOA session data object from pending request - IAuthenticationSession pendingMoaSession = pendingReq.getMOASession(); - - //check if pending-request has 'abortedByUser' flag set - if (pendingReq.isAbortedByUser()) { - //send authentication aborted error to Service Provider - buildProtocolSpecificErrorResponse( - new AuthenticationException("auth.21", new Object[] {}), - req, resp, pendingReq); - - //do not remove the full active SSO-Session - // in case of only one Service-Provider authentication request is aborted - if ( !(pendingMoaSession.isAuthenticated() - && pendingReq.needSingleSignOnFunctionality()) ) { - removeUserSession(pendingReq, req, resp); - - } - - //check if MOASession and pending-request are authenticated - } else if (pendingMoaSession.isAuthenticated() && pendingReq.isAuthenticated()) { - finalizeAuthenticationProcess(req, resp, pendingReq, pendingMoaSession); - - } else { - //suspect state: pending-request is not aborted but also are not authenticated - Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!"); - handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true); - - } - - } catch (Exception e) { - Logger.error("Finalize authentication protocol FAILED." , e); - buildProtocolSpecificErrorResponse(e, req, resp, pendingReq); - - removeUserSession(pendingReq, req, resp); - - } - } - - //remove pending-request - if (pendingReq != null) { - requestStorage.removePendingRequest(pendingReq.getRequestID()); - revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier()); - - } - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#getName() - */ - @Override - public String getName() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#getPath() - */ - @Override - public String getPath() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#generateErrorMessage(java.lang.Throwable, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest) - */ - @Override - public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, - IRequest protocolRequest) throws Throwable { - // TODO Auto-generated method stub - return false; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#validate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest) - */ - @Override - public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { - // TODO Auto-generated method stub - return false; - } - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java deleted file mode 100644 index c13c5e288..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java +++ /dev/null @@ -1,69 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.MiscUtil; - -public class BPKAttributeBuilder implements IPVPAttributeBuilder { - - public String getName() { - return BPK_NAME; - } - - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - String bpk = authData.getBPK(); - String type = authData.getBPKType(); - - if (MiscUtil.isEmpty(bpk)) - throw new UnavailableAttributeException(BPK_NAME); - - if (type.startsWith(Constants.URN_PREFIX_WBPK)) - type = type.substring((Constants.URN_PREFIX_WBPK + "+").length()); - - else if (type.startsWith(Constants.URN_PREFIX_CDID)) - type = type.substring((Constants.URN_PREFIX_CDID + "+").length()); - - else if (type.startsWith(Constants.URN_PREFIX_EIDAS)) - type = type.substring((Constants.URN_PREFIX_EIDAS + "+").length()); - - if (bpk.length() > BPK_MAX_LENGTH) { - bpk = bpk.substring(0, BPK_MAX_LENGTH); - } - - Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type); - - return g.buildStringAttribute(BPK_FRIENDLY_NAME, BPK_NAME, type + ":" + bpk); - } - - public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { - return g.buildEmptyAttribute(BPK_FRIENDLY_NAME, BPK_NAME); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BirthdateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BirthdateAttributeBuilder.java deleted file mode 100644 index f1d88f877..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BirthdateAttributeBuilder.java +++ /dev/null @@ -1,58 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import java.text.DateFormat; -import java.text.SimpleDateFormat; - -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; - -public class BirthdateAttributeBuilder implements IPVPAttributeBuilder { - - public String getName() { - return BIRTHDATE_NAME; - } - - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - - if (authData.getDateOfBirth() != null) { - DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN); - String dateString = pvpDateFormat.format(authData.getDateOfBirth()); - - return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString); - - } else { - //build empty attribute if no Birthday date is found (STORK2) - return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME); - - } - } - - public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { - return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java index 6f7c0dc97..139bb15cc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java @@ -26,28 +26,37 @@ import java.io.IOException; import org.springframework.util.Base64Utils; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@PVPMETADATA public class EIDAuthBlock implements IPVPAttributeBuilder { public String getName() { return EID_AUTH_BLOCK_NAME; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { try { - String authblock = authData.getAuthBlock(); - if (MiscUtil.isNotEmpty(authblock)) { - return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME, - Base64Utils.encodeToString(authblock.getBytes("UTF-8"))); - } + if (authData instanceof IMOAAuthData) { + String authblock = ((IMOAAuthData)authData).getAuthBlock(); + if (MiscUtil.isNotEmpty(authblock)) { + return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME, + Base64Utils.encodeToString(authblock.getBytes("UTF-8"))); + } + + } else + Logger.info(EID_AUTH_BLOCK_FRIENDLY_NAME + " is only available in MOA-ID context"); } catch (IOException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java index 623acd18e..1e630cf16 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java @@ -22,27 +22,36 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@PVPMETADATA public class EIDCcsURL implements IPVPAttributeBuilder { public String getName() { return EID_CCS_URL_NAME; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + if (authData instanceof IMOAAuthData) { + String bkuurl = ((IMOAAuthData)authData).getBkuURL(); + if (MiscUtil.isNotEmpty(bkuurl)) + return g.buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl); + + + } else + Logger.info(EID_CCS_URL_FRIENDLY_NAME + " is only available in MOA-ID context"); - String bkuurl = authData.getBkuURL(); - if (MiscUtil.isNotEmpty(bkuurl)) - return g.buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl); - else - throw new UnavailableAttributeException(EID_CCS_URL_NAME); + throw new UnavailableAttributeException(EID_CCS_URL_NAME); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java index b254bc305..95e6d5bca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java @@ -22,28 +22,43 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.logging.Logger; + @Deprecated +@PVPMETADATA public class EIDCitizenQAALevelAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return EID_CITIZEN_QAA_LEVEL_NAME; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + if (authData instanceof IMOAAuthData) { + String qaaLevel = null; + if (((IMOAAuthData)authData).getQAALevel().startsWith(PVPConstants.STORK_QAA_PREFIX)) + qaaLevel = ((IMOAAuthData)authData).getQAALevel().substring(PVPConstants.STORK_QAA_PREFIX.length()); + else + qaaLevel = ((IMOAAuthData)authData).getQAALevel(); + + return g.buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, + EID_CITIZEN_QAA_LEVEL_NAME, Integer.valueOf(qaaLevel)); + + } else + Logger.info(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + " is only available in MOA-ID context"); - String qaaLevel = null; - if (authData.getQAALevel().startsWith(STORK_QAA_PREFIX)) - qaaLevel = authData.getQAALevel().substring(STORK_QAA_PREFIX.length()); - else - qaaLevel = authData.getQAALevel(); + throw new UnavailableAttributeException(EID_CITIZEN_QAA_LEVEL_NAME); - return g.buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, - EID_CITIZEN_QAA_LEVEL_NAME, Integer.valueOf(qaaLevel)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java deleted file mode 100644 index a01605986..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java +++ /dev/null @@ -1,67 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import java.io.IOException; - -import org.springframework.util.Base64Utils; - -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; -import at.gv.egovernment.moa.logging.Logger; - -public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder { - - public String getName() { - return EID_IDENTITY_LINK_NAME; - } - - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - try { - String ilAssertion = null; - - if (authData.getIdentityLink() == null) - throw new UnavailableAttributeException(EID_IDENTITY_LINK_NAME); - - ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion(); - - return g.buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, - EID_IDENTITY_LINK_NAME, Base64Utils.encodeToString(ilAssertion.getBytes("UTF-8"))); - - } catch (IOException e) { - Logger.warn("IdentityLink serialization error.", e); - return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, - EID_IDENTITY_LINK_NAME); - } - - } - - public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { - return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, - EID_IDENTITY_LINK_NAME); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIssuingNationAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIssuingNationAttributeBuilder.java deleted file mode 100644 index fc80ad7fe..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIssuingNationAttributeBuilder.java +++ /dev/null @@ -1,52 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.util.MiscUtil; - -public class EIDIssuingNationAttributeBuilder implements IPVPAttributeBuilder { - - public String getName() { - return EID_ISSUING_NATION_NAME; - } - - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - String countryCode = authData.getCcc(); - if (MiscUtil.isNotEmpty(countryCode)) - return g.buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME, - EID_ISSUING_NATION_NAME, countryCode); - - else - return null; - } - - public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { - return g.buildEmptyAttribute(EID_ISSUING_NATION_FRIENDLY_NAME, - EID_ISSUING_NATION_NAME); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java index 71fc7966c..97bf2f78e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java @@ -26,23 +26,27 @@ import java.io.IOException; import org.springframework.util.Base64Utils; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @Deprecated +@PVPMETADATA public class EIDSTORKTOKEN implements IPVPAttributeBuilder { public String getName() { return EID_STORK_TOKEN_NAME; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { if (!authData.isForeigner()) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java deleted file mode 100644 index c3300d60f..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java +++ /dev/null @@ -1,54 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; -import at.gv.egovernment.moa.util.MiscUtil; - -public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder { - - public String getName() { - return EID_SECTOR_FOR_IDENTIFIER_NAME; - } - - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - String bpktype = authData.getBPKType(); - - if (MiscUtil.isEmpty(authData.getBPKType())) - throw new UnavailableAttributeException(EID_SECTOR_FOR_IDENTIFIER_NAME); - - return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, - EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype); - } - - public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { - return g.buildEmptyAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, - EID_SECTOR_FOR_IDENTIFIER_NAME); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java index 4b4296536..dfb234ee7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java @@ -25,27 +25,35 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; import org.springframework.util.Base64Utils; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; +@PVPMETADATA public class EIDSignerCertificate implements IPVPAttributeBuilder { public String getName() { return EID_SIGNER_CERTIFICATE_NAME; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { try { - byte[] signerCertificate = authData.getSignerCertificate(); - if (signerCertificate != null) { - return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, + if (authData instanceof IMOAAuthData) { + byte[] signerCertificate = ((IMOAAuthData)authData).getSignerCertificate(); + if (signerCertificate != null) { + return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, Base64Utils.encodeToString(signerCertificate)); - } + } + } else + Logger.info(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME + " is only available in MOA-ID context"); }catch (Exception e) { Logger.info("Signer certificate BASE64 encoding error"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePIN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePIN.java deleted file mode 100644 index b4846db12..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePIN.java +++ /dev/null @@ -1,56 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributePolicyException; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; -import at.gv.egovernment.moa.util.MiscUtil; - -public class EIDSourcePIN implements IPVPAttributeBuilder { - - public String getName() { - return EID_SOURCE_PIN_NAME; - } - - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - - if (authData.isBaseIDTransferRestrication()) - throw new AttributePolicyException(EID_SOURCE_PIN_NAME); - - else { - if (MiscUtil.isEmpty(authData.getIdentificationValue())) - throw new UnavailableAttributeException(EID_SOURCE_PIN_NAME); - - return g.buildStringAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME, authData.getIdentificationValue()); - } - } - - public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { - return g.buildEmptyAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePINType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePINType.java deleted file mode 100644 index ccaecb3b6..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePINType.java +++ /dev/null @@ -1,51 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; - -public class EIDSourcePINType implements IPVPAttributeBuilder { - - public String getName() { - return EID_SOURCE_PIN_TYPE_NAME; - } - - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - - if (authData.isBaseIDTransferRestrication()) - throw new UnavailableAttributeException(EID_SOURCE_PIN_TYPE_NAME); - - else { - return g.buildStringAttribute(EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, EID_SOURCE_PIN_TYPE_NAME, authData.getIdentificationType()); - } - } - - public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { - return g.buildEmptyAttribute(EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, EID_SOURCE_PIN_TYPE_NAME); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDeIDASQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDeIDASQAALevelAttributeBuilder.java deleted file mode 100644 index ca3dfa765..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDeIDASQAALevelAttributeBuilder.java +++ /dev/null @@ -1,48 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; - -public class EIDeIDASQAALevelAttributeBuilder implements IPVPAttributeBuilder { - - public String getName() { - return EID_CITIZEN_EIDAS_QAA_LEVEL_NAME; - } - - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - - return g.buildStringAttribute(EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, - EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, authData.getEIDASQAALevel()); - } - - - public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { - return g.buildEmptyAttribute(EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, - EID_CITIZEN_EIDAS_QAA_LEVEL_NAME); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java index 9dfbe00b2..44043ec40 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java @@ -22,33 +22,40 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Constants; +@PVPMETADATA public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return ENC_BPK_LIST_NAME; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { - if (authData.getEncbPKList() != null && - authData.getEncbPKList().size() > 0) { - String value = authData.getEncbPKList().get(0); - for (int i=1; i<authData.getEncbPKList().size(); i++) - value += ";"+authData.getEncbPKList().get(i); + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData)authData).getEncbPKList() != null && + ((IMOAAuthData)authData).getEncbPKList().size() > 0) { + String value = ((IMOAAuthData)authData).getEncbPKList().get(0); + for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++) + value += ";"+((IMOAAuthData)authData).getEncbPKList().get(i); - return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, - value); + return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, + value); - } + } + + } else + Logger.info(ENC_BPK_LIST_FRIENDLY_NAME + " is only available in MOA-ID context"); throw new UnavailableAttributeException(ENC_BPK_LIST_NAME); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/GivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/GivenNameAttributeBuilder.java deleted file mode 100644 index af87a319a..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/GivenNameAttributeBuilder.java +++ /dev/null @@ -1,45 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; - -public class GivenNameAttributeBuilder implements IPVPAttributeBuilder { - - public String getName() { - return GIVEN_NAME_NAME; - } - - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - return g.buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authData.getGivenName()); - } - - public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { - return g.buildEmptyAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java index 1d3faff2d..c65199dd6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java @@ -24,11 +24,13 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; import java.io.IOException; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -38,12 +40,12 @@ public class HolderOfKey implements IPVPAttributeBuilder { return PVP_HOLDEROFKEY_NAME; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { try { byte[] certEncoded = authData.getGenericData( - MOAIDAuthConstants.MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE, + EAAFConstants.PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE, byte[].class); if (certEncoded != null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IAttributeBuilder.java deleted file mode 100644 index 5b44f02aa..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IAttributeBuilder.java +++ /dev/null @@ -1,36 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; - -public interface IAttributeBuilder { - public String getName(); - - public <ATT> ATT build(final IOAAuthParameters oaParam, final IAuthData authData, - final IAttributeGenerator<ATT> g) throws AttributeException; - - public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g); -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IAttributeGenerator.java deleted file mode 100644 index ecd67db64..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IAttributeGenerator.java +++ /dev/null @@ -1,40 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -public interface IAttributeGenerator<ATT> { - /** - * - * @param friendlyName FriendlyName - * @param name Name - * @param value value - * @return - */ - public abstract ATT buildStringAttribute(final String friendlyName, final String name, final String value); - - public abstract ATT buildIntegerAttribute(final String friendlyName, final String name, final int value); - - public abstract ATT buildLongAttribute(final String friendlyName, final String name, final long value); - - public abstract ATT buildEmptyAttribute(final String friendlyName, final String name); -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IPVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IPVPAttributeBuilder.java deleted file mode 100644 index dbb799256..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IPVPAttributeBuilder.java +++ /dev/null @@ -1,29 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; - -interface IPVPAttributeBuilder extends PVPConstants, IAttributeBuilder { - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java index ffb69c2dc..a40c0fefb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java @@ -28,40 +28,50 @@ import javax.xml.transform.TransformerException; import org.springframework.util.Base64Utils; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; +@PVPMETADATA public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_FULL_MANDATE_NAME; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - if (authData.isUseMandate()) { - //only provide full mandate if it is included. - //In case of federation only a short mandate could be include - if (authData.getMandate() != null) { - String fullMandate; - try { - fullMandate = DOMUtils.serializeNode(authData - .getMandate()); - return g.buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, - MANDATE_FULL_MANDATE_NAME, Base64Utils.encodeToString(fullMandate.getBytes())); - } catch (TransformerException e) { - Logger.error("Failed to generate Full Mandate", e); - } catch (IOException e) { - Logger.error("Failed to generate Full Mandate", e); + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData)authData).isUseMandate()) { + //only provide full mandate if it is included. + //In case of federation only a short mandate could be include + if (((IMOAAuthData)authData).getMandate() != null) { + String fullMandate; + try { + fullMandate = DOMUtils.serializeNode(((IMOAAuthData)authData) + .getMandate()); + return g.buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, + MANDATE_FULL_MANDATE_NAME, Base64Utils.encodeToString(fullMandate.getBytes())); + } catch (TransformerException e) { + Logger.error("Failed to generate Full Mandate", e); + } catch (IOException e) { + Logger.error("Failed to generate Full Mandate", e); + } } + throw new NoMandateDataAttributeException(); + } - throw new NoMandateDataAttributeException(); - } + } else + Logger.info(MANDATE_FULL_MANDATE_FRIENDLY_NAME + " is only available in MOA-ID context"); + return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java index f85fd7cae..67d9a356d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java @@ -26,50 +26,60 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@PVPMETADATA public class MandateLegalPersonFullNameAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_LEG_PER_FULL_NAME_NAME; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - if (authData.isUseMandate()) { - - //get PVP attribute directly, if exists - String fullName = authData.getGenericData(MANDATE_LEG_PER_FULL_NAME_NAME, String.class); - - if (MiscUtil.isEmpty(fullName)) { - Element mandate = authData.getMandate(); - if (mandate == null) { - throw new NoMandateDataAttributeException(); - - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if (mandateObject == null) { - throw new NoMandateDataAttributeException(); - + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData)authData).isUseMandate()) { + + //get PVP attribute directly, if exists + String fullName = authData.getGenericData(MANDATE_LEG_PER_FULL_NAME_NAME, String.class); + + if (MiscUtil.isEmpty(fullName)) { + Element mandate = ((IMOAAuthData)authData).getMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); + + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); + + } + CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); + if (corporation == null) { + Logger.info("No corporation mandate"); + throw new NoMandateDataAttributeException(); + + } + fullName = corporation.getFullName(); } - CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); - if (corporation == null) { - Logger.info("No corporation mandate"); - throw new NoMandateDataAttributeException(); - - } - fullName = corporation.getFullName(); + return g.buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, MANDATE_LEG_PER_FULL_NAME_NAME, + fullName); + } - return g.buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, MANDATE_LEG_PER_FULL_NAME_NAME, - fullName); - } + } else + Logger.info(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME + " is only available in MOA-ID context"); + return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java index 7e0815ab2..fc85e3413 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java @@ -26,27 +26,35 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@PVPMETADATA public class MandateLegalPersonSourcePinAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_LEG_PER_SOURCE_PIN_NAME; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - if(authData.isUseMandate()) { - return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, - MANDATE_LEG_PER_SOURCE_PIN_NAME, getLegalPersonIdentifierFromMandate(authData)); + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + if (authData instanceof IMOAAuthData) { + if(((IMOAAuthData)authData).isUseMandate()) { + return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_LEG_PER_SOURCE_PIN_NAME, getLegalPersonIdentifierFromMandate(((IMOAAuthData)authData))); - } + } + } else + Logger.info(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME + " is only available in MOA-ID context"); return null; @@ -57,7 +65,7 @@ public class MandateLegalPersonSourcePinAttributeBuilder implements IPVPAttribu } - protected String getLegalPersonIdentifierFromMandate(IAuthData authData) throws NoMandateDataAttributeException { + protected String getLegalPersonIdentifierFromMandate(IMOAAuthData authData) throws NoMandateDataAttributeException { //get PVP attribute directly, if exists String sourcePin = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java index 8b22acc01..e89d34e3d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java @@ -26,55 +26,65 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@PVPMETADATA public class MandateLegalPersonSourcePinTypeAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - if (authData.isUseMandate()) { - //get PVP attribute directly, if exists - String sourcePinType = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class); + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData)authData).isUseMandate()) { + //get PVP attribute directly, if exists + String sourcePinType = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class); + + if (MiscUtil.isEmpty(sourcePinType)) { + Element mandate = ((IMOAAuthData)authData).getMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); - if (MiscUtil.isEmpty(sourcePinType)) { - Element mandate = authData.getMandate(); - if (mandate == null) { - throw new NoMandateDataAttributeException(); - - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if (mandateObject == null) { - throw new NoMandateDataAttributeException(); - - } - CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); - if (corporation == null) { - Logger.info("No corporate mandate"); - throw new NoMandateDataAttributeException(); - - } - if (corporation.getIdentification().size() == 0) { - Logger.info("Failed to generate IdentificationType"); - throw new NoMandateDataAttributeException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); + + } + CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); + if (corporation == null) { + Logger.info("No corporate mandate"); + throw new NoMandateDataAttributeException(); + + } + if (corporation.getIdentification().size() == 0) { + Logger.info("Failed to generate IdentificationType"); + throw new NoMandateDataAttributeException(); + + } + sourcePinType = corporation.getIdentification().get(0).getType(); } - sourcePinType = corporation.getIdentification().get(0).getType(); + return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, + sourcePinType); } - return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, - sourcePinType); - } + } else + Logger.info(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME + " is only available in MOA-ID context"); + return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java index ad469921c..f67f79dcf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java @@ -27,30 +27,37 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; +@PVPMETADATA public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_NAT_PER_BPK_NAME; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - try { - Pair<String, String> calcResult = internalBPKGenerator(oaParam, authData); + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + try { + Pair<String, String> calcResult = internalBPKGenerator((IOAAuthParameters)oaParam, authData); if (calcResult != null) { String bpk = calcResult.getFirst(); String type = calcResult.getSecond(); @@ -87,7 +94,7 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui } } - catch (BuildException | ConfigurationException e) { + catch (BuildException | ConfigurationException | EAAFBuilderException e) { Logger.error("Failed to generate IdentificationType"); throw new NoMandateDataAttributeException(); @@ -101,49 +108,52 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME); } - protected Pair<String, String> internalBPKGenerator(IOAAuthParameters oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException { + protected Pair<String, String> internalBPKGenerator(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException { //get PVP attribute directly, if exists Pair<String, String> calcResult = null; - - if (authData.isUseMandate()) { - String bpk = authData.getGenericData(MANDATE_NAT_PER_BPK_NAME, String.class); - - if (MiscUtil.isEmpty(bpk)) { - //read bPK from mandate if it is not directly included - Element mandate = authData.getMandate(); - if (mandate == null) { - throw new NoMandateDataAttributeException(); - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if (mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); - if (physicalPerson == null) { - Logger.debug("No physicalPerson mandate"); - throw new NoMandateDataAttributeException(); - } - IdentificationType id = null; - id = physicalPerson.getIdentification().get(0); - if (id == null) { - Logger.info("Failed to generate IdentificationType"); - throw new NoMandateDataAttributeException(); - } - - - if (id.getType().equals(Constants.URN_PREFIX_BASEID)) - calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(), - oaParam.getAreaSpecificTargetIdentifier()); - else - calcResult = Pair.newInstance(id.getValue().getValue(), id.getType()); - + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData)authData).isUseMandate()) { + String bpk = authData.getGenericData(MANDATE_NAT_PER_BPK_NAME, String.class); - } else { - Logger.info("Find '" + MANDATE_NAT_PER_BPK_NAME + "' in AuthData. Use it what is is."); - calcResult = Pair.newInstance(bpk, null); + if (MiscUtil.isEmpty(bpk)) { + //read bPK from mandate if it is not directly included + Element mandate = ((IMOAAuthData)authData).getMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); + if (physicalPerson == null) { + Logger.debug("No physicalPerson mandate"); + throw new NoMandateDataAttributeException(); + } + IdentificationType id = null; + id = physicalPerson.getIdentification().get(0); + if (id == null) { + Logger.info("Failed to generate IdentificationType"); + throw new NoMandateDataAttributeException(); + } + + + if (id.getType().equals(Constants.URN_PREFIX_BASEID)) + calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(), + oaParam.getAreaSpecificTargetIdentifier()); + else + calcResult = Pair.newInstance(id.getValue().getValue(), id.getType()); + + } else { + Logger.info("Find '" + MANDATE_NAT_PER_BPK_NAME + "' in AuthData. Use it what is is."); + calcResult = Pair.newInstance(bpk, null); + + } } - } + + } else + Logger.info(MANDATE_NAT_PER_BPK_FRIENDLY_NAME + " is only available in MOA-ID context"); return calcResult; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java index ebba376f8..3ee184fb1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java @@ -31,23 +31,28 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.InvalidDateFormatAttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@PVPMETADATA public class MandateNaturalPersonBirthDateAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_NAT_PER_BIRTHDATE_NAME; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { String attrValue = internalAttributGeneration(oaParam, authData); if (attrValue != null) @@ -62,42 +67,45 @@ public class MandateNaturalPersonBirthDateAttributeBuilder implements IPVPAttrib } - protected String internalAttributGeneration(IOAAuthParameters oaParam, IAuthData authData) throws InvalidDateFormatAttributeException, NoMandateDataAttributeException { - if (authData.isUseMandate()) { + protected String internalAttributGeneration(ISPConfiguration oaParam, IAuthData authData) throws InvalidDateFormatAttributeException, NoMandateDataAttributeException { + if (((IMOAAuthData)authData).isUseMandate()) { //get PVP attribute directly, if exists String birthDayString = authData.getGenericData(MANDATE_NAT_PER_BIRTHDATE_NAME, String.class); if (MiscUtil.isEmpty(birthDayString)) { - //read bPK from mandate if it is not directly included - Element mandate = authData.getMandate(); - if (mandate == null) { - throw new NoMandateDataAttributeException(); - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if (mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); - if (physicalPerson == null) { - Logger.info("No physicalPerson mandate"); - throw new NoMandateDataAttributeException(); - } + if (authData instanceof IMOAAuthData) { + //read bPK from mandate if it is not directly included + Element mandate = ((IMOAAuthData)authData).getMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); + if (physicalPerson == null) { + Logger.info("No physicalPerson mandate"); + throw new NoMandateDataAttributeException(); + } - String dateOfBirth = physicalPerson.getDateOfBirth(); - try { - DateFormat mandateFormat = new SimpleDateFormat(MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT); - mandateFormat.setLenient(false); - Date date = mandateFormat.parse(dateOfBirth); - DateFormat pvpDateFormat = new SimpleDateFormat(MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN); - birthDayString = pvpDateFormat.format(date); + String dateOfBirth = physicalPerson.getDateOfBirth(); + try { + DateFormat mandateFormat = new SimpleDateFormat(MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT); + mandateFormat.setLenient(false); + Date date = mandateFormat.parse(dateOfBirth); + DateFormat pvpDateFormat = new SimpleDateFormat(MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN); + birthDayString = pvpDateFormat.format(date); - } - catch (ParseException e) { - Logger.warn("MIS mandate birthday has an incorrect formt. (Value:" + dateOfBirth, e); - throw new InvalidDateFormatAttributeException(); + } + catch (ParseException e) { + Logger.warn("MIS mandate birthday has an incorrect formt. (Value:" + dateOfBirth, e); + throw new InvalidDateFormatAttributeException(); - } + } + } else + Logger.info(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME + " is only available in MOA-ID context"); } else { try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java index 07e5c9d09..6dd669663 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java @@ -29,56 +29,66 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@PVPMETADATA public class MandateNaturalPersonFamilyNameAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_NAT_PER_FAMILY_NAME_NAME; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - if(authData.isUseMandate()) { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + if (authData instanceof IMOAAuthData) { + if(((IMOAAuthData)authData).isUseMandate()) { - //get PVP attribute directly, if exists - String familyName = authData.getGenericData(MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class); - - if (MiscUtil.isEmpty(familyName)) { - //read mandator familyName from mandate if it is not directly included - Element mandate = authData.getMandate(); - if(mandate == null) { - throw new NoMandateDataAttributeException(); - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if(mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); - if(physicalPerson == null) { - Logger.debug("No physicalPerson mandate"); - throw new NoMandateDataAttributeException(); - } - - StringBuilder sb = new StringBuilder(); - Iterator<FamilyName> fNamesit = physicalPerson.getName().getFamilyName().iterator(); + //get PVP attribute directly, if exists + String familyName = authData.getGenericData(MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class); - while(fNamesit.hasNext()) - sb.append(" " + fNamesit.next().getValue()); - - familyName = sb.toString(); + if (MiscUtil.isEmpty(familyName)) { + //read mandator familyName from mandate if it is not directly included + Element mandate = ((IMOAAuthData)authData).getMandate(); + if(mandate == null) { + throw new NoMandateDataAttributeException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAttributeException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); + if(physicalPerson == null) { + Logger.debug("No physicalPerson mandate"); + throw new NoMandateDataAttributeException(); + } + + StringBuilder sb = new StringBuilder(); + Iterator<FamilyName> fNamesit = physicalPerson.getName().getFamilyName().iterator(); + + while(fNamesit.hasNext()) + sb.append(" " + fNamesit.next().getValue()); + + familyName = sb.toString(); + + } + return g.buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, + MANDATE_NAT_PER_FAMILY_NAME_NAME, familyName); } - return g.buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, - MANDATE_NAT_PER_FAMILY_NAME_NAME, familyName); - } + } else + Logger.info(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME + " is only available in MOA-ID context"); + return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java index 51a3d2e74..3d661459a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java @@ -28,53 +28,62 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@PVPMETADATA public class MandateNaturalPersonGivenNameAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_NAT_PER_GIVEN_NAME_NAME; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - if (authData.isUseMandate()) { - //get PVP attribute directly, if exists - String givenName = authData.getGenericData(MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class); - - if (MiscUtil.isEmpty(givenName)) { - Element mandate = authData.getMandate(); - if (mandate == null) { - throw new NoMandateDataAttributeException(); - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if (mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); - if (physicalPerson == null) { - Logger.debug("No physicalPerson mandate"); - throw new NoMandateDataAttributeException(); - } + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData)authData).isUseMandate()) { + //get PVP attribute directly, if exists + String givenName = authData.getGenericData(MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class); - StringBuilder sb = new StringBuilder(); - Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator(); - - while (gNamesit.hasNext()) - sb.append(" " + gNamesit.next()); - - givenName = sb.toString(); + if (MiscUtil.isEmpty(givenName)) { + Element mandate = ((IMOAAuthData)authData).getMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); + if (physicalPerson == null) { + Logger.debug("No physicalPerson mandate"); + throw new NoMandateDataAttributeException(); + } + + StringBuilder sb = new StringBuilder(); + Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator(); + + while (gNamesit.hasNext()) + sb.append(" " + gNamesit.next()); + + givenName = sb.toString(); + + } + return g.buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_GIVEN_NAME_NAME, givenName); } - return g.buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_GIVEN_NAME_NAME, givenName); - } + } else + Logger.info(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME + " is only available in MOA-ID context"); return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java index 8be85415e..32b45a595 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java @@ -27,52 +27,62 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributePolicyException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.AttributePolicyException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; +@PVPMETADATA public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_NAT_PER_SOURCE_PIN_NAME; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - if(authData.isUseMandate()) { - Element mandate = authData.getMandate(); - if(mandate == null) { - throw new NoMandateDataAttributeException(); - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if(mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - PhysicalPersonType physicalPerson = mandateObject.getMandator() - .getPhysicalPerson(); - if (physicalPerson == null) { - Logger.debug("No physicalPerson mandate"); - throw new NoMandateDataAttributeException(); - } - IdentificationType id = null; - id = physicalPerson.getIdentification().get(0); - - if(authData.isBaseIDTransferRestrication()) { - throw new AttributePolicyException(this.getName()); - } - - if(id == null) { - Logger.info("Failed to generate IdentificationType"); - throw new NoMandateDataAttributeException(); + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + if (authData instanceof IMOAAuthData) { + if(((IMOAAuthData)authData).isUseMandate()) { + Element mandate = ((IMOAAuthData)authData).getMandate(); + if(mandate == null) { + throw new NoMandateDataAttributeException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAttributeException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator() + .getPhysicalPerson(); + if (physicalPerson == null) { + Logger.debug("No physicalPerson mandate"); + throw new NoMandateDataAttributeException(); + } + IdentificationType id = null; + id = physicalPerson.getIdentification().get(0); + + if(authData.isBaseIDTransferRestrication()) { + throw new AttributePolicyException(this.getName()); + } + + if(id == null) { + Logger.info("Failed to generate IdentificationType"); + throw new NoMandateDataAttributeException(); + } + + return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue()); } - return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME, - MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue()); - } + } else + Logger.info(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME + " is only available in MOA-ID context"); + return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java index d89ae0225..90a0d61c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java @@ -27,46 +27,56 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; +@PVPMETADATA public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - if(authData.isUseMandate()) { - Element mandate = authData.getMandate(); - if(mandate == null) { - throw new NoMandateDataAttributeException(); - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if(mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - PhysicalPersonType physicalPerson = mandateObject.getMandator() - .getPhysicalPerson(); - if (physicalPerson == null) { - Logger.debug("No physicalPerson mandate"); - throw new NoMandateDataAttributeException(); - } - IdentificationType id = null; - id = physicalPerson.getIdentification().get(0); - if(id == null) { - Logger.info("Failed to generate IdentificationType"); - throw new NoMandateDataAttributeException(); - } - - return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, - MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType()); - } + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + if (authData instanceof IMOAAuthData) { + if(((IMOAAuthData)authData).isUseMandate()) { + Element mandate = ((IMOAAuthData)authData).getMandate(); + if(mandate == null) { + throw new NoMandateDataAttributeException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAttributeException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator() + .getPhysicalPerson(); + if (physicalPerson == null) { + Logger.debug("No physicalPerson mandate"); + throw new NoMandateDataAttributeException(); + } + IdentificationType id = null; + id = physicalPerson.getIdentification().get(0); + if(id == null) { + Logger.info("Failed to generate IdentificationType"); + throw new NoMandateDataAttributeException(); + } + + return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, + MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType()); + } + + } else + Logger.info(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME + " is only available in MOA-ID context"); + return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java index b7d21f903..9c42f14e4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java @@ -25,58 +25,69 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@PVPMETADATA public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_PROF_REP_DESC_NAME; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - if(authData.isUseMandate()) { - String profRepName = authData.getGenericData(MANDATE_PROF_REP_DESC_NAME, String.class); - - if (MiscUtil.isEmpty(profRepName)) { - IMISMandate misMandate = authData.getMISMandate(); - - if(misMandate == null) { - throw new NoMandateDataAttributeException(); - } - - profRepName = misMandate.getTextualDescriptionOfOID(); + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + if (authData instanceof IMOAAuthData) { + if(((IMOAAuthData)authData).isUseMandate()) { + String profRepName = authData.getGenericData(MANDATE_PROF_REP_DESC_NAME, String.class); - //only read textual prof. rep. OID describtion from mandate annotation - // if also OID exists - if (MiscUtil.isEmpty(profRepName) - && MiscUtil.isNotEmpty(misMandate.getProfRep())) { - Element mandate = authData.getMandate(); - if (mandate == null) { + if (MiscUtil.isEmpty(profRepName)) { + IMISMandate misMandate = ((IMOAAuthData)authData).getMISMandate(); + + if(misMandate == null) { throw new NoMandateDataAttributeException(); } - Mandate mandateObject = MandateBuilder.buildMandate(authData.getMandate()); - if (mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - - profRepName = mandateObject.getAnnotation(); + profRepName = misMandate.getTextualDescriptionOfOID(); + + //only read textual prof. rep. OID describtion from mandate annotation + // if also OID exists + if (MiscUtil.isEmpty(profRepName) + && MiscUtil.isNotEmpty(misMandate.getProfRep())) { + Element mandate = ((IMOAAuthData)authData).getMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(((IMOAAuthData)authData).getMandate()); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); + } + + profRepName = mandateObject.getAnnotation(); + + } } + + if(MiscUtil.isNotEmpty(profRepName)) + return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, + MANDATE_PROF_REP_DESC_NAME, profRepName); + } - if(MiscUtil.isNotEmpty(profRepName)) - return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, - MANDATE_PROF_REP_DESC_NAME, profRepName); - - } + } else + Logger.info(MANDATE_PROF_REP_DESC_FRIENDLY_NAME + " is only available in MOA-ID context"); + return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java index 04de3288a..c7f9ace31 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java @@ -22,40 +22,51 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@PVPMETADATA public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_PROF_REP_OID_NAME; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - if (authData.isUseMandate()) { - String profRepOID = authData.getGenericData(MANDATE_PROF_REP_OID_NAME, String.class); - - if (MiscUtil.isEmpty(profRepOID)) { - IMISMandate mandate = authData.getMISMandate(); - if (mandate == null) { - throw new NoMandateDataAttributeException(); + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData)authData).isUseMandate()) { + String profRepOID = authData.getGenericData(MANDATE_PROF_REP_OID_NAME, String.class); + + if (MiscUtil.isEmpty(profRepOID)) { + IMISMandate mandate = ((IMOAAuthData)authData).getMISMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); + } + + profRepOID = mandate.getProfRep(); + } - - profRepOID = mandate.getProfRep(); + + if(MiscUtil.isEmpty(profRepOID)) + return null; + else + return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, profRepOID); } - - if(MiscUtil.isEmpty(profRepOID)) - return null; - else - return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, profRepOID); - } + } else + Logger.info(MANDATE_PROF_REP_OID_FRIENDLY_NAME + " is only available in MOA-ID context"); + return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java index 5ad562ffa..3ceebcd4c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java @@ -22,24 +22,34 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.logging.Logger; +@PVPMETADATA public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_REFERENCE_VALUE_NAME; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - if (authData.isUseMandate()) { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData)authData).isUseMandate()) { + + return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME, + ((IMOAAuthData)authData).getMandateReferenceValue()); + } + + } else + Logger.info(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME + " is only available in MOA-ID context"); - return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME, - authData.getMandateReferenceValue()); - } return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java index a531e31fc..0f9995ab1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java @@ -25,42 +25,53 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@PVPMETADATA public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_TYPE_NAME; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - if (authData.isUseMandate()) { - //get PVP attribute directly, if exists - String mandateType = authData.getGenericData(MANDATE_TYPE_NAME, String.class); - - if (MiscUtil.isEmpty(mandateType)) { - Element mandate = authData.getMandate(); - if (mandate == null) { - throw new NoMandateDataAttributeException(); + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData)authData).isUseMandate()) { + //get PVP attribute directly, if exists + String mandateType = authData.getGenericData(MANDATE_TYPE_NAME, String.class); + + if (MiscUtil.isEmpty(mandateType)) { + Element mandate = ((IMOAAuthData)authData).getMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); + + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); + + } + mandateType = mandateObject.getAnnotation(); } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if (mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - mandateType = mandateObject.getAnnotation(); - + return g.buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateType); } - - return g.buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateType); - } + + } else + Logger.info(MANDATE_TYPE_FRIENDLY_NAME + " is only available in MOA-ID context"); + return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java index b967ad42c..76992af39 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java @@ -22,32 +22,42 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@PVPMETADATA public class MandateTypeOIDAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_TYPE_OID_NAME; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - if (authData.isUseMandate()) { - //get PVP attribute directly, if exists - String mandateType = authData.getGenericData(MANDATE_TYPE_OID_NAME, String.class); - - if (MiscUtil.isEmpty(mandateType)) { - Logger.info("MIS Mandate does not include 'Mandate-Type OID'."); - return null; + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData)authData).isUseMandate()) { + //get PVP attribute directly, if exists + String mandateType = authData.getGenericData(MANDATE_TYPE_OID_NAME, String.class); + if (MiscUtil.isEmpty(mandateType)) { + Logger.info("MIS Mandate does not include 'Mandate-Type OID'."); + return null; + + } + + return g.buildStringAttribute(MANDATE_TYPE_OID_FRIENDLY_NAME, MANDATE_TYPE_OID_NAME, mandateType); } - - return g.buildStringAttribute(MANDATE_TYPE_OID_FRIENDLY_NAME, MANDATE_TYPE_OID_NAME, mandateType); - } + + } else + Logger.info(MANDATE_TYPE_OID_FRIENDLY_NAME + " is only available in MOA-ID context"); + return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PVPVersionAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PVPVersionAttributeBuilder.java deleted file mode 100644 index 285a6977f..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PVPVersionAttributeBuilder.java +++ /dev/null @@ -1,45 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; - -public class PVPVersionAttributeBuilder implements IPVPAttributeBuilder { - - public String getName() { - return PVP_VERSION_NAME; - } - - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - return g.buildStringAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME, PVP_VERSION_2_1); - } - - public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { - return g.buildEmptyAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PrincipalNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PrincipalNameAttributeBuilder.java deleted file mode 100644 index b2465b5c1..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PrincipalNameAttributeBuilder.java +++ /dev/null @@ -1,45 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; - -public class PrincipalNameAttributeBuilder implements IPVPAttributeBuilder { - - public String getName() { - return PRINCIPAL_NAME_NAME; - } - - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - return g.buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authData.getFamilyName()); - } - - public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { - return g.buildEmptyAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java index 72691a034..e98e1cb78 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java @@ -37,36 +37,53 @@ import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.core.AttributeQuery; import org.opensaml.saml2.core.Response; import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.soap.common.SOAPException; +import org.opensaml.xml.XMLObject; import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.AuthResponseBuilder; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.PVP2AssertionBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.SoapBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.data.Trible; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; +import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz @@ -76,12 +93,17 @@ import at.gv.egovernment.moa.logging.Logger; public class AttributQueryAction implements IAction { @Autowired private IAuthenticationSessionStoreage authenticationSessionStorage; - @Autowired private AuthenticationDataBuilder authDataBuilder; + @Autowired private IAuthenticationDataBuilder authDataBuilder; @Autowired private IDPCredentialProvider pvpCredentials; @Autowired private AuthConfiguration authConfig; @Autowired(required=true) private MOAMetadataProvider metadataProvider; @Autowired(required=true) ApplicationContext springContext; + @Autowired private AttributQueryBuilder attributQueryBuilder; + @Autowired private SAMLVerificationEngineSP samlVerificationEngine; + @Autowired(required=true) IPVP2BasicConfiguration pvpBasicConfiguration; + @Autowired(required=true) PVP2AssertionBuilder assertionBuilder; + private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList( new String[]{PVPConstants.EID_STORK_TOKEN_NAME}); @@ -97,11 +119,11 @@ public class AttributQueryAction implements IAction { @Override public SLOInformationInterface processRequest(IRequest pendingReq, HttpServletRequest httpReq, HttpServletResponse httpResp, - IAuthData authData) throws MOAIDException { + IAuthData authData) throws EAAFException { - if (pendingReq instanceof PVPTargetConfiguration && - ((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest && - ((MOARequest)((PVPTargetConfiguration) pendingReq).getRequest()).getSamlRequest() instanceof AttributeQuery) { + if (pendingReq instanceof PVPSProfilePendingRequest && + ((PVPSProfilePendingRequest) pendingReq).getRequest() instanceof PVPSProfileRequest && + ((PVPSProfileRequest)((PVPSProfilePendingRequest) pendingReq).getRequest()).getSamlRequest() instanceof AttributeQuery) { //set time reference DateTime date = new DateTime(); @@ -116,10 +138,10 @@ public class AttributQueryAction implements IAction { } InterfederationSessionStore nextIDPInformation = - authenticationSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(moaSession.getSessionID()); + authenticationSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(moaSession.getSSOSessionID()); AttributeQuery attrQuery = - (AttributeQuery)((MOARequest)((PVPTargetConfiguration) pendingReq).getRequest()).getSamlRequest(); + (AttributeQuery)((PVPSProfileRequest)((PVPSProfilePendingRequest) pendingReq).getRequest()).getSamlRequest(); //build PVP 2.1 response-attribute information for this AttributQueryRequest Trible<List<Attribute>, Date, String> responseInfo = @@ -131,10 +153,9 @@ public class AttributQueryAction implements IAction { //build PVP 2.1 assertion - String issuerEntityID = PVPConfiguration.getInstance().getIDPSSOMetadataService( - pendingReq.getAuthURL()); + String issuerEntityID = pvpBasicConfiguration.getIDPEntityId(pendingReq.getAuthURL()); - Assertion assertion = PVP2AssertionBuilder.buildAssertion(issuerEntityID, + Assertion assertion = assertionBuilder.buildAssertion(issuerEntityID, attrQuery, responseInfo.getFirst(), date, new DateTime(responseInfo.getSecond().getTime()), responseInfo.getThird(), authData.getSessionIndex()); @@ -184,39 +205,42 @@ public class AttributQueryAction implements IAction { */ @Override public String getDefaultActionName() { - return PVP2XProtocol.ATTRIBUTEQUERY; + return at.gv.egiz.eaaf.modules.pvp2.PVPConstants.ATTRIBUTEQUERY; } private Trible<List<Attribute>, Date, String> buildResponseInformationForAttributQuery(IRequest pendingReq, - AuthenticationSession session, List<Attribute> reqAttributes, InterfederationSessionStore nextIDPInformation) throws MOAIDException { + AuthenticationSession session, List<Attribute> reqAttributes, InterfederationSessionStore nextIDPInformation) throws MOAIDException, AssertionAttributeExtractorExeption, AttributQueryException, AssertionValidationExeption { try { //mark AttributeQuery as used if it exists - if ( pendingReq instanceof PVPTargetConfiguration && - ((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest && - ((PVPTargetConfiguration) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) { + if ( pendingReq instanceof PVPSProfileRequest && + ((PVPSProfilePendingRequest) pendingReq).getRequest() instanceof PVPSProfileRequest && + ((PVPSProfilePendingRequest) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) { - authenticationSessionStorage.markOAWithAttributeQueryUsedFlag(session, pendingReq.getOAURL(), pendingReq.requestedModule()); + authenticationSessionStorage.markOAWithAttributeQueryUsedFlag(session, pendingReq.getSPEntityId(), pendingReq.requestedModule()); } //build OnlineApplication dynamic from requested attributes (AttributeQuerry Request) and configuration IOAAuthParameters spConfig = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(reqAttributes); - //search federated IDP information for this MOASession + //search federated IDP information for this MOASession if (nextIDPInformation != null) { Logger.info("Find active federated IDP information." + ". --> Request next IDP:" + nextIDPInformation.getIdpurlprefix() + " for authentication information."); //load configuration of next IDP - IOAAuthParameters idpLoaded = authConfig.getOnlineApplicationParameter(nextIDPInformation.getIdpurlprefix()); - if (idpLoaded == null || !(idpLoaded instanceof OAAuthParameter)) { + IOAAuthParameters idpLoaded = + authConfig.getServiceProviderConfiguration( + nextIDPInformation.getIdpurlprefix(), + OAAuthParameterDecorator.class); + if (idpLoaded == null || !(idpLoaded instanceof IOAAuthParameters)) { Logger.warn("Configuration for federated IDP:" + nextIDPInformation.getIdpurlprefix() + "is not loadable."); throw new MOAIDException("auth.32", new Object[]{nextIDPInformation.getIdpurlprefix()}); } - OAAuthParameter idp = (OAAuthParameter) idpLoaded; + IOAAuthParameters idp = idpLoaded; //check if next IDP config allows inbound messages if (!idp.isInboundSSOInterfederationAllowed()) { @@ -227,7 +251,7 @@ public class AttributQueryAction implements IAction { } //check next IDP service area policy. BusinessService IDPs can only request wbPKs - if (!spConfig.hasBaseIdTransferRestriction() && !idp.isIDPPublicService()) { + if (!spConfig.hasBaseIdTransferRestriction() && idp.hasBaseIdTransferRestriction()) { Logger.error("Interfederated IDP " + idp.getPublicURLPrefix() + " is a BusinessService-IDP but requests PublicService attributes."); throw new MOAIDException("auth.34", new Object[]{nextIDPInformation.getIdpurlprefix()}); @@ -235,8 +259,12 @@ public class AttributQueryAction implements IAction { } //validation complete --> start AttributeQuery Request - AssertionAttributeExtractor extractor = authDataBuilder.getAuthDataFromAttributeQuery(reqAttributes, - nextIDPInformation.getUserNameID(), idp); + /*TODO: + * 'pendingReq.getAuthURL() + "/sp/federated/metadata"' is implemented in federated_authentication module + * but used in moa-id-lib. This should be refactored!!! + */ + AssertionAttributeExtractor extractor = getAuthDataFromAttributeQuery(reqAttributes, + nextIDPInformation.getUserNameID(), idp, pendingReq.getAuthURL() + "/sp/federated/metadata"); //mark attribute request as used if (nextIDPInformation.isStoreSSOInformation()) { @@ -258,7 +286,7 @@ public class AttributQueryAction implements IAction { } else { Logger.debug("Build authData for AttributQuery from local MOASession."); - IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq, session, spConfig); + IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq); //add default attributes in case of mandates or STORK is in use List<String> attrList = addDefaultAttributes(reqAttributes, authData); @@ -266,12 +294,19 @@ public class AttributQueryAction implements IAction { //build Set of response attributes List<Attribute> respAttr = PVPAttributeBuilder.buildSetOfResponseAttributes(authData, attrList); - return Trible.newInstance(respAttr, authData.getSsoSessionValidTo(), authData.getQAALevel()); + return Trible.newInstance(respAttr, authData.getSsoSessionValidTo(), authData.getEIDASQAALevel()); } } catch (MOAIDException e) { throw e; + + } catch (EAAFAuthenticationException e) { + throw new MOAIDException(e.getErrorId(), e.getParams(), e); + + } catch (EAAFConfigurationException e) { + throw new MOAIDException(e.getErrorId(), e.getParams(), e); + } } @@ -303,7 +338,8 @@ public class AttributQueryAction implements IAction { } //add default mandate attributes if it is a authentication with mandates - if (authData.isUseMandate() && !reqAttributeNames.containsAll(DEFAULTMANDATEATTRIBUTES)) { + if (authData instanceof IMOAAuthData) + if (((IMOAAuthData)authData).isUseMandate() && !reqAttributeNames.containsAll(DEFAULTMANDATEATTRIBUTES)) { for (String el : DEFAULTMANDATEATTRIBUTES) { if (!reqAttributeNames.contains(el)) reqAttributeNames.add(el); @@ -313,4 +349,78 @@ public class AttributQueryAction implements IAction { return reqAttributeNames; } + /** + * Get PVP authentication attributes by using a SAML2 AttributeQuery + * + * @param reqQueryAttr List of PVP attributes which are requested + * @param userNameID SAML2 UserNameID of the user for which attributes are requested + * @param idpConfig Configuration of the IDP, which is requested + * @return + * @return PVP attribute DAO, which contains all received information + * @throws MOAIDException + * @throws AttributQueryException + * @throws AssertionValidationExeption + */ + public AssertionAttributeExtractor getAuthDataFromAttributeQuery(List<Attribute> reqQueryAttr, + String userNameID, IOAAuthParameters idpConfig, String spEntityID) throws MOAIDException, AttributQueryException, AssertionValidationExeption{ + String idpEnityID = idpConfig.getPublicURLPrefix(); + + try { + Logger.debug("Starting AttributeQuery process ..."); + //collect attributes by using BackChannel communication + String endpoint = idpConfig.getIDPAttributQueryServiceURL(); + if (MiscUtil.isEmpty(endpoint)) { + Logger.error("No AttributeQueryURL for interfederationIDP " + idpEnityID); + throw new ConfigurationException("config.26", new Object[]{idpEnityID}); + + } + + //build attributQuery request + AttributeQuery query = attributQueryBuilder.buildAttributQueryRequest(spEntityID, userNameID, endpoint, reqQueryAttr); + + //build SOAP request + List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query); + + if (xmlObjects.size() == 0) { + Logger.error("Receive emptry AttributeQuery response-body."); + throw new AttributQueryException("auth.27", + new Object[]{idpEnityID, "Receive emptry AttributeQuery response-body."}); + + } + + Response intfResp; + if (xmlObjects.get(0) instanceof Response) { + intfResp = (Response) xmlObjects.get(0); + + //validate PVP 2.1 response + try { + samlVerificationEngine.verifyIDPResponse(intfResp, + TrustEngineFactory.getSignatureKnownKeysTrustEngine( + metadataProvider)); + + //create assertion attribute extractor from AttributeQuery response + return new AssertionAttributeExtractor(intfResp); + + } catch (Exception e) { + Logger.warn("PVP 2.1 assertion validation FAILED.", e); + throw new AssertionValidationExeption("auth.27", + new Object[]{idpEnityID, e.getMessage()}, e); + } + + } else { + Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response"); + throw new AttributQueryException("auth.27", + new Object[]{idpEnityID, "Receive AttributeQuery response-body include no PVP 2.1 response"}); + + } + + } catch (SOAPException e) { + throw new BuildException("builder.06", null, e); + + } catch (SecurityException e) { + throw new BuildException("builder.06", null, e); + + } + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java deleted file mode 100644 index 9d60ae4b2..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java +++ /dev/null @@ -1,151 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.joda.time.DateTime; -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.core.Assertion; -import org.opensaml.saml2.core.AuthnRequest; -import org.opensaml.saml2.core.Response; -import org.opensaml.saml2.metadata.AssertionConsumerService; -import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.ws.message.encoder.MessageEncodingException; -import org.opensaml.xml.security.SecurityException; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.stereotype.Service; - -import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; -import at.gv.egovernment.moa.logging.Logger; - -@Service("PVPAuthenticationRequestAction") -public class AuthenticationAction implements IAction { - @Autowired IDPCredentialProvider pvpCredentials; - @Autowired AuthConfiguration authConfig; - @Autowired(required=true) private MOAMetadataProvider metadataProvider; - @Autowired(required=true) ApplicationContext springContext; - - public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, - HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { - - PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req; - - //get basic information - MOARequest moaRequest = (MOARequest) pvpRequest.getRequest(); - AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest(); - EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider); - - AssertionConsumerService consumerService = - SAML2Utils.createSAMLObject(AssertionConsumerService.class); - consumerService.setBinding(pvpRequest.getBinding()); - consumerService.setLocation(pvpRequest.getConsumerURL()); - - DateTime date = new DateTime(); - - SLOInformationImpl sloInformation = new SLOInformationImpl(); - - //change to entity value from entity name to IDP EntityID (URL) -// String issuerEntityID = pvpRequest.getAuthURL(); -// if (issuerEntityID.endsWith("/")) -// issuerEntityID = issuerEntityID.substring(0, issuerEntityID.length()-1); - - String issuerEntityID = PVPConfiguration.getInstance().getIDPSSOMetadataService( - pvpRequest.getAuthURL()); - - //build Assertion - Assertion assertion = PVP2AssertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData, - peerEntity, date, consumerService, sloInformation); - - Response authResponse = AuthResponseBuilder.buildResponse( - metadataProvider, issuerEntityID, authnRequest, - date, assertion, authConfig.isPVP2AssertionEncryptionActive()); - - IEncoder binding = null; - - if (consumerService.getBinding().equals( - SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class); - - } else if (consumerService.getBinding().equals( - SAMLConstants.SAML2_POST_BINDING_URI)) { - binding = springContext.getBean("PVPPOSTBinding", PostBinding.class); - - } - - if (binding == null) { - throw new BindingNotSupportedException(consumerService.getBinding()); - } - - try { - binding.encodeRespone(httpReq, httpResp, authResponse, - consumerService.getLocation(), moaRequest.getRelayState(), - pvpCredentials.getIDPAssertionSigningCredential(), req); - - //set protocol type - sloInformation.setProtocolType(req.requestedModule()); - sloInformation.setSpEntityID(req.getOnlineApplicationConfiguration().getPublicURLPrefix()); - return sloInformation; - - } catch (MessageEncodingException e) { - Logger.error("Message Encoding exception", e); - throw new MOAIDException("pvp2.01", null, e); - - } catch (SecurityException e) { - Logger.error("Security exception", e); - throw new MOAIDException("pvp2.01", null, e); - - } - - } - - public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, - HttpServletResponse httpResp) { - return true; - } - - public String getDefaultActionName() { - return "PVPAuthenticationRequestAction"; - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java deleted file mode 100644 index 851f47a68..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ /dev/null @@ -1,93 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; - -import com.google.common.net.MediaType; - -import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IDPPVPMetadataConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; -import at.gv.egovernment.moa.logging.Logger; - -@Service("pvpMetadataService") -public class MetadataAction implements IAction { - - - - @Autowired private MOAReversionLogger revisionsLogger; - @Autowired private IDPCredentialProvider credentialProvider; - @Autowired private PVPMetadataBuilder metadatabuilder; - - public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, - HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { - try { - revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA); - - //build metadata - IPVPMetadataBuilderConfiguration metadataConfig = - new IDPPVPMetadataConfiguration(req.getAuthURLWithOutSlash(), credentialProvider); - - String metadataXML = metadatabuilder.buildPVPMetadata(metadataConfig); - Logger.debug("METADATA: " + metadataXML); - - byte[] content = metadataXML.getBytes("UTF-8"); - httpResp.setStatus(HttpServletResponse.SC_OK); - httpResp.setContentLength(content.length); - httpResp.setContentType(MediaType.XML_UTF_8.toString()); - httpResp.getOutputStream().write(content); - return null; - - } catch (Exception e) { - Logger.error("Failed to generate metadata", e); - throw new MOAIDException("pvp2.13", null); - } - } - - public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, - HttpServletResponse httpResp) { - return false; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName() - */ - @Override - public String getDefaultActionName() { - return "IDP - PVP Metadata action"; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 4369a469a..5c71852f2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -22,6 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x; +import java.net.MalformedURLException; +import java.net.URL; import java.util.Arrays; import java.util.List; @@ -29,92 +31,54 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; -import org.joda.time.DateTime; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.AttributeQuery; -import org.opensaml.saml2.core.AuthnRequest; -import org.opensaml.saml2.core.Issuer; import org.opensaml.saml2.core.LogoutRequest; import org.opensaml.saml2.core.LogoutResponse; -import org.opensaml.saml2.core.NameID; -import org.opensaml.saml2.core.Response; -import org.opensaml.saml2.core.Status; -import org.opensaml.saml2.core.StatusCode; -import org.opensaml.saml2.core.StatusMessage; -import org.opensaml.saml2.core.impl.AuthnRequestImpl; -import org.opensaml.saml2.metadata.AssertionConsumerService; -import org.opensaml.saml2.metadata.AttributeConsumingService; import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.ws.security.SecurityPolicyException; import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.x509.X509Credential; -import org.opensaml.xml.signature.SignableXMLObject; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; +import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityLogAdapter; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException; +import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.AbstractPVP2XProtocol; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.SoapBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityLogAdapter; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; -import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; -import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; -import at.gv.egovernment.moa.id.util.ErrorResponseUtils; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; - + @Controller -public class PVP2XProtocol extends AbstractAuthProtocolModulController { +public class PVP2XProtocol extends AbstractPVP2XProtocol { - @Autowired IDPCredentialProvider pvpCredentials; - @Autowired SAMLVerificationEngineSP samlVerificationEngine; - @Autowired(required=true) private MOAMetadataProvider metadataProvider; + @Autowired(required=true) AuthConfiguration moaAuthConfig; + @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage; public static final String NAME = PVP2XProtocol.class.getName(); - public static final String PATH = "id_pvp2x"; + public static final String PATH = "id_pvp2-sprofile"; - public static final String REDIRECT = "Redirect"; - public static final String POST = "Post"; - public static final String SOAP = "Soap"; - public static final String METADATA = "Metadata"; - public static final String ATTRIBUTEQUERY = "AttributeQuery"; - public static final String SINGLELOGOUT = "SingleLogOut"; public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList( new String[] { @@ -130,202 +94,68 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { return NAME; } - public String getPath() { + public String getAuthProtocolIdentifier() { return PATH; } public PVP2XProtocol() { super(); - } + } //PVP2.x metadata end-point - @RequestMapping(value = "/pvp2/metadata", method = {RequestMethod.POST, RequestMethod.GET}) - public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { - if (!authConfig.getAllowedProtocols().isPVP21Active()) { + @RequestMapping(value = PVPConfiguration.PVP2_METADATA, method = {RequestMethod.POST, RequestMethod.GET}) + public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException { + if (!moaAuthConfig.getAllowedProtocols().isPVP21Active()) { Logger.info("PVP2.1 is deaktivated!"); throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); } - //create pendingRequest object - PVPTargetConfiguration pendingReq = applicationContext.getBean(PVPTargetConfiguration.class); - pendingReq.initialize(req); - pendingReq.setModule(NAME); - revisionsLogger.logEvent( - pendingReq.getUniqueSessionIdentifier(), - pendingReq.getUniqueTransactionIdentifier(), - MOAIDEventConstants.TRANSACTION_IP, - req.getRemoteAddr()); - - MetadataAction metadataAction = applicationContext.getBean(MetadataAction.class); - metadataAction.processRequest(pendingReq, - req, resp, null); + super.pvpMetadataRequest(req, resp); } //PVP2.x IDP POST-Binding end-point - @RequestMapping(value = "/pvp2/post", method = {RequestMethod.POST}) - public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { - if (!authConfig.getAllowedProtocols().isPVP21Active()) { + @RequestMapping(value = PVPConfiguration.PVP2_IDP_POST, method = {RequestMethod.POST}) + public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException { + if (!moaAuthConfig.getAllowedProtocols().isPVP21Active()) { Logger.info("PVP2.1 is deaktivated!"); throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); } - PVPTargetConfiguration pendingReq = null; - - try { - //create pendingRequest object - pendingReq = applicationContext.getBean(PVPTargetConfiguration.class); - pendingReq.initialize(req); - pendingReq.setModule(NAME); - - revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); - revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier()); - revisionsLogger.logEvent( - pendingReq.getUniqueSessionIdentifier(), - pendingReq.getUniqueTransactionIdentifier(), - MOAIDEventConstants.TRANSACTION_IP, - req.getRemoteAddr()); - - //get POST-Binding decoder implementation - InboundMessage msg = (InboundMessage) new PostBinding().decode( - req, resp, metadataProvider, false, - new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(pendingReq.getAuthURL()))); - pendingReq.setRequest(msg); - - //preProcess Message - preProcess(req, resp, pendingReq); + super.PVPIDPPostRequest(req, resp); - } catch (SecurityPolicyException e) { - String samlRequest = req.getParameter("SAMLRequest"); - Logger.warn("Receive INVALID protocol request: " + samlRequest, e); - - //write revision log entries - if (pendingReq != null) - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); - - throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); - - } catch (SecurityException e) { - String samlRequest = req.getParameter("SAMLRequest"); - Logger.warn("Receive INVALID protocol request: " + samlRequest, e); - - //write revision log entries - if (pendingReq != null) - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); - - throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); - - } catch (MOAIDException e) { - - //write revision log entries - if (pendingReq != null) - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); - - throw e; - - } catch (Throwable e) { - String samlRequest = req.getParameter("SAMLRequest"); - Logger.warn("Receive INVALID protocol request: " + samlRequest, e); - - //write revision log entries - if (pendingReq != null) - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); - - throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()}); - } } //PVP2.x IDP Redirect-Binding end-point - @RequestMapping(value = "/pvp2/redirect", method = {RequestMethod.GET}) - public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { + @RequestMapping(value = PVPConfiguration.PVP2_IDP_REDIRECT, method = {RequestMethod.GET}) + public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException { if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) { Logger.info("PVP2.1 is deaktivated!"); throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); } - PVPTargetConfiguration pendingReq = null; - try { - //create pendingRequest object - pendingReq = applicationContext.getBean(PVPTargetConfiguration.class); - pendingReq.initialize(req); - pendingReq.setModule(NAME); - - revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); - revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier()); - revisionsLogger.logEvent( - pendingReq.getUniqueSessionIdentifier(), - pendingReq.getUniqueTransactionIdentifier(), - MOAIDEventConstants.TRANSACTION_IP, - req.getRemoteAddr()); - - //get POST-Binding decoder implementation - InboundMessage msg = (InboundMessage) new RedirectBinding().decode( - req, resp, metadataProvider, false, - new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService(pendingReq.getAuthURL()))); - pendingReq.setRequest(msg); - - //preProcess Message - preProcess(req, resp, pendingReq); - - } catch (SecurityPolicyException e) { - String samlRequest = req.getParameter("SAMLRequest"); - Logger.warn("Receive INVALID protocol request: " + samlRequest, e); - - //write revision log entries - if (pendingReq != null) - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); - - throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); - - } catch (SecurityException e) { - String samlRequest = req.getParameter("SAMLRequest"); - Logger.warn("Receive INVALID protocol request: " + samlRequest, e); - - //write revision log entries - if (pendingReq != null) - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); - - throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); - - } catch (MOAIDException e) { - String samlRequest = req.getParameter("SAMLRequest"); - Logger.info("Receive INVALID protocol request: " + samlRequest); - - //write revision log entries - if (pendingReq != null) - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); - - throw e; - - } catch (Throwable e) { - String samlRequest = req.getParameter("SAMLRequest"); - Logger.warn("Receive INVALID protocol request: " + samlRequest, e); - - //write revision log entries - if (pendingReq != null) - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); - - throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()}); - } + + super.PVPIDPRedirecttRequest(req, resp); + } //PVP2.x IDP SOAP-Binding end-point @RequestMapping(value = "/pvp2/soap", method = {RequestMethod.POST}) - public void PVPIDPSOAPRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { - if (!authConfig.getAllowedProtocols().isPVP21Active()) { - Logger.info("PVP2.1 is deaktivated!"); - throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); - - } + public void PVPIDPSOAPRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException { +// if (!authConfig.getAllowedProtocols().isPVP21Active()) { +// Logger.info("PVP2.1 is deaktivated!"); +// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!"); +// +// } - PVPTargetConfiguration pendingReq = null; + PVPSProfilePendingRequest pendingReq = null; try { //create pendingRequest object - pendingReq = applicationContext.getBean(PVPTargetConfiguration.class); - pendingReq.initialize(req); + pendingReq = applicationContext.getBean(PVPSProfilePendingRequest.class); + pendingReq.initialize(req, authConfig); pendingReq.setModule(NAME); revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); @@ -339,7 +169,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { //get POST-Binding decoder implementation InboundMessage msg = (InboundMessage) new SoapBinding().decode( req, resp, metadataProvider, false, - new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(pendingReq.getAuthURL()))); + new EAAFURICompare(pvpBasicConfiguration.getIDPSSOPostService(pendingReq.getAuthURL()))); pendingReq.setRequest(msg); //preProcess Message @@ -385,157 +215,27 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { } - - private void preProcess(HttpServletRequest request, - HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable { - - InboundMessage msg = pendingReq.getRequest(); - - if (MiscUtil.isEmpty(msg.getEntityID())) { - throw new InvalidProtocolRequestException("pvp2.20", new Object[] {}); - - } - - if(!msg.isVerified()) { - samlVerificationEngine.verify(msg, - TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); - msg.setVerified(true); - - } - - if (msg instanceof MOARequest && - ((MOARequest)msg).getSamlRequest() instanceof AuthnRequest) - preProcessAuthRequest(request, response, pendingReq); - - else if (msg instanceof MOARequest && - ((MOARequest)msg).getSamlRequest() instanceof AttributeQuery) - preProcessAttributQueryRequest(request, response, pendingReq); + protected boolean childPreProcess(HttpServletRequest request, + HttpServletResponse response, PVPSProfilePendingRequest pendingReq) throws Throwable { + InboundMessage msg = pendingReq.getRequest(); + if (msg instanceof PVPSProfileRequest && + ((PVPSProfileRequest)msg).getSamlRequest() instanceof AttributeQuery) + preProcessAttributQueryRequest(request, response, pendingReq); - else if (msg instanceof MOARequest && - ((MOARequest)msg).getSamlRequest() instanceof LogoutRequest) - preProcessLogOut(request, response, pendingReq); + else if (msg instanceof PVPSProfileRequest && + ((PVPSProfileRequest)msg).getSamlRequest() instanceof LogoutRequest) + preProcessLogOut(request, response, pendingReq); - else if (msg instanceof MOAResponse && - ((MOAResponse)msg).getResponse() instanceof LogoutResponse) - preProcessLogOut(request, response, pendingReq); - - else { - Logger.error("Receive unsupported PVP21 message"); - throw new MOAIDException("Unsupported PVP21 message", new Object[] {}); - } + else if (msg instanceof PVPSProfileResponse && + ((PVPSProfileResponse)msg).getResponse() instanceof LogoutResponse) + preProcessLogOut(request, response, pendingReq); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROTOCOL_TYPE, PATH); - - //switch to session authentication - performAuthentication(request, response, pendingReq); - } - - public boolean generateErrorMessage(Throwable e, - HttpServletRequest request, HttpServletResponse response, - IRequest protocolRequest) throws Throwable { - - if(protocolRequest == null) { - throw e; - } - - if(!(protocolRequest instanceof PVPTargetConfiguration) ) { - throw e; - } - PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration)protocolRequest; - - Response samlResponse = - SAML2Utils.createSAMLObject(Response.class); - Status status = SAML2Utils.createSAMLObject(Status.class); - StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); - StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class); - - ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); - String moaError = null; - - if(e instanceof NoPassivAuthenticationException) { - statusCode.setValue(StatusCode.NO_PASSIVE_URI); - statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())); - - } else if (e instanceof NameIDFormatNotSupportedException) { - statusCode.setValue(StatusCode.INVALID_NAMEID_POLICY_URI); - statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())); - - } else if (e instanceof SLOException) { - //SLOExecpetions only occurs if session information is lost + else return false; - } else if(e instanceof PVP2Exception) { - PVP2Exception ex = (PVP2Exception) e; - statusCode.setValue(ex.getStatusCodeValue()); - String statusMessageValue = ex.getStatusMessageValue(); - if(statusMessageValue != null) { - statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue)); - } - moaError = errorUtils.mapInternalErrorToExternalError(ex.getMessageId()); - - } else { - statusCode.setValue(StatusCode.RESPONDER_URI); - statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())); - moaError = errorUtils.getResponseErrorCode(e); - } - - - if (MiscUtil.isNotEmpty(moaError)) { - StatusCode moaStatusCode = SAML2Utils.createSAMLObject(StatusCode.class); - moaStatusCode.setValue(moaError); - statusCode.setStatusCode(moaStatusCode); - } - - status.setStatusCode(statusCode); - if(statusMessage.getMessage() != null) { - status.setStatusMessage(statusMessage); - } - samlResponse.setStatus(status); - String remoteSessionID = SAML2Utils.getSecureIdentifier(); - samlResponse.setID(remoteSessionID); - - samlResponse.setIssueInstant(new DateTime()); - Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); - nissuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService( - pvpRequest.getAuthURL())); - nissuer.setFormat(NameID.ENTITY); - samlResponse.setIssuer(nissuer); - - IEncoder encoder = null; - - if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - encoder = applicationContext.getBean("PVPRedirectBinding", RedirectBinding.class); - - } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { - encoder = applicationContext.getBean("PVPPOSTBinding", PostBinding.class); - } else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) { - encoder = applicationContext.getBean("PVPSOAPBinding", SoapBinding.class); - } - - if(encoder == null) { - // default to redirect binding - encoder = new RedirectBinding(); - } - - String relayState = null; - if (pvpRequest.getRequest() != null) - relayState = pvpRequest.getRequest().getRelayState(); - - X509Credential signCred = pvpCredentials.getIDPAssertionSigningCredential(); - - encoder.encodeRespone(request, response, samlResponse, pvpRequest.getConsumerURL(), - relayState, signCred, protocolRequest); return true; } - - public boolean validate(HttpServletRequest request, - HttpServletResponse response, IRequest pending) { - - return true; - } - /** * PreProcess Single LogOut request @@ -543,18 +243,19 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { * @param response * @param msg * @return + * @throws EAAFException * @throws MOAIDException */ private void preProcessLogOut(HttpServletRequest request, - HttpServletResponse response, PVPTargetConfiguration pendingReq) throws MOAIDException { + HttpServletResponse response, PVPSProfilePendingRequest pendingReq) throws EAAFException { InboundMessage inMsg = pendingReq.getRequest(); - MOARequest msg; - if (inMsg instanceof MOARequest && - ((MOARequest)inMsg).getSamlRequest() instanceof LogoutRequest) { + PVPSProfileRequest msg; + if (inMsg instanceof PVPSProfileRequest && + ((PVPSProfileRequest)inMsg).getSamlRequest() instanceof LogoutRequest) { //preProcess single logout request from service provider - msg = (MOARequest) inMsg; + msg = (PVPSProfileRequest) inMsg; EntityDescriptor metadata = msg.getEntityMetadata(metadataProvider); if(metadata == null) { @@ -563,11 +264,11 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { String oaURL = metadata.getEntityID(); oaURL = StringEscapeUtils.escapeHtml(oaURL); - IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(oaURL); + ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL); Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding()); - pendingReq.setOAURL(oaURL); + pendingReq.setSPEntityId(oaURL); pendingReq.setOnlineApplicationConfiguration(oa); pendingReq.setBinding(msg.getRequestBinding()); @@ -575,25 +276,33 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { - } else if (inMsg instanceof MOAResponse && - ((MOAResponse)inMsg).getResponse() instanceof LogoutResponse) { + } else if (inMsg instanceof PVPSProfileResponse && + ((PVPSProfileResponse)inMsg).getResponse() instanceof LogoutResponse) { //preProcess single logour response from service provider - LogoutResponse resp = (LogoutResponse) (((MOAResponse)inMsg).getResponse()); + LogoutResponse resp = (LogoutResponse) (((PVPSProfileResponse)inMsg).getResponse()); Logger.debug("PreProcess SLO Response from " + resp.getIssuer()); - List<String> allowedPublicURLPrefix = - AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); - boolean isAllowedDestination = false; +// List<String> allowedPublicURLPrefix = authConfig.getIDPPublicURLPrefixes(); +// AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); - for (String prefix : allowedPublicURLPrefix) { - if (resp.getDestination().startsWith( - prefix)) { - isAllowedDestination = true; - break; - } + boolean isAllowedDestination = false; + try { + isAllowedDestination = MiscUtil.isNotEmpty(authConfig.validateIDPURL(new URL(resp.getDestination()))); + + } catch (MalformedURLException e) { + Logger.info(resp.getDestination() + " is NOT valid. Reason: " + e.getMessage()); + } + +// for (String prefix : allowedPublicURLPrefix) { +// if (resp.getDestination().startsWith( +// prefix)) { +// isAllowedDestination = true; +// break; +// } +// } if (!isAllowedDestination) { Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL"); @@ -606,11 +315,11 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { } else - throw new MOAIDException("Unsupported request", new Object[] {}); + throw new EAAFException("Unsupported request"); pendingReq.setRequest(inMsg); - pendingReq.setAction(SINGLELOGOUT); + pendingReq.setAction(PVPConstants.SINGLELOGOUT); //Single LogOut Request needs no authentication pendingReq.setNeedAuthentication(false); @@ -627,26 +336,21 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { * @throws Throwable */ private void preProcessAttributQueryRequest(HttpServletRequest request, - HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable { - MOARequest moaRequest = ((MOARequest)pendingReq.getRequest()); + HttpServletResponse response, PVPSProfilePendingRequest pendingReq) throws Throwable { + PVPSProfileRequest moaRequest = ((PVPSProfileRequest)pendingReq.getRequest()); AttributeQuery attrQuery = (AttributeQuery) moaRequest.getSamlRequest(); moaRequest.setEntityID(attrQuery.getIssuer().getValue()); //validate destination String destinaten = attrQuery.getDestination(); - if (!PVPConfiguration.getInstance().getIDPAttributeQueryService(HTTPUtils.extractAuthURLFromRequest(request)).equals(destinaten)) { + if (!pvpBasicConfiguration.getIDPSSOSOAPService(HTTPUtils.extractAuthURLFromRequest(request)).equals(destinaten)) { Logger.warn("AttributeQuery destination does not match IDP AttributeQueryService URL"); throw new AttributQueryException("AttributeQuery destination does not match IDP AttributeQueryService URL", null); } - //check if Issuer is an interfederation IDP - // check parameter - if (!ParamValidatorUtils.isValidOA(moaRequest.getEntityID())) - throw new WrongParametersException("StartAuthentication", - PARAM_OA, "auth.12"); - - IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(moaRequest.getEntityID()); + //check if Issuer is an interfederation IDP + IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(moaRequest.getEntityID(), IOAAuthParameters.class); if (!oa.isInderfederationIDP()) { Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs."); throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null); @@ -670,7 +374,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { //set preProcessed information into pending-request pendingReq.setRequest(moaRequest); - pendingReq.setOAURL(moaRequest.getEntityID()); + pendingReq.setSPEntityId(moaRequest.getEntityID()); pendingReq.setOnlineApplicationConfiguration(oa); pendingReq.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); @@ -681,147 +385,12 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { pendingReq.setAction(AttributQueryAction.class.getName()); //add moasession - pendingReq.setInternalSSOSessionIdentifier(session.getSessionID()); + pendingReq.setInternalSSOSessionIdentifier(session.getSSOSessionID()); //write revisionslog entry revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY); } - - /** - * PreProcess Authn request - * @param request - * @param response - * @param pendingReq - * @throws Throwable - */ - private void preProcessAuthRequest(HttpServletRequest request, - HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable { - - MOARequest moaRequest = ((MOARequest)pendingReq.getRequest()); - SignableXMLObject samlReq = moaRequest.getSamlRequest(); - - if(!(samlReq instanceof AuthnRequest)) { - throw new MOAIDException("Unsupported request", new Object[] {}); - } - - EntityDescriptor metadata = moaRequest.getEntityMetadata(metadataProvider); - if(metadata == null) { - throw new NoMetadataInformationException(); - } - SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); - - AuthnRequest authnRequest = (AuthnRequest)samlReq; - - if (authnRequest.getIssueInstant() == null) { - Logger.warn("Unsupported request: No IssueInstant Attribute found."); - throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {}); - - } - - if (authnRequest.getIssueInstant().minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) { - Logger.warn("Unsupported request: No IssueInstant DateTime is not valid anymore."); - throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {}); - - } - - //parse AssertionConsumerService - AssertionConsumerService consumerService = null; - if (MiscUtil.isNotEmpty(authnRequest.getAssertionConsumerServiceURL()) && - MiscUtil.isNotEmpty(authnRequest.getProtocolBinding())) { - //use AssertionConsumerServiceURL from request - - //check requested AssertionConsumingService URL against metadata - List<AssertionConsumerService> metadataAssertionServiceList = spSSODescriptor.getAssertionConsumerServices(); - for (AssertionConsumerService service : metadataAssertionServiceList) { - if (authnRequest.getProtocolBinding().equals(service.getBinding()) - && authnRequest.getAssertionConsumerServiceURL().equals(service.getLocation())) { - consumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class); - consumerService.setBinding(authnRequest.getProtocolBinding()); - consumerService.setLocation(authnRequest.getAssertionConsumerServiceURL()); - Logger.debug("Requested AssertionConsumerServiceURL is valid."); - } - } - - if (consumerService == null) { - throw new InvalidAssertionConsumerServiceException(authnRequest.getAssertionConsumerServiceURL()); - - } - - } else { - //use AssertionConsumerServiceIndex and select consumerService from metadata - Integer aIdx = authnRequest.getAssertionConsumerServiceIndex(); - int assertionidx = 0; - - if(aIdx != null) { - assertionidx = aIdx.intValue(); - - } else { - assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor); - - } - consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx); - - if (consumerService == null) { - throw new InvalidAssertionConsumerServiceException(aIdx); - - } - } - - - //select AttributeConsumingService from request - AttributeConsumingService attributeConsumer = null; - Integer aIdx = authnRequest.getAttributeConsumingServiceIndex(); - int attributeIdx = 0; - - if(aIdx != null) { - attributeIdx = aIdx.intValue(); - } - - if (spSSODescriptor.getAttributeConsumingServices() != null && - spSSODescriptor.getAttributeConsumingServices().size() > 0) { - attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx); - } - - //validate AuthnRequest - AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq; - AuthnRequestValidator.validate(authReq); - - String useMandate = request.getParameter(PARAM_USEMANDATE); - if(useMandate != null) { - if(useMandate.equals("true") && attributeConsumer != null) { - if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) { - throw new MandateAttributesNotHandleAbleException(); - } - } - } - - String oaURL = moaRequest.getEntityMetadata(metadataProvider).getEntityID(); - oaURL = StringEscapeUtils.escapeHtml(oaURL); - IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(oaURL); - - Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding()); - - pendingReq.setOAURL(oaURL); - pendingReq.setOnlineApplicationConfiguration(oa); - pendingReq.setBinding(consumerService.getBinding()); - pendingReq.setRequest(moaRequest); - pendingReq.setConsumerURL(consumerService.getLocation()); - - //parse AuthRequest - pendingReq.setPassiv(authReq.isPassive()); - pendingReq.setForce(authReq.isForceAuthn()); - - //AuthnRequest needs authentication - pendingReq.setNeedAuthentication(true); - - //set protocol action, which should be executed after authentication - pendingReq.setAction(AuthenticationAction.class.getName()); - - //write revisionslog entry - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST); - - } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java index 62105abda..67cbafe90 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java @@ -28,9 +28,9 @@ import org.opensaml.xml.io.MarshallingException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.StoredAssertion; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; @Service("PVPAssertionStorage") public class PVPAssertionStorage implements SAMLArtifactMap { @@ -47,11 +47,11 @@ public class PVPAssertionStorage implements SAMLArtifactMap { relyingPartyId, issuerId, samlMessage); - - try { + + try { transactionStorage.put(artifact, assertion, -1); - } catch (MOADatabaseException e) { + } catch (EAAFException e) { // TODO Insert Error Handling, if Assertion could not be stored throw new MarshallingException("Assertion are not stored in Database.",e); } @@ -61,7 +61,7 @@ public class PVPAssertionStorage implements SAMLArtifactMap { try { return transactionStorage.get(artifact, SAMLArtifactMapEntry.class); - } catch (MOADatabaseException e) { + } catch (EAAFException e) { // TODO Insert Error Handling, if Assertion could not be read e.printStackTrace(); return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java index 95e3c5bc2..cdd0b659e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java @@ -22,24 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x; -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; - -import org.opensaml.xml.encryption.EncryptionConstants; -import org.opensaml.xml.signature.SignatureConstants; - -import at.gv.egovernment.moa.id.data.Trible; - -public interface PVPConstants { +public interface PVPConstants extends at.gv.egiz.eaaf.modules.pvp2.PVPConstants { public static final String SSLSOCKETFACTORYNAME = "MOAMetaDataProvider"; - - public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256; - public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256; - public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256; - public static final String DEFAULT_ASYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP; - public static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/citizenQAALevel/"; public static final String STORK_QAA_1_1 = "http://www.stork.gov.eu/1.0/citizenQAALevel/1"; @@ -51,327 +36,5 @@ public interface PVPConstants { public static final String EIDAS_QAA_LOW = EIDAS_QAA_PREFIX + "low"; public static final String EIDAS_QAA_SUBSTANTIAL = EIDAS_QAA_PREFIX + "substantial"; public static final String EIDAS_QAA_HIGH = EIDAS_QAA_PREFIX + "high"; - - public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/"; - - public static final String URN_OID_PREFIX = "urn:oid:"; - - public static final String PVP_VERSION_OID = "1.2.40.0.10.2.1.1.261.10"; - public static final String PVP_VERSION_NAME = URN_OID_PREFIX + PVP_VERSION_OID; - public static final String PVP_VERSION_FRIENDLY_NAME = "PVP-VERSION"; - public static final String PVP_VERSION_2_1 = "2.1"; - - - public static final String SECCLASS_OID = "1.2.40.0.10.2.1.1.261.110"; - public static final String SECCLASS_FRIENDLY_NAME = "SECCLASS"; - public static final String SECCLASS_NAME = URN_OID_PREFIX + SECCLASS_OID; - public static final int SECCLASS_MAX_LENGTH = 128; - - public static final String PRINCIPAL_NAME_OID = "1.2.40.0.10.2.1.1.261.20"; - public static final String PRINCIPAL_NAME_NAME = URN_OID_PREFIX + PRINCIPAL_NAME_OID; - public static final String PRINCIPAL_NAME_FRIENDLY_NAME = "PRINCIPAL-NAME"; - public static final int PRINCIPAL_NAME_MAX_LENGTH = 128; - - public static final String GIVEN_NAME_OID = "2.5.4.42"; - public static final String GIVEN_NAME_NAME = URN_OID_PREFIX + GIVEN_NAME_OID; - public static final String GIVEN_NAME_FRIENDLY_NAME = "GIVEN-NAME"; - public static final int GIVEN_NAME_MAX_LENGTH = 128; - - public static final String BIRTHDATE_OID = "1.2.40.0.10.2.1.1.55"; - public static final String BIRTHDATE_NAME = URN_OID_PREFIX + BIRTHDATE_OID; - public static final String BIRTHDATE_FRIENDLY_NAME = "BIRTHDATE"; - public static final String BIRTHDATE_FORMAT_PATTERN = "yyyy-MM-dd"; - - public static final String USERID_OID = "0.9.2342.19200300.100.1.1"; - public static final String USERID_NAME = URN_OID_PREFIX + USERID_OID; - public static final String USERID_FRIENDLY_NAME = "USERID"; - public static final int USERID_MAX_LENGTH = 128; - - public static final String GID_OID = "1.2.40.0.10.2.1.1.1"; - public static final String GID_NAME = URN_OID_PREFIX + GID_OID; - public static final String GID_FRIENDLY_NAME = "GID"; - public static final int GID_MAX_LENGTH = 128; - - public static final String BPK_OID = "1.2.40.0.10.2.1.1.149"; - public static final String BPK_NAME = URN_OID_PREFIX + BPK_OID; - public static final String BPK_FRIENDLY_NAME = "BPK"; - public static final int BPK_MAX_LENGTH = 1024; - - public static final String ENC_BPK_LIST_OID = "1.2.40.0.10.2.1.1.261.22"; - public static final String ENC_BPK_LIST_NAME = URN_OID_PREFIX+ENC_BPK_LIST_OID; - public static final String ENC_BPK_LIST_FRIENDLY_NAME = "ENC-BPK-LIST"; - public static final int ENC_BPK_LIST_MAX_LENGTH = 32767; - - public static final String MAIL_OID = "0.9.2342.19200300.100.1.3"; - public static final String MAIL_NAME = URN_OID_PREFIX + MAIL_OID; - public static final String MAIL_FRIENDLY_NAME = "MAIL"; - public static final int MAIL_MAX_LENGTH = 128; - - public static final String TEL_OID = "2.5.4.20"; - public static final String TEL_NAME = URN_OID_PREFIX + TEL_OID; - public static final String TEL_FRIENDLY_NAME = "TEL"; - public static final int TEL_MAX_LENGTH = 32; - - public static final String PARTICIPANT_ID_OID = "1.2.40.0.10.2.1.1.71"; - public static final String PARTICIPANT_ID_NAME = URN_OID_PREFIX + PARTICIPANT_ID_OID; - public static final String PARTICIPANT_ID_FRIENDLY_NAME = "PARTICIPANT-ID"; - public static final int PARTICIPANT_MAX_LENGTH = 39; - - public static final String PARTICIPANT_OKZ_OID = "1.2.40.0.10.2.1.1.261.24"; - public static final String PARTICIPANT_OKZ_NAME = URN_OID_PREFIX + PARTICIPANT_OKZ_OID; - public static final String PARTICIPANT_OKZ_FRIENDLY_NAME = "PARTICIPANT-OKZ"; - public static final int PARTICIPANT_OKZ_MAX_LENGTH = 32; - - public static final String OU_OKZ_OID = "1.2.40.0.10.2.1.1.153"; - public static final String OU_OKZ_NAME = URN_OID_PREFIX + OU_OKZ_OID; - public static final int OU_OKZ_MAX_LENGTH = 32; - - public static final String OU_GV_OU_ID_OID = "1.2.40.0.10.2.1.1.3"; - public static final String OU_GV_OU_ID_NAME = URN_OID_PREFIX + OU_GV_OU_ID_OID; - public static final String OU_GV_OU_ID_FRIENDLY_NAME = "OU-GV-OU-ID"; - public static final int OU_GV_OU_ID_MAX_LENGTH = 39; - - public static final String OU_OID = "2.5.4.11"; - public static final String OU_NAME = URN_OID_PREFIX + OU_OID; - public static final String OU_FRIENDLY_NAME = "OU"; - public static final int OU_MAX_LENGTH = 64; - - public static final String FUNCTION_OID = "1.2.40.0.10.2.1.1.33"; - public static final String FUNCTION_NAME = URN_OID_PREFIX + FUNCTION_OID; - public static final String FUNCTION_FRIENDLY_NAME = "FUNCTION"; - public static final int FUNCTION_MAX_LENGTH = 32; - - public static final String ROLES_OID = "1.2.40.0.10.2.1.1.261.30"; - public static final String ROLES_NAME = URN_OID_PREFIX + ROLES_OID; - public static final String ROLES_FRIENDLY_NAME = "ROLES"; - public static final int ROLES_MAX_LENGTH = 32767; - - @Deprecated public static final String EID_CITIZEN_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.94"; - @Deprecated public static final String EID_CITIZEN_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_QAA_LEVEL_OID; - @Deprecated public static final String EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-LEVEL"; - - public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.108"; - public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_EIDAS_QAA_LEVEL_OID; - public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-EIDAS-LEVEL"; - - public static final String EID_ISSUING_NATION_OID = "1.2.40.0.10.2.1.1.261.32"; - public static final String EID_ISSUING_NATION_NAME = URN_OID_PREFIX + EID_ISSUING_NATION_OID; - public static final String EID_ISSUING_NATION_FRIENDLY_NAME = "EID-ISSUING-NATION"; - public static final int EID_ISSUING_NATION_MAX_LENGTH = 2; - - public static final String EID_SECTOR_FOR_IDENTIFIER_OID = "1.2.40.0.10.2.1.1.261.34"; - public static final String EID_SECTOR_FOR_IDENTIFIER_NAME = URN_OID_PREFIX + EID_SECTOR_FOR_IDENTIFIER_OID; - public static final String EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME = "EID-SECTOR-FOR-IDENTIFIER"; - public static final int EID_SECTOR_FOR_IDENTIFIER_MAX_LENGTH = 255; - - public static final String EID_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.36"; - public static final String EID_SOURCE_PIN_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_OID; - public static final String EID_SOURCE_PIN_FRIENDLY_NAME = "EID-SOURCE-PIN"; - public static final int EID_SOURCE_PIN_MAX_LENGTH = 128; - - public static final String EID_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.104"; - public static final String EID_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_TYPE_OID; - public static final String EID_SOURCE_PIN_TYPE_FRIENDLY_NAME = "EID-SOURCE-PIN-TYPE"; - public static final int EID_SOURCE_PIN_TYPE_MAX_LENGTH = 128; - - public static final String EID_IDENTITY_LINK_OID = "1.2.40.0.10.2.1.1.261.38"; - public static final String EID_IDENTITY_LINK_NAME = URN_OID_PREFIX + EID_IDENTITY_LINK_OID; - public static final String EID_IDENTITY_LINK_FRIENDLY_NAME = "EID-IDENTITY-LINK"; - public static final int EID_IDENTITY_LINK_MAX_LENGTH = 32767; - - public static final String EID_AUTH_BLOCK_OID = "1.2.40.0.10.2.1.1.261.62"; - public static final String EID_AUTH_BLOCK_NAME = URN_OID_PREFIX + EID_AUTH_BLOCK_OID; - public static final String EID_AUTH_BLOCK_FRIENDLY_NAME = "EID-AUTH-BLOCK"; - public static final int EID_AUTH_BLOCK_MAX_LENGTH = 32767; - - public static final String EID_CCS_URL_OID = "1.2.40.0.10.2.1.1.261.64"; - public static final String EID_CCS_URL_NAME = URN_OID_PREFIX + EID_CCS_URL_OID; - public static final String EID_CCS_URL_FRIENDLY_NAME = "EID-CCS-URL"; - public static final int EID_CCS_URL_MAX_LENGTH = 1024; - - public static final String EID_SIGNER_CERTIFICATE_OID = "1.2.40.0.10.2.1.1.261.66"; - public static final String EID_SIGNER_CERTIFICATE_NAME = URN_OID_PREFIX + EID_SIGNER_CERTIFICATE_OID; - public static final String EID_SIGNER_CERTIFICATE_FRIENDLY_NAME = "EID-SIGNER-CERTIFICATE"; - public static final int EID_SIGNER_CERTIFICATE_MAX_LENGTH = 32767; - - public static final String EID_STORK_TOKEN_OID = "1.2.40.0.10.2.1.1.261.96"; - public static final String EID_STORK_TOKEN_NAME = URN_OID_PREFIX + EID_STORK_TOKEN_OID; - public static final String EID_STORK_TOKEN_FRIENDLY_NAME = "EID-STORK-TOKEN"; - public static final int EID_STORK_TOKEN_MAX_LENGTH = 32767; - - public static final String MANDATE_TYPE_OID = "1.2.40.0.10.2.1.1.261.68"; - public static final String MANDATE_TYPE_NAME = URN_OID_PREFIX + MANDATE_TYPE_OID; - public static final String MANDATE_TYPE_FRIENDLY_NAME = "MANDATE-TYPE"; - public static final int MANDATE_TYPE_MAX_LENGTH = 256; - - public static final String MANDATE_TYPE_OID_OID = "1.2.40.0.10.2.1.1.261.106"; - public static final String MANDATE_TYPE_OID_NAME = URN_OID_PREFIX + MANDATE_TYPE_OID_OID; - public static final String MANDATE_TYPE_OID_FRIENDLY_NAME = "MANDATE-TYPE-OID"; - public static final int MANDATE_TYPE_OID_MAX_LENGTH = 256; - - public static final String MANDATE_NAT_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.70"; - public static final String MANDATE_NAT_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_OID; - public static final String MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN"; - public static final int MANDATE_NAT_PER_SOURCE_PIN_MAX_LENGTH = 128; - - public static final String MANDATE_LEG_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.100"; - public static final String MANDATE_LEG_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_SOURCE_PIN_OID; - public static final String MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-SOURCE-PIN"; - public static final int MANDATE_LEG_PER_SOURCE_PIN_MAX_LENGTH = 128; - - public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.102"; - public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID; - public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN-TYPE"; - public static final int MANDATE_NAT_PER_SOURCE_PIN_TYPE_MAX_LENGTH = 128; - - public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.76"; - public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_SOURCE_PIN_TYPE_OID; - public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-SOURCE-PIN-TYPE"; - public static final int MANDATE_LEG_PER_SOURCE_PIN_TYPE_MAX_LENGTH = 128; - - public static final String MANDATE_NAT_PER_BPK_OID = "1.2.40.0.10.2.1.1.261.98"; - public static final String MANDATE_NAT_PER_BPK_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_BPK_OID; - public static final String MANDATE_NAT_PER_BPK_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-BPK"; - public static final int MANDATE_NAT_PER_BPK_MAX_LENGTH = 1024; - - public static final String MANDATE_NAT_PER_ENC_BPK_LIST_OID = "1.2.40.0.10.2.1.1.261.72"; - public static final String MANDATE_NAT_PER_ENC_BPK_LIST_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_ENC_BPK_LIST_OID; - public static final String MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-ENC-BPK-LIST"; - public static final int MANDATE_NAT_PER_ENC_BPK_LIST_MAX_LENGTH = 32767; - - public static final String MANDATE_NAT_PER_GIVEN_NAME_OID = "1.2.40.0.10.2.1.1.261.78"; - public static final String MANDATE_NAT_PER_GIVEN_NAME_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_GIVEN_NAME_OID; - public static final String MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-GIVEN-NAME"; - public static final int MANDATE_NAT_PER_GIVEN_NAME_MAX_LENGTH = 128; - - public static final String MANDATE_NAT_PER_FAMILY_NAME_OID = "1.2.40.0.10.2.1.1.261.80"; - public static final String MANDATE_NAT_PER_FAMILY_NAME_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_FAMILY_NAME_OID; - public static final String MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-FAMILY-NAME"; - public static final int MANDATE_NAT_PER_FAMILY_NAME_MAX_LENGTH = 128; - - public static final String MANDATE_NAT_PER_BIRTHDATE_OID = "1.2.40.0.10.2.1.1.261.82"; - public static final String MANDATE_NAT_PER_BIRTHDATE_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_BIRTHDATE_OID; - public static final String MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-BIRTHDATE"; - public static final String MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN = BIRTHDATE_FORMAT_PATTERN; - - public static final String MANDATE_LEG_PER_FULL_NAME_OID = "1.2.40.0.10.2.1.1.261.84"; - public static final String MANDATE_LEG_PER_FULL_NAME_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_FULL_NAME_OID; - public static final String MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-FULL-NAME"; - public static final int MANDATE_LEG_PER_FULL_NAME_MAX_LENGTH = 256; - - public static final String MANDATE_PROF_REP_OID_OID = "1.2.40.0.10.2.1.1.261.86"; - public static final String MANDATE_PROF_REP_OID_NAME = URN_OID_PREFIX + MANDATE_PROF_REP_OID_OID; - public static final String MANDATE_PROF_REP_OID_FRIENDLY_NAME = "MANDATE-PROF-REP-OID"; - public static final int MANDATE_PROF_REP_OID_MAX_LENGTH = 256; - - public static final String MANDATE_PROF_REP_DESC_OID = "1.2.40.0.10.2.1.1.261.88"; - public static final String MANDATE_PROF_REP_DESC_NAME = URN_OID_PREFIX + MANDATE_PROF_REP_DESC_OID; - public static final String MANDATE_PROF_REP_DESC_FRIENDLY_NAME = "MANDATE-PROF-REP-DESCRIPTION"; - public static final int MANDATE_PROF_REP_DESC_MAX_LENGTH = 1024; - - public static final String MANDATE_REFERENCE_VALUE_OID = "1.2.40.0.10.2.1.1.261.90"; - public static final String MANDATE_REFERENCE_VALUE_NAME = URN_OID_PREFIX + MANDATE_REFERENCE_VALUE_OID; - public static final String MANDATE_REFERENCE_VALUE_FRIENDLY_NAME = "MANDATE-REFERENCE-VALUE"; - public static final int MANDATE_REFERENCE_VALUE_MAX_LENGTH = 100; - - public static final String MANDATE_FULL_MANDATE_OID = "1.2.40.0.10.2.1.1.261.92"; - public static final String MANDATE_FULL_MANDATE_NAME = URN_OID_PREFIX + MANDATE_FULL_MANDATE_OID; - public static final String MANDATE_FULL_MANDATE_FRIENDLY_NAME = "MANDATE-FULL-MANDATE"; - public static final int MANDATE_FULL_MANDATE_MAX_LENGTH = 32767; - - public static final String INVOICE_RECPT_ID_OID = "1.2.40.0.10.2.1.1.261.40"; - public static final String INVOICE_RECPT_ID_NAME = URN_OID_PREFIX + INVOICE_RECPT_ID_OID; - public static final String INVOICE_RECPT_ID_FRIENDLY_NAME = "INVOICE-RECPT-ID"; - public static final int INVOICE_RECPT_ID_MAX_LENGTH = 64; - - public static final String COST_CENTER_ID_OID = "1.2.40.0.10.2.1.1.261.50"; - public static final String COST_CENTER_ID_NAME = URN_OID_PREFIX + COST_CENTER_ID_OID; - public static final String COST_CENTER_ID_FRIENDLY_NAME = "COST-CENTER-ID"; - public static final int COST_CENTER_ID_MAX_LENGTH = 32767; - - public static final String CHARGE_CODE_OID = "1.2.40.0.10.2.1.1.261.60"; - public static final String CHARGE_CODE_NAME = URN_OID_PREFIX + CHARGE_CODE_OID; - public static final String CHARGE_CODE_FRIENDLY_NAME = "CHARGE-CODE"; - public static final int CHARGE_CODE_MAX_LENGTH = 32767; - - public static final String PVP_HOLDEROFKEY_OID = "1.2.40.0.10.2.1.1.261.xx.xx"; - public static final String PVP_HOLDEROFKEY_NAME = URN_OID_PREFIX + PVP_HOLDEROFKEY_OID; - public static final String PVP_HOLDEROFKEY_FRIENDLY_NAME = "HOLDER-OF-KEY-CERTIFICATE"; - - - - public static final String ENTITY_CATEGORY_ATTRIBITE = "http://macedir.org/entity-category"; - public static final String EGOVTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/egovtoken"; - public static final String CITIZENTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/citizentoken"; - - /** - * - * Get required PVP attributes for egovtoken - * First : PVP attribute name (OID) - * Second: FriendlyName - * Third: Required - * - */ - public static final List<Trible<String, String, Boolean>> EGOVTOKEN_PVP_ATTRIBUTES = - Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() { - private static final long serialVersionUID = 1L; - { - //currently supported attributes - add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true)); - add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true)); - - //currently not supported attributes - add(Trible.newInstance(USERID_NAME, USERID_FRIENDLY_NAME, false)); - add(Trible.newInstance(GID_NAME, GID_FRIENDLY_NAME, false)); - add(Trible.newInstance(PARTICIPANT_ID_NAME, PARTICIPANT_ID_FRIENDLY_NAME, false)); - add(Trible.newInstance(OU_GV_OU_ID_NAME, OU_GV_OU_ID_FRIENDLY_NAME, false)); - add(Trible.newInstance(OU_NAME, OU_FRIENDLY_NAME, false)); - add(Trible.newInstance(SECCLASS_NAME, SECCLASS_FRIENDLY_NAME, false)); - - - } - }); - - /** - * - * Get required PVP attributes for citizenToken - * First : PVP attribute name (OID) - * Second: FriendlyName - * Third: Required - * - */ - public static final List<Trible<String, String, Boolean>> CITIZENTOKEN_PVP_ATTRIBUTES = - Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() { - private static final long serialVersionUID = 1L; - { - //required attributes - eIDAS minimal-data set - add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true)); - add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true)); - add(Trible.newInstance(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true)); - add(Trible.newInstance(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, true)); - add(Trible.newInstance(BPK_NAME, BPK_FRIENDLY_NAME, true)); - - - //not required attributes - add(Trible.newInstance(EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false)); - add(Trible.newInstance(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, false)); - add(Trible.newInstance(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false)); - add(Trible.newInstance(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false)); - add(Trible.newInstance(MANDATE_TYPE_OID_NAME, MANDATE_TYPE_OID_FRIENDLY_NAME, false)); - add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_NAME, MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false)); - add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false)); - add(Trible.newInstance(MANDATE_NAT_PER_BPK_NAME, MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false)); - add(Trible.newInstance(MANDATE_NAT_PER_GIVEN_NAME_NAME, MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false)); - add(Trible.newInstance(MANDATE_NAT_PER_FAMILY_NAME_NAME, MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false)); - add(Trible.newInstance(MANDATE_NAT_PER_BIRTHDATE_NAME, MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false)); - add(Trible.newInstance(MANDATE_LEG_PER_FULL_NAME_NAME, MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false)); - add(Trible.newInstance(MANDATE_PROF_REP_OID_NAME, MANDATE_PROF_REP_OID_FRIENDLY_NAME, false)); - add(Trible.newInstance(MANDATE_PROF_REP_DESC_NAME, MANDATE_PROF_REP_DESC_FRIENDLY_NAME, false)); - add(Trible.newInstance(MANDATE_REFERENCE_VALUE_NAME, MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false)); - - - - } - }); - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java deleted file mode 100644 index caf66942e..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java +++ /dev/null @@ -1,144 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x; - -import java.util.Collection; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.core.impl.AuthnRequestImpl; -import org.opensaml.saml2.metadata.AttributeConsumingService; -import org.opensaml.saml2.metadata.RequestedAttribute; -import org.opensaml.saml2.metadata.SPSSODescriptor; -import org.opensaml.saml2.metadata.provider.MetadataProvider; -import org.springframework.beans.factory.config.BeanDefinition; -import org.springframework.context.annotation.Scope; -import org.springframework.stereotype.Component; - -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; -import at.gv.egovernment.moa.logging.Logger; - -@Component("PVPTargetConfiguration") -@Scope(value = BeanDefinition.SCOPE_PROTOTYPE) -public class PVPTargetConfiguration extends RequestImpl { - - public static final String DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP = "useMinimalFrontChannelResponse"; - public static final String DATAID_INTERFEDERATION_NAMEID = "federatedNameID"; - public static final String DATAID_INTERFEDERATION_QAALEVEL = "federatedQAALevel"; - - public static final String DATAID_INTERFEDERATION_REQUESTID = "authnReqID"; - - private static final long serialVersionUID = 4889919265919638188L; - - InboundMessage request; - String binding; - String consumerURL; - - public InboundMessage getRequest() { - return request; - } - - public void setRequest(InboundMessage request) { - this.request = request; - } - - public String getBinding() { - return binding; - } - - public void setBinding(String binding) { - this.binding = binding; - } - - public String getConsumerURL() { - return consumerURL; - } - - public void setConsumerURL(String consumerURL) { - this.consumerURL = consumerURL; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() - */ - @Override - public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { - - Map<String, String> reqAttr = new HashMap<String, String>(); - for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION) - reqAttr.put(el, ""); - - try { - SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata(metadataProvider).getSPSSODescriptor(SAMLConstants.SAML20P_NS); - if (spSSODescriptor.getAttributeConsumingServices() != null && - spSSODescriptor.getAttributeConsumingServices().size() > 0) { - - Integer aIdx = null; - if (getRequest() instanceof MOARequest && - ((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) { - AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest(); - aIdx = authnRequest.getAttributeConsumingServiceIndex(); - - } else { - Logger.error("MOARequest is NOT of type AuthnRequest"); - } - - int idx = 0; - - AttributeConsumingService attributeConsumingService = null; - - if (aIdx != null) { - idx = aIdx.intValue(); - attributeConsumingService = spSSODescriptor - .getAttributeConsumingServices().get(idx); - - } else { - List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices(); - for (AttributeConsumingService el : attrConsumingServiceList) { - if (el.isDefault()) - attributeConsumingService = el; - } - } - - for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes()) - reqAttr.put(attr.getName(), ""); - } - - //return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator()); - return reqAttr.keySet(); - - } catch (NoMetadataInformationException e) { - Logger.warn("NO metadata found for Entity " + getRequest().getEntityID()); - return null; - - } - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java index f709da213..68158cd61 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java @@ -35,30 +35,31 @@ import org.opensaml.saml2.metadata.SingleLogoutService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; +import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.SLOException; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.ISLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationContainer; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.AuthenticationManager; -import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; @@ -71,11 +72,11 @@ import at.gv.egovernment.moa.util.URLEncoder; public class SingleLogOutAction implements IAction { @Autowired private SSOManager ssomanager; - @Autowired private AuthenticationManager authManager; + @Autowired private IAuthenticationManager authManager; @Autowired private IAuthenticationSessionStoreage authenticationSessionStorage; @Autowired private ITransactionStorage transactionStorage; @Autowired private SingleLogOutBuilder sloBuilder; - @Autowired private MOAReversionLogger revisionsLogger; + @Autowired private IRevisionLogger revisionsLogger; /* (non-Javadoc) @@ -84,22 +85,22 @@ public class SingleLogOutAction implements IAction { @Override public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, - IAuthData authData) throws MOAIDException { + IAuthData authData) throws EAAFException { - PVPTargetConfiguration pvpReq = (PVPTargetConfiguration) req; + PVPSProfilePendingRequest pvpReq = (PVPSProfilePendingRequest) req; - if (pvpReq.getRequest() instanceof MOARequest && - ((MOARequest)pvpReq.getRequest()).getSamlRequest() instanceof LogoutRequest) { + if (pvpReq.getRequest() instanceof PVPSProfileRequest && + ((PVPSProfileRequest)pvpReq.getRequest()).getSamlRequest() instanceof LogoutRequest) { Logger.debug("Process Single LogOut request"); - MOARequest samlReq = (MOARequest) pvpReq.getRequest(); + PVPSProfileRequest samlReq = (PVPSProfileRequest) pvpReq.getRequest(); LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest(); - IAuthenticationSession session = - authenticationSessionStorage.searchMOASessionWithNameIDandOAID( + String ssoSessionId = + authenticationSessionStorage.searchSSOSessionWithNameIDandOAID( logOutReq.getIssuer().getValue(), logOutReq.getNameID().getValue()); - if (session == null) { + if (MiscUtil.isEmpty(ssoSessionId)) { Logger.warn("Can not find active SSO session with nameID " + logOutReq.getNameID().getValue() + " and OA " + logOutReq.getIssuer().getValue()); @@ -116,10 +117,10 @@ public class SingleLogOutAction implements IAction { } else { try { - session = ssomanager.getInternalMOASession(ssoID); + ssoSessionId = authenticationSessionStorage.getInternalSSOSessionWithSSOID(ssoID); - if (session == null) - throw new MOADatabaseException(); + if (MiscUtil.isEmpty(ssoSessionId)) + throw new MOADatabaseException(""); } catch (MOADatabaseException e) { Logger.info("Can not find active Session. Single LogOut not possible!"); @@ -134,12 +135,17 @@ public class SingleLogOutAction implements IAction { } } - authManager.performSingleLogOut(httpReq, httpResp, session, pvpReq); - - } else if (pvpReq.getRequest() instanceof MOAResponse && - ((MOAResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) { + pvpReq.setInternalSSOSessionIdentifier(ssoSessionId); + ISLOInformationContainer sloInformationContainer + = authManager.performSingleLogOut(httpReq, httpResp, pvpReq, ssoSessionId); + + Logger.debug("Starting technical SLO process ... "); + sloBuilder.toTechnicalLogout(sloInformationContainer, httpReq, httpResp, null); + + } else if (pvpReq.getRequest() instanceof PVPSProfileResponse && + ((PVPSProfileResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) { Logger.debug("Process Single LogOut response"); - LogoutResponse logOutResp = (LogoutResponse) ((MOAResponse)pvpReq.getRequest()).getResponse(); + LogoutResponse logOutResp = (LogoutResponse) ((PVPSProfileResponse)pvpReq.getRequest()).getResponse(); //Transaction tx = null; @@ -159,26 +165,8 @@ public class SingleLogOutAction implements IAction { //TODO: add counter to prevent deadlock synchronized(this){ while (!storageSuccess) { - // tx = session.beginTransaction(); - // - // List result; - // Query query = session.getNamedQuery("getAssertionWithArtifact"); - // query.setParameter("artifact", relayState); - // result = query.list(); - // - // - // Logger.trace("Found entries: " + result.size()); - // - // //Assertion requires an unique artifact - // if (result.size() != 1) { - // Logger.trace("No entries found."); - // throw new MOADatabaseException("No sessioninformation found with this ID"); - // } - // - // AssertionStore element = (AssertionStore) result.get(0); - // Object data = SerializationUtils.deserialize(element.getAssertion()); - Logger.debug("Current Thread getAssertionStore: "+Thread.currentThread().getId()); - Object o = transactionStorage.getAssertionStore(relayState); + Logger.debug("Current Thread: " +Thread.currentThread().getId() + " requests TransactionStore"); + Object o = transactionStorage.getRaw(relayState); if(o==null){ Logger.trace("No entries found."); throw new MOADatabaseException("No sessioninformation found with this ID"); @@ -198,43 +186,44 @@ public class SingleLogOutAction implements IAction { byte[] serializedSLOContainer = SerializationUtils.serialize((Serializable) sloContainer); element.setAssertion(serializedSLOContainer); element.setType(sloContainer.getClass().getName()); - - // session.saveOrUpdate(element); - // tx.commit(); - Logger.debug("Current Thread putAssertionStore: "+Thread.currentThread().getId()); - transactionStorage.putAssertionStore(element); + Logger.debug("Current Thread: " + Thread.currentThread().getId() + " puts SLOInformation into TransactionStore"); + transactionStorage.putRaw(element.getArtifact(), element); //sloContainer could be stored to database storageSuccess = true; - } catch(MOADatabaseException e) { - //tx.rollback(); - + } catch(EAAFException e) { counter++; Logger.debug("SLOContainter could not stored to database. Wait some time and restart storage process ... "); - java.util.Random rand = new java.util.Random(); - + if (counter > 1000) { + Logger.warn("Stopping SLO process with an error, because it runs in a loop.", e); + throw new EAAFException("internal.01", null, e); + + } + + try { + java.util.Random rand = new java.util.Random(); Thread.sleep(rand.nextInt(20)*10); } catch (InterruptedException e1) { Logger.warn("Thread could not stopped. ReStart storage process immediately", e1); + } } } else { - Logger.debug("Current Thread removeElement by Artifact: "+Thread.currentThread().getId()); + Logger.debug("Current Thread: " + Thread.currentThread().getId() + " remove SLOInformation from TransactionStore"); transactionStorage.remove(element.getArtifact()); - // session.delete(element); - // tx.commit(); storageSuccess = true; String redirectURL = null; - if (sloContainer.getSloRequest() != null) { - //send SLO response to SLO request issuer - SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(sloContainer.getSloRequest()); - LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, sloContainer.getSloRequest(), sloContainer.getSloFailedOAs()); - redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, sloContainer.getSloRequest().getRequest().getRelayState()); + IRequest sloReq = sloContainer.getSloRequest(); + if (sloReq != null && sloReq instanceof PVPSProfilePendingRequest) { + //send SLO response to SLO request issuer + SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPSProfilePendingRequest)sloReq); + LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPSProfilePendingRequest)sloReq, sloContainer.getSloFailedOAs()); + redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, ((PVPSProfilePendingRequest)sloReq).getRequest().getRelayState()); } else { //print SLO information directly @@ -276,7 +265,7 @@ public class SingleLogOutAction implements IAction { } } } - } catch (MOADatabaseException e) { + } catch (EAAFException e) { Logger.error("MOA AssertionDatabase ERROR", e); throw new SLOException("pvp2.19", null); @@ -285,16 +274,7 @@ public class SingleLogOutAction implements IAction { throw new AuthenticationException("pvp2.13", new Object[]{}); } - - // finally { - // if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) { - // tx.commit(); - // - // } - // } - - - + } else { Logger.error("Process SingleLogOutAction but request is NOT of type LogoutRequest or LogoutResponse."); throw new MOAIDException("pvp2.13", null); @@ -318,7 +298,7 @@ public class SingleLogOutAction implements IAction { */ @Override public String getDefaultActionName() { - return PVP2XProtocol.SINGLELOGOUT; + return PVPConstants.SINGLELOGOUT; } protected static String addURLParameter(String url, String paramname, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java deleted file mode 100644 index ccbef6e6c..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java +++ /dev/null @@ -1,71 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.binding; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.opensaml.saml2.core.RequestAbstractType; -import org.opensaml.saml2.core.StatusResponseType; -import org.opensaml.ws.message.encoder.MessageEncodingException; -import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.credential.Credential; - -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; - -public interface IEncoder { - - /** - * - * @param req The http request - * @param resp The http response - * @param request The SAML2 request object - * @param targetLocation URL, where the request should be transmit - * @param relayState token for session handling - * @param credentials Credential to sign the request object - * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null - * @throws MessageEncodingException - * @throws SecurityException - * @throws PVP2Exception - */ - public void encodeRequest(HttpServletRequest req, - HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) - throws MessageEncodingException, SecurityException, PVP2Exception; - - /** - * Encoder SAML Response - * @param req The http request - * @param resp The http response - * @param response The SAML2 repsonse object - * @param targetLocation URL, where the request should be transmit - * @param relayState token for session handling - * @param credentials Credential to sign the response object - * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null - * @throws MessageEncodingException - * @throws SecurityException - */ - public void encodeRespone(HttpServletRequest req, - HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) - throws MessageEncodingException, SecurityException, PVP2Exception; -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java deleted file mode 100644 index 7bb64a106..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java +++ /dev/null @@ -1,53 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.binding; - -import org.opensaml.common.binding.decoding.URIComparator; - -import at.gv.egovernment.moa.logging.Logger; - -public class MOAURICompare implements URIComparator { - - /** - * @param idpssoPostService - */ - - private String serviceURL = ""; - - public MOAURICompare(String serviceURL) { - this.serviceURL = serviceURL; - } - - public boolean compare(String uri1, String uri2) { - if (this.serviceURL.equals(uri1)) - return true; - - else { - Logger.warn("PVP request destination-endpoint: " + uri1 - + " does not match to IDP endpoint:" + serviceURL); - return false; - - } - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java deleted file mode 100644 index c7688c14b..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ /dev/null @@ -1,240 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.binding; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.opensaml.common.SAMLObject; -import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.common.binding.decoding.URIComparator; -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; -import org.opensaml.saml2.core.RequestAbstractType; -import org.opensaml.saml2.core.StatusResponseType; -import org.opensaml.saml2.metadata.IDPSSODescriptor; -import org.opensaml.saml2.metadata.SPSSODescriptor; -import org.opensaml.saml2.metadata.SingleSignOnService; -import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; -import org.opensaml.saml2.metadata.provider.MetadataProvider; -import org.opensaml.ws.message.decoder.MessageDecodingException; -import org.opensaml.ws.message.encoder.MessageEncodingException; -import org.opensaml.ws.security.SecurityPolicyResolver; -import org.opensaml.ws.security.provider.BasicSecurityPolicy; -import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver; -import org.opensaml.ws.transport.http.HttpServletRequestAdapter; -import org.opensaml.ws.transport.http.HttpServletResponseAdapter; -import org.opensaml.xml.parse.BasicParserPool; -import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.credential.Credential; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; - -import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; -import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad; -import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; -import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.opemsaml.MOAIDHTTPPostEncoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; -import at.gv.egovernment.moa.id.protocols.pvp2x.validation.MOAPVPSignedRequestPolicyRule; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -@Service("PVPPOSTBinding") -public class PostBinding implements IDecoder, IEncoder { - - @Autowired(required=true) AuthConfiguration authConfig; - @Autowired(required=true) GUIFormBuilderImpl guiBuilder; - - public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) - throws MessageEncodingException, SecurityException { - - try { -// X509Credential credentials = credentialProvider -// .getIDPAssertionSigningCredential(); - - //load default PVP security configurations - MOADefaultBootstrap.initializeDefaultPVPConfiguration(); - - //initialize POST binding encoder with template decoration - IGUIBuilderConfiguration guiConfig = - new SPSpecificGUIBuilderConfigurationWithFileSystemLoad( - pendingReq, - "pvp_postbinding_template.html", - MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, - null, - authConfig.getRootConfigFileDir()); - MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder, - VelocityProvider.getClassPathVelocityEngine()); - - //set OpenSAML2 process parameter into binding context dao - HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( - resp, true); - BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); - SingleSignOnService service = new SingleSignOnServiceBuilder().buildObject(); - service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); - service.setLocation(targetLocation);; - - context.setOutboundSAMLMessageSigningCredential(credentials); - context.setPeerEntityEndpoint(service); - context.setOutboundSAMLMessage(request); - context.setOutboundMessageTransport(responseAdapter); - context.setRelayState(relayState); - - encoder.encode(context); - -// } catch (CredentialsNotAvailableException e) { -// e.printStackTrace(); -// throw new SecurityException(e); - } catch (Exception e) { - e.printStackTrace(); - throw new SecurityException(e); - } - } - - public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, - StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) - throws MessageEncodingException, SecurityException { - - try { - //load default PVP security configurations - MOADefaultBootstrap.initializeDefaultPVPConfiguration(); - - Logger.debug("create SAML POSTBinding response"); - - //initialize POST binding encoder with template decoration - IGUIBuilderConfiguration guiConfig = - new SPSpecificGUIBuilderConfigurationWithFileSystemLoad( - pendingReq, - "pvp_postbinding_template.html", - MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, - null, - authConfig.getRootConfigFileDir()); - MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder, - VelocityProvider.getClassPathVelocityEngine()); - - //set OpenSAML2 process parameter into binding context dao - HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( - resp, true); - BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); - SingleSignOnService service = new SingleSignOnServiceBuilder() - .buildObject(); - service.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); - service.setLocation(targetLocation); - context.setOutboundSAMLMessageSigningCredential(credentials); - context.setPeerEntityEndpoint(service); - // context.setOutboundMessage(authReq); - context.setOutboundSAMLMessage(response); - context.setOutboundMessageTransport(responseAdapter); - context.setRelayState(relayState); - - encoder.encode(context); -// } catch (CredentialsNotAvailableException e) { -// e.printStackTrace(); -// throw new SecurityException(e); - } catch (Exception e) { - e.printStackTrace(); - throw new SecurityException(e); - } - } - - public InboundMessageInterface decode(HttpServletRequest req, - HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException, - SecurityException { - - HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); - BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); - messageContext - .setInboundMessageTransport(new HttpServletRequestAdapter(req)); - //set metadata descriptor type - if (isSPEndPoint) { - messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); - decode.setURIComparator(comparator); - - } else { - messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - decode.setURIComparator(comparator); - } - - messageContext.setMetadataProvider(metadataProvider); - - //set security policy context - BasicSecurityPolicy policy = new BasicSecurityPolicy(); - policy.getPolicyRules().add( - new MOAPVPSignedRequestPolicyRule(metadataProvider, - TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider), - messageContext.getPeerEntityRole())); - SecurityPolicyResolver secResolver = new StaticSecurityPolicyResolver(policy); - messageContext.setSecurityPolicyResolver(secResolver); - - decode.decode(messageContext); - - InboundMessage msg = null; - if (messageContext.getInboundMessage() instanceof RequestAbstractType) { - RequestAbstractType inboundMessage = (RequestAbstractType) messageContext - .getInboundMessage(); - msg = new MOARequest(inboundMessage, getSAML2BindingName()); - msg.setEntityID(inboundMessage.getIssuer().getValue()); - - } else if (messageContext.getInboundMessage() instanceof StatusResponseType){ - StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage(); - msg = new MOAResponse(inboundMessage); - msg.setEntityID(inboundMessage.getIssuer().getValue()); - - } else - //create empty container if request type is unknown - msg = new InboundMessage(); - - if (messageContext.getPeerEntityMetadata() != null) - msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID()); - - else { - if (MiscUtil.isEmpty(msg.getEntityID())) - Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer()); - } - - - msg.setVerified(true); - msg.setRelayState(messageContext.getRelayState()); - - return msg; - } - - public boolean handleDecode(String action, HttpServletRequest req) { - return (req.getMethod().equals("POST") && action.equals(PVP2XProtocol.POST)); - } - - public String getSAML2BindingName() { - return SAMLConstants.SAML2_POST_BINDING_URI; - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java deleted file mode 100644 index 95c4f1726..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ /dev/null @@ -1,244 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.binding; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.opensaml.common.SAMLObject; -import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.common.binding.decoding.URIComparator; -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder; -import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; -import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule; -import org.opensaml.saml2.core.RequestAbstractType; -import org.opensaml.saml2.core.StatusResponseType; -import org.opensaml.saml2.metadata.IDPSSODescriptor; -import org.opensaml.saml2.metadata.SPSSODescriptor; -import org.opensaml.saml2.metadata.SingleSignOnService; -import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; -import org.opensaml.saml2.metadata.provider.MetadataProvider; -import org.opensaml.ws.message.decoder.MessageDecodingException; -import org.opensaml.ws.message.encoder.MessageEncodingException; -import org.opensaml.ws.security.SecurityPolicyResolver; -import org.opensaml.ws.security.provider.BasicSecurityPolicy; -import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver; -import org.opensaml.ws.transport.http.HttpServletRequestAdapter; -import org.opensaml.ws.transport.http.HttpServletResponseAdapter; -import org.opensaml.xml.parse.BasicParserPool; -import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.credential.Credential; -import org.springframework.stereotype.Service; - -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.validation.MOASAML2AuthRequestSignedRole; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -@Service("PVPRedirectBinding") -public class RedirectBinding implements IDecoder, IEncoder { - - public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) - throws MessageEncodingException, SecurityException { - -// try { -// X509Credential credentials = credentialProvider -// .getIDPAssertionSigningCredential(); - - //load default PVP security configurations - MOADefaultBootstrap.initializeDefaultPVPConfiguration(); - - Logger.debug("create SAML RedirectBinding response"); - - HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); - HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( - resp, true); - BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); - SingleSignOnService service = new SingleSignOnServiceBuilder() - .buildObject(); - service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - service.setLocation(targetLocation); - context.setOutboundSAMLMessageSigningCredential(credentials); - context.setPeerEntityEndpoint(service); - context.setOutboundSAMLMessage(request); - context.setOutboundMessageTransport(responseAdapter); - context.setRelayState(relayState); - - encoder.encode(context); -// } catch (CredentialsNotAvailableException e) { -// e.printStackTrace(); -// throw new SecurityException(e); -// } - } - - public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, - StatusResponseType response, String targetLocation, String relayState, - Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException { -// try { -// X509Credential credentials = credentialProvider -// .getIDPAssertionSigningCredential(); - - //load default PVP security configurations - MOADefaultBootstrap.initializeDefaultPVPConfiguration(); - - Logger.debug("create SAML RedirectBinding response"); - - HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); - HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( - resp, true); - BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); - SingleSignOnService service = new SingleSignOnServiceBuilder() - .buildObject(); - service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - service.setLocation(targetLocation); - context.setOutboundSAMLMessageSigningCredential(credentials); - context.setPeerEntityEndpoint(service); - context.setOutboundSAMLMessage(response); - context.setOutboundMessageTransport(responseAdapter); - context.setRelayState(relayState); - - encoder.encode(context); -// } catch (CredentialsNotAvailableException e) { -// e.printStackTrace(); -// throw new SecurityException(e); -// } - } - - public InboundMessageInterface decode(HttpServletRequest req, - HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException, - SecurityException { - - HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( - new BasicParserPool()); - - BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); - messageContext - .setInboundMessageTransport(new HttpServletRequestAdapter(req)); - - //set metadata descriptor type - if (isSPEndPoint) { - messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); - decode.setURIComparator(comparator); - - } else { - messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - decode.setURIComparator(comparator); - } - - messageContext.setMetadataProvider(metadataProvider); - - SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( - TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); - MOASAML2AuthRequestSignedRole signedRole = new MOASAML2AuthRequestSignedRole(); - BasicSecurityPolicy policy = new BasicSecurityPolicy(); - policy.getPolicyRules().add(signedRole); - policy.getPolicyRules().add(signatureRule); - SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( - policy); - messageContext.setSecurityPolicyResolver(resolver); - - //set metadata descriptor type - if (isSPEndPoint) - messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); - else - messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - - try { - decode.decode(messageContext); - - //check signature - signatureRule.evaluate(messageContext); - - } catch (SecurityException e) { - if (MiscUtil.isEmpty(messageContext.getInboundMessageIssuer())) { - throw e; - - } - - if (metadataProvider instanceof IMOARefreshableMetadataProvider) { - Logger.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + messageContext.getInboundMessageIssuer()); - if (!((IMOARefreshableMetadataProvider) metadataProvider).refreshMetadataProvider(messageContext.getInboundMessageIssuer())) - throw e; - - else { - Logger.trace("PVP2X metadata reload finished. Check validate message again."); - decode.decode(messageContext); - - //check signature - signatureRule.evaluate(messageContext); - - } - Logger.trace("Second PVP2X message validation finished"); - - } else { - throw e; - - } - } - - InboundMessage msg = null; - if (messageContext.getInboundMessage() instanceof RequestAbstractType) { - RequestAbstractType inboundMessage = (RequestAbstractType) messageContext - .getInboundMessage(); - msg = new MOARequest(inboundMessage, getSAML2BindingName()); - - - } else if (messageContext.getInboundMessage() instanceof StatusResponseType){ - StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage(); - msg = new MOAResponse(inboundMessage); - - } else - //create empty container if request type is unknown - msg = new InboundMessage(); - - if (messageContext.getPeerEntityMetadata() != null) - msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID()); - - else - Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer()); - - msg.setVerified(true); - msg.setRelayState(messageContext.getRelayState()); - - return msg; - } - - public boolean handleDecode(String action, HttpServletRequest req) { - return ((action.equals(PVP2XProtocol.REDIRECT) || action.equals(PVP2XProtocol.SINGLELOGOUT)) - && req.getMethod().equals("GET")); - } - - public String getSAML2BindingName() { - return SAMLConstants.SAML2_REDIRECT_BINDING_URI; - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java deleted file mode 100644 index 552b64ac6..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java +++ /dev/null @@ -1,176 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.binding; - -import java.util.List; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.opensaml.common.SAMLObject; -import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.common.binding.decoding.URIComparator; -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder; -import org.opensaml.saml2.core.RequestAbstractType; -import org.opensaml.saml2.core.StatusResponseType; -import org.opensaml.saml2.metadata.SPSSODescriptor; -import org.opensaml.saml2.metadata.provider.MetadataProvider; -import org.opensaml.ws.message.decoder.MessageDecodingException; -import org.opensaml.ws.message.encoder.MessageEncodingException; -import org.opensaml.ws.soap.soap11.Envelope; -import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder; -import org.opensaml.ws.transport.http.HttpServletRequestAdapter; -import org.opensaml.ws.transport.http.HttpServletResponseAdapter; -import org.opensaml.xml.XMLObject; -import org.opensaml.xml.parse.BasicParserPool; -import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.credential.Credential; -import org.opensaml.xml.signature.SignableXMLObject; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; - -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -@Service("PVPSOAPBinding") -public class SoapBinding implements IDecoder, IEncoder { - - @Autowired(required=true) private MOAMetadataProvider metadataProvider; - @Autowired private IDPCredentialProvider credentialProvider; - - public InboundMessageInterface decode(HttpServletRequest req, - HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException, - SecurityException, PVP2Exception { - HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool()); - BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = - new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); - messageContext - .setInboundMessageTransport(new HttpServletRequestAdapter( - req)); - messageContext.setMetadataProvider(metadataProvider); - - //TODO: update in a futher version: - // requires a special SignedSOAPRequestPolicyRole because - // messageContext.getInboundMessage() is not directly signed - - //set security context -// BasicSecurityPolicy policy = new BasicSecurityPolicy(); -// policy.getPolicyRules().add( -// new MOAPVPSignedRequestPolicyRule( -// TrustEngineFactory.getSignatureKnownKeysTrustEngine(), -// SPSSODescriptor.DEFAULT_ELEMENT_NAME)); -// SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( -// policy); -// messageContext.setSecurityPolicyResolver(resolver); - - //decode message - soapDecoder.decode(messageContext); - - Envelope inboundMessage = (Envelope) messageContext - .getInboundMessage(); - - if (inboundMessage.getBody() != null) { - List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects(); - - if (!xmlElemList.isEmpty()) { - SignableXMLObject attrReq = (SignableXMLObject) xmlElemList.get(0); - MOARequest request = new MOARequest(attrReq, getSAML2BindingName()); - - if (messageContext.getPeerEntityMetadata() != null) - request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID()); - - else if (attrReq instanceof RequestAbstractType) { - RequestAbstractType attributeRequest = (RequestAbstractType) attrReq; - try { - if (MiscUtil.isNotEmpty(attributeRequest.getIssuer().getValue()) && - metadataProvider.getRole( - attributeRequest.getIssuer().getValue(), - SPSSODescriptor.DEFAULT_ELEMENT_NAME) != null) - request.setEntityID(attributeRequest.getIssuer().getValue()); - - } catch (Exception e) { - Logger.warn("No Metadata found with EntityID " + attributeRequest.getIssuer().getValue()); - } - } - - request.setVerified(false); - return request; - - } - } - - Logger.error("Receive empty PVP 2.1 attributequery request."); - throw new AttributQueryException("Receive empty PVP 2.1 attributequery request.", null); - } - - public boolean handleDecode(String action, HttpServletRequest req) { - return (req.getMethod().equals("POST") && - (action.equals(PVP2XProtocol.SOAP) || action.equals(PVP2XProtocol.ATTRIBUTEQUERY))); - } - - public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) - throws MessageEncodingException, SecurityException, PVP2Exception { - - } - - public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, - StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) - throws MessageEncodingException, SecurityException, PVP2Exception { -// try { -// Credential credentials = credentialProvider -// .getIDPAssertionSigningCredential(); - - //load default PVP security configurations - MOADefaultBootstrap.initializeDefaultPVPConfiguration(); - - HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder(); - HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( - resp, true); - BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); - context.setOutboundSAMLMessageSigningCredential(credentials); - context.setOutboundSAMLMessage(response); - context.setOutboundMessageTransport(responseAdapter); - - encoder.encode(context); -// } catch (CredentialsNotAvailableException e) { -// e.printStackTrace(); -// throw new SecurityException(e); -// } - } - - public String getSAML2BindingName() { - return SAMLConstants.SAML2_SOAP11_BINDING_URI; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java index 4aa4f7419..b5f77ce1a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java @@ -49,15 +49,15 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.w3c.dom.Document; +import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.SamlAttributeGenerator; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; /** @@ -101,11 +101,11 @@ public class AttributQueryBuilder { } - public AttributeQuery buildAttributQueryRequest(String nameID, + public AttributeQuery buildAttributQueryRequest(String spEntityID, String nameID, String endpoint, List<Attribute> requestedAttributes) throws AttributQueryException { - try { + try { AttributeQuery query = new AttributeQueryBuilder().buildObject(); @@ -125,7 +125,7 @@ public class AttributQueryBuilder { query.setIssueInstant(now); Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); - nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath().get(0)); + nissuer.setValue(spEntityID); nissuer.setFormat(NameID.ENTITY); query.setIssuer(nissuer); @@ -156,10 +156,6 @@ public class AttributQueryBuilder { return query; - } catch (ConfigurationException e) { - Logger.error("Build AttributQuery Request FAILED.", e); - throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e); - } catch (CredentialsNotAvailableException e) { Logger.error("Build AttributQuery Request FAILED.", e); throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java deleted file mode 100644 index 78ddab488..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java +++ /dev/null @@ -1,147 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.builder; - -import java.util.ArrayList; -import java.util.List; - -import org.joda.time.DateTime; -import org.opensaml.Configuration; -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.core.Assertion; -import org.opensaml.saml2.core.EncryptedAssertion; -import org.opensaml.saml2.core.Issuer; -import org.opensaml.saml2.core.NameID; -import org.opensaml.saml2.core.RequestAbstractType; -import org.opensaml.saml2.core.Response; -import org.opensaml.saml2.encryption.Encrypter; -import org.opensaml.saml2.encryption.Encrypter.KeyPlacement; -import org.opensaml.saml2.metadata.SPSSODescriptor; -import org.opensaml.saml2.metadata.provider.MetadataProvider; -import org.opensaml.security.MetadataCredentialResolver; -import org.opensaml.security.MetadataCriteria; -import org.opensaml.xml.encryption.EncryptionException; -import org.opensaml.xml.encryption.EncryptionParameters; -import org.opensaml.xml.encryption.KeyEncryptionParameters; -import org.opensaml.xml.security.CriteriaSet; -import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.credential.UsageType; -import org.opensaml.xml.security.criteria.EntityIDCriteria; -import org.opensaml.xml.security.criteria.UsageCriteria; -import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory; -import org.opensaml.xml.security.x509.X509Credential; - -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; -import at.gv.egovernment.moa.logging.Logger; - -/** - * @author tlenz - * - */ -public class AuthResponseBuilder { - - public static Response buildResponse(MetadataProvider metadataProvider, String issuerEntityID, RequestAbstractType req, DateTime date, Assertion assertion, boolean enableEncryption) throws InvalidAssertionEncryptionException, ConfigurationException { - Response authResponse = SAML2Utils.createSAMLObject(Response.class); - - Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); - - nissuer.setValue(issuerEntityID); - nissuer.setFormat(NameID.ENTITY); - authResponse.setIssuer(nissuer); - authResponse.setInResponseTo(req.getID()); - - //set responseID - String remoteSessionID = SAML2Utils.getSecureIdentifier(); - authResponse.setID(remoteSessionID); - - - //SAML2 response required IssueInstant - authResponse.setIssueInstant(date); - - authResponse.setStatus(SAML2Utils.getSuccessStatus()); - - //check, if metadata includes an encryption key - MetadataCredentialResolver mdCredResolver = - new MetadataCredentialResolver(metadataProvider); - - CriteriaSet criteriaSet = new CriteriaSet(); - criteriaSet.add( new EntityIDCriteria(req.getIssuer().getValue()) ); - criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) ); - criteriaSet.add( new UsageCriteria(UsageType.ENCRYPTION) ); - - X509Credential encryptionCredentials = null; - try { - encryptionCredentials = (X509Credential) mdCredResolver.resolveSingle(criteriaSet); - - } catch (SecurityException e2) { - Logger.warn("Can not extract the Assertion Encryption-Key from metadata", e2); - throw new InvalidAssertionEncryptionException(); - - } - - if (encryptionCredentials != null && enableEncryption) { - //encrypt SAML2 assertion - - try { - - EncryptionParameters dataEncParams = new EncryptionParameters(); - dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE); - - List<KeyEncryptionParameters> keyEncParamList = new ArrayList<KeyEncryptionParameters>(); - KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters(); - - keyEncParam.setEncryptionCredential(encryptionCredentials); - keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE); - KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration() - .getKeyInfoGeneratorManager().getDefaultManager() - .getFactory(encryptionCredentials); - keyEncParam.setKeyInfoGenerator(kigf.newInstance()); - keyEncParamList.add(keyEncParam); - - Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList); - //samlEncrypter.setKeyPlacement(KeyPlacement.INLINE); - samlEncrypter.setKeyPlacement(KeyPlacement.PEER); - - EncryptedAssertion encryptAssertion = null; - - encryptAssertion = samlEncrypter.encrypt(assertion); - - authResponse.getEncryptedAssertions().add(encryptAssertion); - - } catch (EncryptionException e1) { - Logger.warn("Can not encrypt the PVP2 assertion", e1); - throw new InvalidAssertionEncryptionException(); - - } - - } else { - authResponse.getAssertions().add(assertion); - - } - - return authResponse; - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java deleted file mode 100644 index d2a63c72f..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java +++ /dev/null @@ -1,171 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.builder; - -import org.opensaml.saml2.core.Attribute; -import org.opensaml.saml2.core.AttributeValue; -import org.opensaml.xml.Configuration; -import org.opensaml.xml.XMLObject; -import org.opensaml.xml.schema.XSInteger; -import org.opensaml.xml.schema.XSString; -import org.opensaml.xml.schema.impl.XSIntegerBuilder; -import org.opensaml.xml.schema.impl.XSStringBuilder; - -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; - -public class CitizenTokenBuilder { - - public static XMLObject buildAttributeStringValue(String value) { - XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME); - XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME); - stringValue.setValue(value); - return stringValue; - } - - public static XMLObject buildAttributeIntegerValue(int value) { - XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME); - XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME); - integerValue.setValue(value); - return integerValue; - } - - public static Attribute buildStringAttribute(String friendlyName, - String name, String value) { - Attribute attribute = - SAML2Utils.createSAMLObject(Attribute.class); - attribute.setFriendlyName(friendlyName); - attribute.setName(name); - attribute.getAttributeValues().add(buildAttributeStringValue(value)); - return attribute; - } - - public static Attribute buildIntegerAttribute(String friendlyName, - String name, int value) { - Attribute attribute = - SAML2Utils.createSAMLObject(Attribute.class); - attribute.setFriendlyName(friendlyName); - attribute.setName(name); - attribute.getAttributeValues().add(buildAttributeIntegerValue(value)); - return attribute; - } - - public static Attribute buildPVPVersion(String value) { - return buildStringAttribute("PVP-VERSION", - "urn:oid:1.2.40.0.10.2.1.1.261.10", value); - } - - public static Attribute buildSecClass(int value) { - return buildIntegerAttribute("SECCLASS", - "", value); - } - - public static Attribute buildPrincipalName(String value) { - return buildStringAttribute("PRINCIPAL-NAME", - "urn:oid:1.2.40.0.10.2.1.1.261.20", value); - } - - public static Attribute buildGivenName(String value) { - return buildStringAttribute("GIVEN-NAME", - "urn:oid:2.5.4.42", value); - } - - public static Attribute buildBirthday(String value) { - return buildStringAttribute("BIRTHDATE", - "urn:oid:1.2.40.0.10.2.1.1.55", value); - } - - public static Attribute buildBPK(String value) { - return buildStringAttribute("BPK", - "urn:oid:1.2.40.0.10.2.1.1.149", value); - } - - public static Attribute buildEID_CITIZEN_QAALEVEL(int value) { - return buildIntegerAttribute("EID-CITIZEN-QAA-LEVEL", - "urn:oid:1.2.40.0.10.2.1.1.261.94", value); - } - - public static Attribute buildEID_ISSUING_NATION(String value) { - return buildStringAttribute("EID-ISSUING-NATION", - "urn:oid:1.2.40.0.10.2.1.1.261.32", value); - } - - public static Attribute buildEID_SECTOR_FOR_IDENTIFIER(String value) { - return buildStringAttribute("EID-SECTOR-FOR-IDENTIFIER", - "urn:oid:1.2.40.0.10.2.1.1.261.34", value); - } - - -// public static AttributeStatement buildCitizenToken(MOARequest obj, -// AuthenticationSession authSession) { -// AttributeStatement statement = -// SAML2Utils.createSAMLObject(AttributeStatement.class); -// -// //TL: AuthData generation is moved out from VerifyAuthBlockServlet -// try { -// -// //TODO: LOAD oaParam from request and not from MOASession in case of SSO -// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() -// .getOnlineApplicationParameter(authSession.getPublicOAURLPrefix()); -// -// AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession, -// oaParam, -// authSession.getTarget()); -// -// Attribute pvpVersion = buildPVPVersion("2.1"); -// Attribute secClass = buildSecClass(3); -// Attribute principalName = buildPrincipalName(authData.getFamilyName()); -// Attribute givenName = buildGivenName(authData.getGivenName()); -// Attribute birthdate = buildBirthday(authData.getDateOfBirth()); -// -// //TL: getIdentificationValue holds the baseID --> change to pBK -// Attribute bpk = buildBPK(authData.getBPK()); -// -// Attribute eid_citizen_qaa = buildEID_CITIZEN_QAALEVEL(3); -// Attribute eid_issuing_nation = buildEID_ISSUING_NATION("AT"); -// Attribute eid_sector_for_id = buildEID_SECTOR_FOR_IDENTIFIER(authData.getIdentificationType()); -// -// statement.getAttributes().add(pvpVersion); -// statement.getAttributes().add(secClass); -// statement.getAttributes().add(principalName); -// statement.getAttributes().add(givenName); -// statement.getAttributes().add(birthdate); -// statement.getAttributes().add(bpk); -// statement.getAttributes().add(eid_citizen_qaa); -// statement.getAttributes().add(eid_issuing_nation); -// statement.getAttributes().add(eid_sector_for_id); -// -// return statement; -// -// } catch (ConfigurationException e) { -// -// // TODO: check Exception Handling -// return null; -// } catch (BuildException e) { -// -// // TODO: check Exception Handling -// return null; -// } -// -// -// } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java deleted file mode 100644 index b82e6c1f0..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java +++ /dev/null @@ -1,207 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.builder; - -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.ServiceLoader; - -import org.opensaml.saml2.core.Attribute; -import org.opensaml.saml2.metadata.RequestedAttribute; - -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.InvalidDateFormatAttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; -import at.gv.egovernment.moa.logging.Logger; - -public class PVPAttributeBuilder { - - private static IAttributeGenerator<Attribute> generator = new SamlAttributeGenerator(); - - private static HashMap<String, IAttributeBuilder> builders; - - private static ServiceLoader<IAttributeBuilder> attributBuilderLoader = - ServiceLoader.load(IAttributeBuilder.class); - - private static void addBuilder(IAttributeBuilder builder) { - builders.put(builder.getName(), builder); - } - - static { - builders = new HashMap<String, IAttributeBuilder>(); - - Logger.info("Loading protocol attribut-builder modules:"); - if (attributBuilderLoader != null ) { - Iterator<IAttributeBuilder> moduleLoaderInterator = attributBuilderLoader.iterator(); - while (moduleLoaderInterator.hasNext()) { - try { - IAttributeBuilder modul = moduleLoaderInterator.next(); - Logger.info("Loading attribut-builder Modul Information: " + modul.getName()); - addBuilder(modul); - - } catch(Throwable e) { - Logger.error("Check configuration! " + "Some attribute-builder modul" + - " is not a valid IAttributeBuilder", e); - } - } - } - - Logger.info("Loading attribute-builder modules done"); - - } - - - /** - * Get a specific attribute builder - * - * @param name Attribute-builder friendly name - * - * @return Attribute-builder with this name or null if builder does not exists - */ - public static IAttributeBuilder getAttributeBuilder(String name) { - return builders.get(name); - - } - - public static Attribute buildAttribute(String name, IOAAuthParameters oaParam, - IAuthData authData) throws PVP2Exception, AttributeException { - if (builders.containsKey(name)) { - try { - return builders.get(name).build(oaParam, authData, generator); - } - catch (AttributeException e) { - if (e instanceof UnavailableAttributeException) { - throw e; - } else if (e instanceof InvalidDateFormatAttributeException) { - throw new InvalidDateFormatException(); - } else if (e instanceof NoMandateDataAttributeException) { - throw new NoMandateDataAvailableException(); - } else { - throw new UnprovideableAttributeException(name); - } - } - } - return null; - } - - public static Attribute buildEmptyAttribute(String name) { - if (builders.containsKey(name)) { - return builders.get(name).buildEmpty(generator); - } - return null; - } - - public static Attribute buildAttribute(String name, String value) { - if (builders.containsKey(name)) { - return builders.get(name).buildEmpty(generator); - } - return null; - } - - - - public static List<Attribute> buildSupportedEmptyAttributes() { - List<Attribute> attributes = new ArrayList<Attribute>(); - Iterator<IAttributeBuilder> builderIt = builders.values().iterator(); - while (builderIt.hasNext()) { - IAttributeBuilder builder = builderIt.next(); - Attribute emptyAttribute = builder.buildEmpty(generator); - if (emptyAttribute != null) { - attributes.add(emptyAttribute); - } - } - return attributes; - } - - public static RequestedAttribute buildReqAttribute(String name, String friendlyName, boolean required) { - RequestedAttribute attribute = SAML2Utils.createSAMLObject(RequestedAttribute.class); - attribute.setIsRequired(required); - attribute.setName(name); - attribute.setFriendlyName(friendlyName); - attribute.setNameFormat(Attribute.URI_REFERENCE); - return attribute; - } - - /** - * Build a set of PVP Response-Attributes - * <br><br> - * <b>INFO:</b> If a specific attribute can not be build, a info is logged, but no execpetion is thrown. - * Therefore, the return List must not include all requested attributes. - * - * @param authData AuthenticationData <code>IAuthData</code> which is used to build the attribute values, but never <code>null</code> - * @param reqAttributenName List of PVP attribute names which are requested, but never <code>null</code> - * @return List of PVP attributes, but never <code>null</code> - */ - public static List<Attribute> buildSetOfResponseAttributes(IAuthData authData, - Collection<String> reqAttributenName) { - List<Attribute> attrList = new ArrayList<Attribute>(); - if (reqAttributenName != null) { - Iterator<String> it = reqAttributenName.iterator(); - while (it.hasNext()) { - String reqAttributName = it.next(); - try { - Attribute attr = PVPAttributeBuilder.buildAttribute( - reqAttributName, null, authData); - if (attr == null) { - Logger.info( - "Attribute generation failed! for " - + reqAttributName); - - } else { - attrList.add(attr); - - } - - } catch (PVP2Exception e) { - Logger.info( - "Attribute generation failed! for " - + reqAttributName); - - } catch (Exception e) { - Logger.warn( - "General Attribute generation failed! for " - + reqAttributName, e); - - } - } - } - - return attrList; - } - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java deleted file mode 100644 index f29418853..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java +++ /dev/null @@ -1,221 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.builder; - -import java.security.NoSuchAlgorithmException; - -import javax.servlet.http.HttpServletResponse; - -import org.joda.time.DateTime; -import org.opensaml.common.impl.SecureRandomIdentifierGenerator; -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.core.AuthnContextClassRef; -import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; -import org.opensaml.saml2.core.AuthnRequest; -import org.opensaml.saml2.core.Issuer; -import org.opensaml.saml2.core.NameID; -import org.opensaml.saml2.core.NameIDPolicy; -import org.opensaml.saml2.core.NameIDType; -import org.opensaml.saml2.core.RequestedAuthnContext; -import org.opensaml.saml2.core.Subject; -import org.opensaml.saml2.core.SubjectConfirmation; -import org.opensaml.saml2.core.SubjectConfirmationData; -import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.saml2.metadata.SingleSignOnService; -import org.opensaml.ws.message.encoder.MessageEncodingException; -import org.opensaml.xml.security.SecurityException; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.stereotype.Service; - -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -/** - * @author tlenz - * - */ -@Service("PVPAuthnRequestBuilder") -public class PVPAuthnRequestBuilder { - - @Autowired(required=true) ApplicationContext springContext; - - /** - * Build a PVP2.x specific authentication request - * - * @param pendingReq Currently processed pendingRequest - * @param config AuthnRequest builder configuration, never null - * @param idpEntity SAML2 EntityDescriptor of the IDP, which receive this AuthnRequest, never null - * @param httpResp - * @throws NoSuchAlgorithmException - * @throws SecurityException - * @throws PVP2Exception - * @throws MessageEncodingException - */ - public void buildAuthnRequest(IRequest pendingReq, IPVPAuthnRequestBuilderConfiguruation config, - HttpServletResponse httpResp) throws NoSuchAlgorithmException, MessageEncodingException, PVP2Exception, SecurityException { - //get IDP Entity element from config - EntityDescriptor idpEntity = config.getIDPEntityDescriptor(); - - AuthnRequest authReq = SAML2Utils - .createSAMLObject(AuthnRequest.class); - - //select SingleSignOn Service endpoint from IDP metadata - SingleSignOnService endpoint = null; - for (SingleSignOnService sss : - idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { - - // use POST binding as default if it exists - if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { - endpoint = sss; - - } else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) - && endpoint == null ) - endpoint = sss; - - } - - if (endpoint == null) { - Logger.warn("Building AuthnRequest FAILED: > Requested IDP " + idpEntity.getEntityID() - + " does not support POST or Redirect Binding."); - throw new AuthnRequestBuildException("sp.pvp2.00", new Object[]{config.getSPNameForLogging(), idpEntity.getEntityID()}); - - } else - authReq.setDestination(endpoint.getLocation()); - - - //set basic AuthnRequest information - String reqID = config.getRequestID(); - if (MiscUtil.isNotEmpty(reqID)) - authReq.setID(reqID); - - else { - SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); - authReq.setID(gen.generateIdentifier()); - - } - - authReq.setIssueInstant(new DateTime()); - - //set isPassive flag - if (config.isPassivRequest() == null) - authReq.setIsPassive(false); - else - authReq.setIsPassive(config.isPassivRequest()); - - //set EntityID of the service provider - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - issuer.setFormat(NameIDType.ENTITY); - issuer.setValue(config.getSPEntityID()); - authReq.setIssuer(issuer); - - //set AssertionConsumerService ID - if (config.getAssertionConsumerServiceId() != null) - authReq.setAssertionConsumerServiceIndex(config.getAssertionConsumerServiceId()); - - //set NameIDPolicy - if (config.getNameIDPolicyFormat() != null) { - NameIDPolicy policy = SAML2Utils.createSAMLObject(NameIDPolicy.class); - policy.setAllowCreate(config.getNameIDPolicyAllowCreation()); - policy.setFormat(config.getNameIDPolicyFormat()); - authReq.setNameIDPolicy(policy); - } - - //set requested QAA level - if (config.getAuthnContextClassRef() != null) { - RequestedAuthnContext reqAuthContext = SAML2Utils.createSAMLObject(RequestedAuthnContext.class); - AuthnContextClassRef authnClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class); - - authnClassRef.setAuthnContextClassRef(config.getAuthnContextClassRef()); - - if (config.getAuthnContextComparison() == null) - reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); - else - reqAuthContext.setComparison(config.getAuthnContextComparison()); - - reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); - authReq.setRequestedAuthnContext(reqAuthContext); - } - - //set request Subject element - if (MiscUtil.isNotEmpty(config.getSubjectNameID())) { - Subject reqSubject = SAML2Utils.createSAMLObject(Subject.class); - NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); - - subjectNameID.setValue(config.getSubjectNameID()); - if (MiscUtil.isNotEmpty(config.getSubjectNameIDQualifier())) - subjectNameID.setNameQualifier(config.getSubjectNameIDQualifier()); - - if (MiscUtil.isNotEmpty(config.getSubjectNameIDFormat())) - subjectNameID.setFormat(config.getSubjectNameIDFormat()); - else - subjectNameID.setFormat(NameID.TRANSIENT); - - reqSubject.setNameID(subjectNameID); - - if (config.getSubjectConformationDate() != null) { - SubjectConfirmation subjectConformation = SAML2Utils.createSAMLObject(SubjectConfirmation.class); - SubjectConfirmationData subjectConformDate = SAML2Utils.createSAMLObject(SubjectConfirmationData.class); - subjectConformation.setSubjectConfirmationData(subjectConformDate); - reqSubject.getSubjectConfirmations().add(subjectConformation ); - - if (config.getSubjectConformationMethode() != null) - subjectConformation.setMethod(config.getSubjectConformationMethode()); - - subjectConformDate.setDOM(config.getSubjectConformationDate()); - - } - - authReq.setSubject(reqSubject ); - - } - - //TODO: implement requested attributes - //maybe: config.getRequestedAttributes(); - - //select message encoder - IEncoder binding = null; - if (endpoint.getBinding().equals( - SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class); - - } else if (endpoint.getBinding().equals( - SAMLConstants.SAML2_POST_BINDING_URI)) { - binding = springContext.getBean("PVPPOSTBinding", PostBinding.class); - - } - - //encode message - binding.encodeRequest(null, httpResp, authReq, - endpoint.getLocation(), pendingReq.getRequestID(), config.getAuthnRequestSigningCredential(), pendingReq); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java deleted file mode 100644 index e2ac50e5e..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java +++ /dev/null @@ -1,442 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.builder; - -import java.io.IOException; -import java.io.StringWriter; -import java.util.List; - -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.transform.Transformer; -import javax.xml.transform.TransformerException; -import javax.xml.transform.TransformerFactory; -import javax.xml.transform.TransformerFactoryConfigurationError; -import javax.xml.transform.dom.DOMSource; -import javax.xml.transform.stream.StreamResult; - -import org.joda.time.DateTime; -import org.opensaml.Configuration; -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.metadata.AssertionConsumerService; -import org.opensaml.saml2.metadata.AttributeConsumingService; -import org.opensaml.saml2.metadata.ContactPerson; -import org.opensaml.saml2.metadata.EntitiesDescriptor; -import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.saml2.metadata.IDPSSODescriptor; -import org.opensaml.saml2.metadata.KeyDescriptor; -import org.opensaml.saml2.metadata.LocalizedString; -import org.opensaml.saml2.metadata.NameIDFormat; -import org.opensaml.saml2.metadata.Organization; -import org.opensaml.saml2.metadata.RequestedAttribute; -import org.opensaml.saml2.metadata.RoleDescriptor; -import org.opensaml.saml2.metadata.SPSSODescriptor; -import org.opensaml.saml2.metadata.ServiceName; -import org.opensaml.saml2.metadata.SingleLogoutService; -import org.opensaml.saml2.metadata.SingleSignOnService; -import org.opensaml.xml.io.Marshaller; -import org.opensaml.xml.io.MarshallingException; -import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.SecurityHelper; -import org.opensaml.xml.security.credential.Credential; -import org.opensaml.xml.security.credential.UsageType; -import org.opensaml.xml.security.keyinfo.KeyInfoGenerator; -import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; -import org.opensaml.xml.signature.Signature; -import org.opensaml.xml.signature.SignatureException; -import org.opensaml.xml.signature.Signer; -import org.springframework.stereotype.Service; -import org.w3c.dom.Document; - -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -/** - * @author tlenz - * - */ - -@Service("PVPMetadataBuilder") -public class PVPMetadataBuilder { - - X509KeyInfoGeneratorFactory keyInfoFactory = null; - - /** - * - */ - public PVPMetadataBuilder() { - keyInfoFactory = new X509KeyInfoGeneratorFactory(); - keyInfoFactory.setEmitEntityIDAsKeyName(true); - keyInfoFactory.setEmitEntityCertificate(true); - - } - - - /** - * - * Build PVP 2.1 conform SAML2 metadata - * - * @param config - * PVPMetadataBuilder configuration - * - * @return PVP metadata as XML String - * @throws SecurityException - * @throws ConfigurationException - * @throws CredentialsNotAvailableException - * @throws TransformerFactoryConfigurationError - * @throws MarshallingException - * @throws TransformerException - * @throws ParserConfigurationException - * @throws IOException - * @throws SignatureException - */ - public String buildPVPMetadata(IPVPMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, ConfigurationException, SecurityException, TransformerFactoryConfigurationError, MarshallingException, TransformerException, ParserConfigurationException, IOException, SignatureException { - DateTime date = new DateTime(); - EntityDescriptor entityDescriptor = SAML2Utils - .createSAMLObject(EntityDescriptor.class); - - //set entityID - entityDescriptor.setEntityID(config.getEntityID()); - - //set contact and organisation information - List<ContactPerson> contactPersons = config.getContactPersonInformation(); - if (contactPersons != null) - entityDescriptor.getContactPersons().addAll(contactPersons); - - Organization organisation = config.getOrgansiationInformation(); - if (organisation != null) - entityDescriptor.setOrganization(organisation); - - //set IDP metadata - if (config.buildIDPSSODescriptor()) { - RoleDescriptor idpSSODesc = generateIDPMetadata(config); - if (idpSSODesc != null) - entityDescriptor.getRoleDescriptors().add(idpSSODesc); - - } - - //set SP metadata for interfederation - if (config.buildSPSSODescriptor()) { - RoleDescriptor spSSODesc = generateSPMetadata(config); - if (spSSODesc != null) - entityDescriptor.getRoleDescriptors().add(spSSODesc); - - } - - //set metadata signature parameters - Credential metadataSignCred = config.getMetadataSigningCredentials(); - Signature signature = AbstractCredentialProvider.getIDPSignature(metadataSignCred); - SecurityHelper.prepareSignatureParams(signature, metadataSignCred, null, null); - - //initialize XML document builder - DocumentBuilder builder; - DocumentBuilderFactory factory = DocumentBuilderFactory - .newInstance(); - - builder = factory.newDocumentBuilder(); - Document document = builder.newDocument(); - - - //build entities descriptor - if (config.buildEntitiesDescriptorAsRootElement()) { - EntitiesDescriptor entitiesDescriptor = - SAML2Utils.createSAMLObject(EntitiesDescriptor.class); - entitiesDescriptor.setName(config.getEntityFriendlyName()); - entitiesDescriptor.setID(SAML2Utils.getSecureIdentifier()); - entitiesDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil())); - entitiesDescriptor.getEntityDescriptors().add(entityDescriptor); - - //load default PVP security configurations - MOADefaultBootstrap.initializeDefaultPVPConfiguration(); - entitiesDescriptor.setSignature(signature); - - - //marshall document - Marshaller out = Configuration.getMarshallerFactory() - .getMarshaller(entitiesDescriptor); - out.marshall(entitiesDescriptor, document); - - } else { - entityDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil())); - entityDescriptor.setID(SAML2Utils.getSecureIdentifier()); - - entityDescriptor.setSignature(signature); - - - - //marshall document - Marshaller out = Configuration.getMarshallerFactory() - .getMarshaller(entityDescriptor); - out.marshall(entityDescriptor, document); - - } - - //sign metadata - Signer.signObject(signature); - - //transform metadata object to XML string - Transformer transformer = TransformerFactory.newInstance() - .newTransformer(); - - StringWriter sw = new StringWriter(); - StreamResult sr = new StreamResult(sw); - DOMSource source = new DOMSource(document); - transformer.transform(source, sr); - sw.close(); - - return sw.toString(); - } - - - private RoleDescriptor generateSPMetadata(IPVPMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, SecurityException, ConfigurationException { - SPSSODescriptor spSSODescriptor = SAML2Utils.createSAMLObject(SPSSODescriptor.class); - spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); - spSSODescriptor.setAuthnRequestsSigned(config.wantAuthnRequestSigned()); - spSSODescriptor.setWantAssertionsSigned(config.wantAssertionSigned()); - - KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); - - //Set AuthRequest Signing certificate - Credential authcredential = config.getRequestorResponseSigningCredentials(); - if (authcredential == null) { - Logger.warn("SP Metadata generation FAILED! --> Builder has NO request signing-credential. "); - return null; - - } else { - KeyDescriptor signKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - signKeyDescriptor.setUse(UsageType.SIGNING); - signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential)); - spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); - - } - - //Set assertion encryption credentials - Credential authEncCredential = config.getEncryptionCredentials(); - - if (authEncCredential != null) { - KeyDescriptor encryKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - encryKeyDescriptor.setUse(UsageType.ENCRYPTION); - encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential)); - spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); - - } else { - Logger.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); - - } - - //check nameID formates - if (config.getSPAllowedNameITTypes() == null || config.getSPAllowedNameITTypes().size() == 0) { - Logger.warn("SP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. "); - return null; - - } else { - for (String format : config.getSPAllowedNameITTypes()) { - NameIDFormat nameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - nameIDFormat.setFormat(format); - spSSODescriptor.getNameIDFormats().add(nameIDFormat); - - } - } - - - //add POST-Binding assertion consumer services - if (MiscUtil.isNotEmpty(config.getSPAssertionConsumerServicePostBindingURL())) { - AssertionConsumerService postassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class); - postassertionConsumerService.setIndex(0); - postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); - postassertionConsumerService.setLocation(config.getSPAssertionConsumerServicePostBindingURL()); - postassertionConsumerService.setIsDefault(true); - spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); - - } - - //add POST-Binding assertion consumer services - if (MiscUtil.isNotEmpty(config.getSPAssertionConsumerServiceRedirectBindingURL())) { - AssertionConsumerService redirectassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class); - redirectassertionConsumerService.setIndex(1); - redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - redirectassertionConsumerService.setLocation(config.getSPAssertionConsumerServiceRedirectBindingURL()); - spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService); - - } - - //validate WebSSO endpoints - if (spSSODescriptor.getAssertionConsumerServices().size() == 0) { - Logger.warn("SP Metadata generation FAILED! --> NO SAML2 AssertionConsumerService endpoint found. "); - return null; - - } - - //add POST-Binding SLO descriptor - if (MiscUtil.isNotEmpty(config.getSPSLOPostBindingURL())) { - SingleLogoutService postSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); - postSLOService.setLocation(config.getSPSLOPostBindingURL()); - postSLOService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); - spSSODescriptor.getSingleLogoutServices().add(postSLOService); - - } - - //add POST-Binding SLO descriptor - if (MiscUtil.isNotEmpty(config.getSPSLORedirectBindingURL())) { - SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); - redirectSLOService.setLocation(config.getSPSLORedirectBindingURL()); - redirectSLOService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - spSSODescriptor.getSingleLogoutServices().add(redirectSLOService); - - } - - //add POST-Binding SLO descriptor - if (MiscUtil.isNotEmpty(config.getSPSLOSOAPBindingURL())) { - SingleLogoutService soapSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); - soapSLOService.setLocation(config.getSPSLOSOAPBindingURL()); - soapSLOService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); - spSSODescriptor.getSingleLogoutServices().add(soapSLOService); - - } - - - //add required attributes - List<RequestedAttribute> reqSPAttr = config.getSPRequiredAttributes(); - AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class); - - attributeService.setIndex(0); - attributeService.setIsDefault(true); - ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); - serviceName.setName(new LocalizedString("Default Service", "en")); - attributeService.getNames().add(serviceName); - - if (reqSPAttr != null && reqSPAttr.size() > 0) { - Logger.debug("Add " + reqSPAttr.size() + " attributes to SP metadata"); - attributeService.getRequestAttributes().addAll(reqSPAttr); - - } else { - Logger.debug("SP metadata contains NO requested attributes."); - - } - - spSSODescriptor.getAttributeConsumingServices().add(attributeService); - - return spSSODescriptor; - } - - private IDPSSODescriptor generateIDPMetadata(IPVPMetadataBuilderConfiguration config) throws ConfigurationException, CredentialsNotAvailableException, SecurityException { - //check response signing credential - Credential responseSignCred = config.getRequestorResponseSigningCredentials(); - if (responseSignCred == null) { - Logger.warn("IDP Metadata generation FAILED! --> Builder has NO Response signing credential. "); - return null; - - } - - //check nameID formates - if (config.getIDPPossibleNameITTypes() == null || config.getIDPPossibleNameITTypes().size() == 0) { - Logger.warn("IDP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. "); - return null; - - } - - // build SAML2 IDP-SSO descriptor element - IDPSSODescriptor idpSSODescriptor = SAML2Utils - .createSAMLObject(IDPSSODescriptor.class); - - idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); - - //set ass default value, because PVP 2.x specification defines this feature as MUST - idpSSODescriptor.setWantAuthnRequestsSigned(config.wantAuthnRequestSigned()); - - // add WebSSO descriptor for POST-Binding - if (MiscUtil.isNotEmpty(config.getIDPWebSSOPostBindingURL())) { - SingleSignOnService postSingleSignOnService = SAML2Utils.createSAMLObject(SingleSignOnService.class); - postSingleSignOnService.setLocation(config.getIDPWebSSOPostBindingURL()); - postSingleSignOnService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); - idpSSODescriptor.getSingleSignOnServices().add(postSingleSignOnService); - - } - - // add WebSSO descriptor for Redirect-Binding - if (MiscUtil.isNotEmpty(config.getIDPWebSSORedirectBindingURL())) { - SingleSignOnService postSingleSignOnService = SAML2Utils.createSAMLObject(SingleSignOnService.class); - postSingleSignOnService.setLocation(config.getIDPWebSSORedirectBindingURL()); - postSingleSignOnService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - idpSSODescriptor.getSingleSignOnServices().add(postSingleSignOnService); - - } - - //add Single LogOut POST-Binding endpoing - if (MiscUtil.isNotEmpty(config.getIDPSLOPostBindingURL())) { - SingleLogoutService postSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); - postSLOService.setLocation(config.getIDPSLOPostBindingURL()); - postSLOService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); - idpSSODescriptor.getSingleLogoutServices().add(postSLOService); - - } - - //add Single LogOut Redirect-Binding endpoing - if (MiscUtil.isNotEmpty(config.getIDPSLORedirectBindingURL())) { - SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); - redirectSLOService.setLocation(config.getIDPSLORedirectBindingURL()); - redirectSLOService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - idpSSODescriptor.getSingleLogoutServices().add(redirectSLOService); - - } - - //validate WebSSO endpoints - if (idpSSODescriptor.getSingleSignOnServices().size() == 0) { - Logger.warn("IDP Metadata generation FAILED! --> NO SAML2 SingleSignOnService endpoint found. "); - return null; - - } - - //set assertion signing key - KeyDescriptor signKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - signKeyDescriptor.setUse(UsageType.SIGNING); - KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); - signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(config.getRequestorResponseSigningCredentials())); - idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); - - //set IDP attribute set - idpSSODescriptor.getAttributes().addAll(config.getIDPPossibleAttributes()); - - //set providable nameID formats - for (String format : config.getIDPPossibleNameITTypes()) { - NameIDFormat nameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - nameIDFormat.setFormat(format); - idpSSODescriptor.getNameIDFormats().add(nameIDFormat); - - } - - return idpSSODescriptor; - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java index 4fef52aec..8229fb405 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java @@ -23,14 +23,20 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder; import java.security.NoSuchAlgorithmException; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Date; +import java.util.Iterator; import java.util.LinkedHashMap; import java.util.List; +import java.util.Map.Entry; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; +import org.apache.commons.lang.SerializationUtils; import org.joda.time.DateTime; import org.opensaml.Configuration; import org.opensaml.common.SAMLObject; @@ -52,6 +58,8 @@ import org.opensaml.saml2.metadata.SingleLogoutService; import org.opensaml.saml2.metadata.impl.SingleLogoutServiceBuilder; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.soap.common.SOAPException; +import org.opensaml.xml.XMLObject; import org.opensaml.xml.io.Marshaller; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.x509.X509Credential; @@ -63,30 +71,48 @@ import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; import org.w3c.dom.Document; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; +import at.gv.egiz.eaaf.modules.pvp2.exception.BindingNotSupportedException; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException; +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.StringRedirectDeflateEncoder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.data.ISLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationContainer; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.opemsaml.MOAStringRedirectDeflateEncoder; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz @@ -98,6 +124,187 @@ public class SingleLogOutBuilder { @Autowired(required=true) private MOAMetadataProvider metadataProvider; @Autowired(required=true) ApplicationContext springContext; @Autowired private IDPCredentialProvider credentialProvider; + @Autowired private SAMLVerificationEngineSP samlVerificationEngine; + @Autowired private IGUIFormBuilder guiBuilder; + @Autowired(required=true) protected IRevisionLogger revisionsLogger; + @Autowired private ITransactionStorage transactionStorage; + @Autowired(required=true) IPVP2BasicConfiguration pvpBasicConfiguration; + + public static final int SLOTIMEOUT = 30 * 1000; //30 sec + + public void toTechnicalLogout(ISLOInformationContainer sloContainer, + HttpServletRequest httpReq, HttpServletResponse httpResp, String authUrl) throws EAAFException { + Logger.trace("Starting Service-Provider logout process ... "); + revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_STARTED); + + //start service provider back channel logout process + Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA(); + while (nextOAInterator.hasNext()) { + SLOInformationInterface sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next()); + LogoutRequest sloReq = buildSLORequestMessage(sloDescr); + + try { + Logger.trace("Send backchannel SLO Request to " + sloDescr.getSpEntityID()); + List<XMLObject> soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq); + + LogoutResponse sloResp = null; + for (XMLObject el : soapResp) { + if (el instanceof LogoutResponse) + sloResp = (LogoutResponse) el; + } + + if (sloResp == null) { + Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID() + + " FAILED. NO LogOut response received."); + sloContainer.putFailedOA(sloDescr.getSpEntityID()); + + } else { + samlVerificationEngine.verifySLOResponse(sloResp, + TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); + + } + + checkStatusCode(sloContainer, sloResp); + + } catch (SOAPException e) { + Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID() + + " FAILED.", e); + sloContainer.putFailedOA(sloDescr.getSpEntityID()); + + } catch (SecurityException | InvalidProtocolRequestException e) { + Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID() + + " FAILED.", e); + sloContainer.putFailedOA(sloDescr.getSpEntityID()); + + } + } + + IRequest pendingReq = null; + PVPSProfilePendingRequest pvpReq = null; + //start service provider front channel logout process + try { + if (sloContainer.hasFrontChannelOA()) { + String relayState = Random.nextRandom(); + + Collection<Entry<String, SLOInformationInterface>> sloDescr = sloContainer.getFrontChannelOASessionDescriptions(); + List<String> sloReqList = new ArrayList<String>(); + for (Entry<String, SLOInformationInterface> el : sloDescr) { + Logger.trace("Build frontChannel SLO Request for " + el.getValue().getSpEntityID()); + + LogoutRequest sloReq = buildSLORequestMessage(el.getValue()); + try { + sloReqList.add(getFrontChannelSLOMessageURL(el.getValue().getServiceURL(), el.getValue().getBinding(), + sloReq, httpReq, httpResp, relayState)); + + } catch (Exception e) { + Logger.warn("Failed to build SLO request for OA:" + el.getKey()); + sloContainer.putFailedOA(el.getKey()); + + } + } + + //put SLO process-information into transaction storage + AssertionStore rawContainer = new AssertionStore(); + rawContainer.setArtifact(relayState); + rawContainer.setDatatime(new Date()); + rawContainer.setAssertion(SerializationUtils.serialize(sloContainer)); + rawContainer.setType(sloContainer.getClass().getName()); + transactionStorage.putRaw(relayState, rawContainer); + + if (MiscUtil.isEmpty(authUrl)) + authUrl = sloContainer.getSloRequest().getAuthURL(); + + String timeOutURL = authUrl + + "/idpSingleLogout" + + "?restart=" + relayState; + + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + authUrl, + DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, + null); + + config.putCustomParameterWithOutEscaption("redirectURLs", sloReqList); + config.putCustomParameterWithOutEscaption("timeoutURL", timeOutURL); + config.putCustomParameter("timeout", String.valueOf(SLOTIMEOUT)); + + guiBuilder.build(httpResp, config, "Single-LogOut GUI"); + + + } else { + pendingReq = sloContainer.getSloRequest(); + if (pendingReq != null && pendingReq instanceof PVPSProfilePendingRequest) { + //send SLO response to SLO request issuer + pvpReq = (PVPSProfilePendingRequest)pendingReq; + SingleLogoutService sloService = getResponseSLODescriptor(pvpReq); + LogoutResponse message = buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs()); + sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, pvpReq.getRequest().getRelayState(), pvpReq); + + } else { + //print SLO information directly + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + authUrl, + DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, + null); + + if (sloContainer.getSloFailedOAs() == null || + sloContainer.getSloFailedOAs().size() == 0) { + revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID); + config.putCustomParameter("successMsg", + MOAIDMessageProvider.getInstance().getMessage("slo.00", null)); + + } else { + revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); + config.putCustomParameterWithOutEscaption("errorMsg", + MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); + + } + guiBuilder.build(httpResp, config, "Single-LogOut GUI"); + + } + + } + + } catch (GUIBuildException e) { + Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage()); + throw new MOAIDException("builder.09", new Object[]{e.getMessage()}, e); + + } catch (MOADatabaseException e) { + Logger.error("MOA AssertionDatabase ERROR", e); + if (pvpReq != null) { + SingleLogoutService sloService = getResponseSLODescriptor(pvpReq); + LogoutResponse message = buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); + sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, pvpReq.getRequest().getRelayState(), pvpReq); + + revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); + + }else { + //print SLO information directly + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + authUrl, + DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, + null); + + revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); + config.putCustomParameterWithOutEscaption("errorMsg", + MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); + + try { + guiBuilder.build(httpResp, config, "Single-LogOut GUI"); + + } catch (GUIBuildException e1) { + Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage()); + throw new MOAIDException("builder.09", new Object[]{e.getMessage()}, e); + + } + + } + + } catch (Exception e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + public void checkStatusCode(ISLOInformationContainer sloContainer, LogoutResponse logOutResp) { @@ -125,10 +332,11 @@ public class SingleLogOutBuilder { * @param httpResp * @param relayState * @return + * @throws CredentialsNotAvailableException */ public String getFrontChannelSLOMessageURL(String serviceURL, String bindingType, RequestAbstractType sloReq, HttpServletRequest httpReq, - HttpServletResponse httpResp, String relayState) throws MOAIDException { + HttpServletResponse httpResp, String relayState) throws MOAIDException, CredentialsNotAvailableException { try { X509Credential credentials = credentialProvider @@ -136,7 +344,7 @@ public class SingleLogOutBuilder { Logger.debug("create SAML RedirectBinding response"); - MOAStringRedirectDeflateEncoder encoder = new MOAStringRedirectDeflateEncoder(); + StringRedirectDeflateEncoder encoder = new StringRedirectDeflateEncoder(); BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); SingleLogoutService service = new SingleLogoutServiceBuilder() .buildObject(); @@ -160,7 +368,7 @@ public class SingleLogOutBuilder { public String getFrontChannelSLOMessageURL(SingleLogoutService service, StatusResponseType sloResp, HttpServletRequest httpReq, - HttpServletResponse httpResp, String relayState) throws MOAIDException { + HttpServletResponse httpResp, String relayState) throws MOAIDException, CredentialsNotAvailableException { try { X509Credential credentials = credentialProvider @@ -168,7 +376,7 @@ public class SingleLogOutBuilder { Logger.debug("create SAML RedirectBinding response"); - MOAStringRedirectDeflateEncoder encoder = new MOAStringRedirectDeflateEncoder(); + StringRedirectDeflateEncoder encoder = new StringRedirectDeflateEncoder(); BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); context.setOutboundSAMLMessageSigningCredential(credentials); context.setPeerEntityEndpoint(service); @@ -188,7 +396,7 @@ public class SingleLogOutBuilder { public void sendFrontChannelSLOMessage(SingleLogoutService consumerService, LogoutResponse sloResp, HttpServletRequest req, HttpServletResponse resp, - String relayState, PVPTargetConfiguration pvpReq) throws MOAIDException { + String relayState, PVPSProfilePendingRequest pvpReq) throws MOAIDException, PVP2Exception, CredentialsNotAvailableException { IEncoder binding = null; if (consumerService.getBinding().equals( SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { @@ -221,7 +429,7 @@ public class SingleLogOutBuilder { } - public LogoutRequest buildSLORequestMessage(SLOInformationImpl sloInfo) throws ConfigurationException, MOAIDException { + public LogoutRequest buildSLORequestMessage(SLOInformationInterface sloDescr) throws EAAFException { LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class); SecureRandomIdentifierGenerator gen; @@ -237,17 +445,17 @@ public class SingleLogOutBuilder { DateTime now = new DateTime(); Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(sloInfo.getAuthURL())); + issuer.setValue(pvpBasicConfiguration.getIDPEntityId(sloDescr.getAuthURL())); issuer.setFormat(NameID.ENTITY); sloReq.setIssuer(issuer); sloReq.setIssueInstant(now); sloReq.setNotOnOrAfter(now.plusMinutes(5)); - sloReq.setDestination(sloInfo.getServiceURL()); + sloReq.setDestination(sloDescr.getServiceURL()); NameID nameID = SAML2Utils.createSAMLObject(NameID.class); - nameID.setFormat(sloInfo.getUserNameIDFormat()); - nameID.setValue(sloInfo.getUserNameIdentifier()); + nameID.setFormat(sloDescr.getUserNameIDFormat()); + nameID.setValue(sloDescr.getUserNameIdentifier()); sloReq.setNameID(nameID ); //sign message @@ -281,7 +489,7 @@ public class SingleLogOutBuilder { return sloReq; } - public LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest, String firstLevelStatusCode) throws ConfigurationException, MOAIDException { + public LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest, String firstLevelStatusCode) throws EAAFException { LogoutResponse sloResp = buildBasicResponse(sloService, spRequest); Status status = SAML2Utils.createSAMLObject(Status.class); @@ -298,7 +506,7 @@ public class SingleLogOutBuilder { return sloResp; } - public LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPTargetConfiguration spRequest, List<String> failedOAs) throws MOAIDException { + public LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest, List<String> failedOAs) throws EAAFException { LogoutResponse sloResp = buildBasicResponse(sloService, spRequest); Status status; @@ -323,11 +531,10 @@ public class SingleLogOutBuilder { } - private LogoutResponse buildBasicResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException, MOAIDException { + private LogoutResponse buildBasicResponse(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest) throws EAAFException { LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService( - spRequest.getAuthURLWithOutSlash())); + issuer.setValue(pvpBasicConfiguration.getIDPEntityId(spRequest.getAuthURLWithOutSlash())); issuer.setFormat(NameID.ENTITY); sloResp.setIssuer(issuer); sloResp.setIssueInstant(new DateTime()); @@ -344,9 +551,9 @@ public class SingleLogOutBuilder { } - if (spRequest.getRequest() instanceof MOARequest && - ((MOARequest)spRequest.getRequest()).getSamlRequest() instanceof LogoutRequest) { - LogoutRequest sloReq = (LogoutRequest) ((MOARequest)spRequest.getRequest()).getSamlRequest(); + if (spRequest.getRequest() instanceof PVPSProfileRequest && + ((PVPSProfileRequest)spRequest.getRequest()).getSamlRequest() instanceof LogoutRequest) { + LogoutRequest sloReq = (LogoutRequest) ((PVPSProfileRequest)spRequest.getRequest()).getSamlRequest(); sloResp.setInResponseTo(sloReq.getID()); } @@ -396,8 +603,8 @@ public class SingleLogOutBuilder { } - public SingleLogoutService getResponseSLODescriptor(PVPTargetConfiguration spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException { - MOARequest moaReq = (MOARequest) spRequest.getRequest(); + public SingleLogoutService getResponseSLODescriptor(PVPSProfilePendingRequest spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException { + PVPSProfileRequest moaReq = (PVPSProfileRequest) spRequest.getRequest(); EntityDescriptor metadata = moaReq.getEntityMetadata(metadataProvider); SSODescriptor ssodesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); @@ -435,9 +642,9 @@ public class SingleLogOutBuilder { public void parseActiveOAs(SLOInformationContainer container, List<OASessionStore> dbOAs, String removeOAID) { if (container.getActiveBackChannelOAs() == null) - container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationImpl>()); + container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationInterface>()); if (container.getActiveFrontChannalOAs() == null) - container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationImpl>()); + container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationInterface>()); if (dbOAs != null) { @@ -459,7 +666,8 @@ public class SingleLogOutBuilder { oa.getUserNameID(), oa.getUserNameIDFormat(), oa.getProtocolType(), - sloDesc)); + sloDesc.getBinding(), + sloDesc.getLocation())); else container.getActiveFrontChannalOAs().put(oa.getOaurlprefix(), @@ -470,7 +678,8 @@ public class SingleLogOutBuilder { oa.getUserNameID(), oa.getUserNameIDFormat(), oa.getProtocolType(), - sloDesc)); + sloDesc.getBinding(), + sloDesc.getLocation())); } catch (NOSLOServiceDescriptorException e) { container.putFailedOA(oa.getOaurlprefix()); @@ -491,9 +700,9 @@ public class SingleLogOutBuilder { public void parseActiveIDPs(SLOInformationContainer container, List<InterfederationSessionStore> dbIDPs, String removeIDP) { if (container.getActiveBackChannelOAs() == null) - container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationImpl>()); + container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationInterface>()); if (container.getActiveFrontChannalOAs() == null) - container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationImpl>()); + container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationInterface>()); if (dbIDPs != null) { for (InterfederationSessionStore el : dbIDPs) { @@ -511,7 +720,8 @@ public class SingleLogOutBuilder { el.getUserNameID(), NameID.TRANSIENT, PVP2XProtocol.NAME, - sloDesc)); + sloDesc.getBinding(), + sloDesc.getLocation())); } catch (NOSLOServiceDescriptorException e) { container.putFailedOA(el.getIdpurlprefix()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java deleted file mode 100644 index 196aa47af..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ /dev/null @@ -1,536 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion; - -import java.security.MessageDigest; -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; - -import org.joda.time.DateTime; -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.core.Assertion; -import org.opensaml.saml2.core.Attribute; -import org.opensaml.saml2.core.AttributeQuery; -import org.opensaml.saml2.core.AttributeStatement; -import org.opensaml.saml2.core.Audience; -import org.opensaml.saml2.core.AudienceRestriction; -import org.opensaml.saml2.core.AuthnContext; -import org.opensaml.saml2.core.AuthnContextClassRef; -import org.opensaml.saml2.core.AuthnRequest; -import org.opensaml.saml2.core.AuthnStatement; -import org.opensaml.saml2.core.Conditions; -import org.opensaml.saml2.core.Issuer; -import org.opensaml.saml2.core.NameID; -import org.opensaml.saml2.core.RequestedAuthnContext; -import org.opensaml.saml2.core.Subject; -import org.opensaml.saml2.core.SubjectConfirmation; -import org.opensaml.saml2.core.SubjectConfirmationData; -import org.opensaml.saml2.core.impl.AuthnRequestImpl; -import org.opensaml.saml2.metadata.AssertionConsumerService; -import org.opensaml.saml2.metadata.AttributeConsumingService; -import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.saml2.metadata.NameIDFormat; -import org.opensaml.saml2.metadata.RequestedAttribute; -import org.opensaml.saml2.metadata.SPSSODescriptor; -import org.w3c.dom.Element; - -import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; -import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; -import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; -import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; -import at.gv.egovernment.moa.id.util.MandateBuilder; -import at.gv.egovernment.moa.id.util.QAALevelVerifier; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.MiscUtil; - -public class PVP2AssertionBuilder implements PVPConstants { - - /** - * Build a PVP assertion as response for a SAML2 AttributeQuery request - * - * @param issuerEntityID EnitiyID, which should be used for this IDP response - * @param attrQuery AttributeQuery request from Service-Provider - * @param attrList List of PVP response attributes - * @param now Current time - * @param validTo ValidTo time of the assertion - * @param qaaLevel QAA level of the authentication - * @param sessionIndex SAML2 SessionIndex, which should be included * - * @return PVP 2.1 Assertion - * @throws ConfigurationException - */ - public static Assertion buildAssertion(String issuerEntityID, AttributeQuery attrQuery, - List<Attribute> attrList, DateTime now, DateTime validTo, String qaaLevel, String sessionIndex) throws ConfigurationException { - - AuthnContextClassRef authnContextClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class); - authnContextClassRef.setAuthnContextClassRef(qaaLevel); - - NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); - subjectNameID.setFormat(attrQuery.getSubject().getNameID().getFormat()); - subjectNameID.setValue(attrQuery.getSubject().getNameID().getValue()); - - SubjectConfirmationData subjectConfirmationData = null; - - return buildGenericAssertion(issuerEntityID, attrQuery.getIssuer().getValue(), now, - authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, - validTo); - } - - - /** - * Build a PVP 2.1 assertion as response of a SAML2 AuthnRequest - * - * @param issuerEntityID EnitiyID, which should be used for this IDP response - * @param pendingReq Current processed pendingRequest DAO - * @param authnRequest Current processed PVP AuthnRequest - * @param authData AuthenticationData of the user, which is already authenticated - * @param peerEntity SAML2 EntityDescriptor of the service-provider, which receives the response - * @param date TimeStamp - * @param assertionConsumerService SAML2 endpoint of the service-provider, which should be used - * @param sloInformation Single LogOut information DAO - * @return - * @throws MOAIDException - */ - public static Assertion buildAssertion(String issuerEntityID, PVPTargetConfiguration pendingReq, AuthnRequest authnRequest, - IAuthData authData, EntityDescriptor peerEntity, DateTime date, - AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation) - throws MOAIDException { - - RequestedAuthnContext reqAuthnContext = authnRequest - .getRequestedAuthnContext(); - - AuthnContextClassRef authnContextClassRef = SAML2Utils - .createSAMLObject(AuthnContextClassRef.class); - - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); - - if (reqAuthnContext == null) { - authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel()); - - } else { - - boolean stork_qaa_1_4_found = false; - - List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext - .getAuthnContextClassRefs(); - - if (reqAuthnContextClassRefIt.size() == 0) { - - QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), - STORK_QAA_1_4); - - stork_qaa_1_4_found = true; - authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); - - } else { - for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) { - String qaa_uri = authnClassRef.getAuthnContextClassRef(); - if (qaa_uri.trim().equals(STORK_QAA_1_4) - || qaa_uri.trim().equals(STORK_QAA_1_3) - || qaa_uri.trim().equals(STORK_QAA_1_2) - || qaa_uri.trim().equals(STORK_QAA_1_1)) { - - if (authData.isForeigner()) { - QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), - STORK_QAA_PREFIX + oaParam.getQaaLevel()); - - stork_qaa_1_4_found = true; - authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel()); - - } else { - - QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), - qaa_uri.trim()); - - stork_qaa_1_4_found = true; - authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel()); - - } - break; - } - } - } - - if (!stork_qaa_1_4_found) { - throw new QAANotSupportedException(STORK_QAA_1_4); - } - } - - - - SPSSODescriptor spSSODescriptor = peerEntity - .getSPSSODescriptor(SAMLConstants.SAML20P_NS); - - //add Attributes to Assertion - List<Attribute> attrList = new ArrayList<Attribute>(); - if (spSSODescriptor.getAttributeConsumingServices() != null && - spSSODescriptor.getAttributeConsumingServices().size() > 0) { - - Integer aIdx = authnRequest.getAttributeConsumingServiceIndex(); - int idx = 0; - - AttributeConsumingService attributeConsumingService = null; - if (aIdx != null) { - idx = aIdx.intValue(); - attributeConsumingService = spSSODescriptor - .getAttributeConsumingServices().get(idx); - - } else { - List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices(); - for (AttributeConsumingService el : attrConsumingServiceList) { - if (el.isDefault()) - attributeConsumingService = el; - } - } - - /* - * TODO: maybe use first AttributeConsumingService if no is selected - * in request or on service is marked as default - * - */ - if (attributeConsumingService == null ) { - List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices(); - if (attrConsumingServiceList != null && !attrConsumingServiceList.isEmpty()) - attributeConsumingService = attrConsumingServiceList.get(0); - - } - - - if (attributeConsumingService != null) { - Iterator<RequestedAttribute> it = attributeConsumingService - .getRequestAttributes().iterator(); - while (it.hasNext()) { - RequestedAttribute reqAttribut = it.next(); - try { - Attribute attr = PVPAttributeBuilder.buildAttribute( - reqAttribut.getName(), oaParam, authData); - if (attr == null) { - if (reqAttribut.isRequired()) { - throw new UnprovideableAttributeException( - reqAttribut.getName()); - } - } else { - attrList.add(attr); - } - - } catch (UnavailableAttributeException e) { - Logger.info( - "Attribute generation for " - + reqAttribut.getFriendlyName() + " not possible."); - if (reqAttribut.isRequired()) { - throw new UnprovideableAttributeException( - reqAttribut.getName()); - } - - - } catch (PVP2Exception e) { - Logger.info( - "Attribute generation failed! for " - + reqAttribut.getFriendlyName()); - if (reqAttribut.isRequired()) { - throw new UnprovideableAttributeException( - reqAttribut.getName()); - } - - } catch (Exception e) { - Logger.warn( - "General Attribute generation failed! for " - + reqAttribut.getFriendlyName(), e); - if (reqAttribut.isRequired()) { - throw new UnprovideableAttributeException( - reqAttribut.getName()); - } - - } - } - } - } - - NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); - - //build nameID and nameID Format from moasession - //TODO: nameID generation - if (authData.isUseMandate()) { - String bpktype = null; - String bpk = null; - - Element mandate = authData.getMandate(); - if(mandate != null) { - Logger.debug("Read mandator bPK|baseID from full-mandate ... "); - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if(mandateObject == null) { - throw new NoMandateDataAvailableException(); - } - CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); - PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson(); - - IdentificationType id; - if(corporation != null && corporation.getIdentification().size() > 0) - id = corporation.getIdentification().get(0); - - - else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0) - id = pysicalperson.getIdentification().get(0); - - else { - Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAvailableException(); - } - - bpktype = id.getType(); - bpk = id.getValue().getValue(); - - } else { - Logger.debug("Read mandator bPK|baseID from PVP attributes ... "); - bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME, String.class); - bpktype = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, String.class); - - if (MiscUtil.isEmpty(bpk)) { - //no sourcePin is included --> search for bPK - bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_BPK_NAME, String.class); - - try { - if (bpk.contains(":")) - bpk = bpk.split(":")[1]; - - } catch (Exception e) { - Logger.warn("Can not split bPK from mandator attribute!", e); - - } - - //set bPK-Type from configuration, because it MUST be equal to service-provider type - bpktype = oaParam.getAreaSpecificTargetIdentifier(); - - } else { - //sourcePin is include --> check sourcePinType - if (MiscUtil.isEmpty(bpktype)) - bpktype = Constants.URN_PREFIX_BASEID; - - } - } - - if (MiscUtil.isEmpty(bpk) || MiscUtil.isEmpty(bpktype)) { - throw new NoMandateDataAvailableException(); - - } - - if (bpktype.equals(Constants.URN_PREFIX_BASEID)) { - Pair<String, String> calcbPK = new BPKBuilder().generateAreaSpecificPersonIdentifier(bpk, oaParam.getAreaSpecificTargetIdentifier()); - subjectNameID.setValue(calcbPK.getFirst()); - subjectNameID.setNameQualifier(calcbPK.getSecond()); - - - } else { - subjectNameID.setNameQualifier(bpktype); - subjectNameID.setValue(bpk); - } - - } else { - subjectNameID.setNameQualifier(authData.getBPKType()); - subjectNameID.setValue(authData.getBPK()); - } - - String nameIDFormat = NameID.TRANSIENT; - - //get NameIDFormat from request - AuthnRequest authnReq = (AuthnRequestImpl) authnRequest; - if (authnReq.getNameIDPolicy() != null && - MiscUtil.isNotEmpty(authnReq.getNameIDPolicy().getFormat())) { - nameIDFormat = authnReq.getNameIDPolicy().getFormat(); - - } else { - //get NameIDFormat from metadata - List<NameIDFormat> metadataNameIDFormats = spSSODescriptor.getNameIDFormats(); - - if (metadataNameIDFormats != null) { - - for (NameIDFormat el : metadataNameIDFormats) { - if (NameID.PERSISTENT.equals(el.getFormat())) { - nameIDFormat = NameID.PERSISTENT; - break; - - } else if (NameID.TRANSIENT.equals(el.getFormat()) || - NameID.UNSPECIFIED.equals(el.getFormat())) - break; - - } - } - } - - if (NameID.TRANSIENT.equals(nameIDFormat) || NameID.UNSPECIFIED.equals(nameIDFormat)) { - String random = Random.nextRandom(); - String nameID = subjectNameID.getValue(); - - try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - byte[] hash = md.digest((nameID + random).getBytes("ISO-8859-1")); - subjectNameID.setValue(Base64Utils.encode(hash)); - subjectNameID.setNameQualifier(null); - subjectNameID.setFormat(NameID.TRANSIENT); - - } catch (Exception e) { - Logger.warn("PVP2 subjectNameID error", e); - throw new MOAIDException("pvp2.13", null, e); - } - - } else - subjectNameID.setFormat(nameIDFormat); - - - String sessionIndex = null; - - //if request is a reauthentication and NameIDFormat match reuse old session information - if (MiscUtil.isNotEmpty(authData.getNameID()) && - MiscUtil.isNotEmpty(authData.getNameIDFormat()) && - nameIDFormat.equals(authData.getNameIDFormat())) { - subjectNameID.setValue(authData.getNameID()); - sessionIndex = authData.getSessionIndex(); - - } - - // - if (MiscUtil.isEmpty(sessionIndex)) - sessionIndex = SAML2Utils.getSecureIdentifier(); - - SubjectConfirmationData subjectConfirmationData = SAML2Utils - .createSAMLObject(SubjectConfirmationData.class); - subjectConfirmationData.setInResponseTo(authnRequest.getID()); - subjectConfirmationData.setNotOnOrAfter(new DateTime(authData.getSsoSessionValidTo().getTime())); -// subjectConfirmationData.setNotBefore(date); - - //set 'recipient' attribute in subjectConformationData - subjectConfirmationData.setRecipient(assertionConsumerService.getLocation()); - - //set IP address of the user machine as 'Address' attribute in subjectConformationData - String usersIPAddress = pendingReq.getGenericData( - PVPTargetConfiguration.DATAID_REQUESTER_IP_ADDRESS, String.class); - if (MiscUtil.isNotEmpty(usersIPAddress)) - subjectConfirmationData.setAddress(usersIPAddress); - - //set SLO information - sloInformation.setUserNameIdentifier(subjectNameID.getValue()); - sloInformation.setNameIDFormat(subjectNameID.getFormat()); - sloInformation.setSessionIndex(sessionIndex); - - return buildGenericAssertion(issuerEntityID, peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter()); - } - - /** - * - * @param issuer IDP EntityID - * @param entityID Service Provider EntityID - * @param date - * @param authnContextClassRef - * @param attrList - * @param subjectNameID - * @param subjectConfirmationData - * @param sessionIndex - * @param isValidTo - * @return - * @throws ConfigurationException - */ - - public static Assertion buildGenericAssertion(String issuer, String entityID, DateTime date, - AuthnContextClassRef authnContextClassRef, List<Attribute> attrList, - NameID subjectNameID, SubjectConfirmationData subjectConfirmationData, - String sessionIndex, DateTime isValidTo) throws ConfigurationException { - Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class); - - AuthnContext authnContext = SAML2Utils - .createSAMLObject(AuthnContext.class); - authnContext.setAuthnContextClassRef(authnContextClassRef); - - AuthnStatement authnStatement = SAML2Utils - .createSAMLObject(AuthnStatement.class); - - authnStatement.setAuthnInstant(date); - authnStatement.setSessionIndex(sessionIndex); - authnStatement.setAuthnContext(authnContext); - - assertion.getAuthnStatements().add(authnStatement); - - AttributeStatement attributeStatement = SAML2Utils - .createSAMLObject(AttributeStatement.class); - attributeStatement.getAttributes().addAll(attrList); - if (attributeStatement.getAttributes().size() > 0) { - assertion.getAttributeStatements().add(attributeStatement); - } - - Subject subject = SAML2Utils.createSAMLObject(Subject.class); - subject.setNameID(subjectNameID); - - SubjectConfirmation subjectConfirmation = SAML2Utils - .createSAMLObject(SubjectConfirmation.class); - subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER); - subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData); - - subject.getSubjectConfirmations().add(subjectConfirmation); - - Conditions conditions = SAML2Utils.createSAMLObject(Conditions.class); - AudienceRestriction audienceRestriction = SAML2Utils - .createSAMLObject(AudienceRestriction.class); - Audience audience = SAML2Utils.createSAMLObject(Audience.class); - - audience.setAudienceURI(entityID); - audienceRestriction.getAudiences().add(audience); - conditions.setNotBefore(date); - conditions.setNotOnOrAfter(isValidTo); - - conditions.getAudienceRestrictions().add(audienceRestriction); - - assertion.setConditions(conditions); - - Issuer issuerObj = SAML2Utils.createSAMLObject(Issuer.class); - - if (issuer.endsWith("/")) - issuer = issuer.substring(0, issuer.length()-1); - issuerObj.setValue(issuer); - issuerObj.setFormat(NameID.ENTITY); - - assertion.setIssuer(issuerObj); - assertion.setSubject(subject); - assertion.setID(SAML2Utils.getSecureIdentifier()); - assertion.setIssueInstant(date); - - return assertion; - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java deleted file mode 100644 index e462b277e..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java +++ /dev/null @@ -1,88 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; - -import org.opensaml.saml2.core.Attribute; -import org.opensaml.saml2.core.AttributeValue; -import org.opensaml.xml.Configuration; -import org.opensaml.xml.XMLObject; -import org.opensaml.xml.schema.XSInteger; -import org.opensaml.xml.schema.XSString; -import org.opensaml.xml.schema.impl.XSIntegerBuilder; -import org.opensaml.xml.schema.impl.XSStringBuilder; - -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; - -public class SamlAttributeGenerator implements IAttributeGenerator<Attribute> { - - private XMLObject buildAttributeStringValue(String value) { - XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME); - XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME); - stringValue.setValue(value); - return stringValue; - } - - private XMLObject buildAttributeIntegerValue(int value) { - XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME); - XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME); - integerValue.setValue(value); - return integerValue; - } - - public Attribute buildStringAttribute(final String friendlyName, final String name, final String value) { - Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class); - attribute.setFriendlyName(friendlyName); - attribute.setName(name); - attribute.setNameFormat(Attribute.URI_REFERENCE); - attribute.getAttributeValues().add(buildAttributeStringValue(value)); - return attribute; - } - - public Attribute buildIntegerAttribute(final String friendlyName, final String name, final int value) { - Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class); - attribute.setFriendlyName(friendlyName); - attribute.setName(name); - attribute.setNameFormat(Attribute.URI_REFERENCE); - attribute.getAttributeValues().add(buildAttributeIntegerValue(value)); - return attribute; - } - - public Attribute buildEmptyAttribute(final String friendlyName, final String name) { - Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class); - attribute.setFriendlyName(friendlyName); - attribute.setName(name); - attribute.setNameFormat(Attribute.URI_REFERENCE); - return attribute; - } - - public Attribute buildLongAttribute(String friendlyName, String name, long value) { - Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class); - attribute.setFriendlyName(friendlyName); - attribute.setName(name); - attribute.setNameFormat(Attribute.URI_REFERENCE); - attribute.getAttributeValues().add(buildAttributeIntegerValue((int) value)); - return attribute; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributeException.java deleted file mode 100644 index 9f13b8270..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributeException.java +++ /dev/null @@ -1,33 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions; - -public class AttributeException extends Exception { - - private static final long serialVersionUID = 1L; - - public AttributeException(String message) { - super(message); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributePolicyException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributePolicyException.java deleted file mode 100644 index 1e0e2ee51..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributePolicyException.java +++ /dev/null @@ -1,40 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions; - -public class AttributePolicyException extends AttributeException { - - private static final long serialVersionUID = 1L; - - private String attributeName; - - public AttributePolicyException(String attributeName) { - super("Attribute " + attributeName + " is restricted by IDP policy."); - this.attributeName = attributeName; - } - - public String getAttributeName() { - return attributeName; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/InvalidDateFormatAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/InvalidDateFormatAttributeException.java deleted file mode 100644 index dd251f0cd..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/InvalidDateFormatAttributeException.java +++ /dev/null @@ -1,35 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions; - -public class InvalidDateFormatAttributeException extends AttributeException { - - private static final long serialVersionUID = 1L; - - public InvalidDateFormatAttributeException() { - super("Date format is invalid."); - } - - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/NoMandateDataAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/NoMandateDataAttributeException.java index 066330a2d..ad505efa5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/NoMandateDataAttributeException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/NoMandateDataAttributeException.java @@ -22,7 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions; -public class NoMandateDataAttributeException extends AttributeException { +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; + +public class NoMandateDataAttributeException extends AttributeBuilderException { private static final long serialVersionUID = 1L; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/UnavailableAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/UnavailableAttributeException.java deleted file mode 100644 index f63edf909..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/UnavailableAttributeException.java +++ /dev/null @@ -1,40 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions; - -public class UnavailableAttributeException extends AttributeException { - - private static final long serialVersionUID = 1L; - - private String attributeName; - - public UnavailableAttributeException(String attributeName) { - super("Attribute " + attributeName + " is not available."); - this.attributeName = attributeName; - } - - public String getAttributeName() { - return attributeName; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java index c0fb5bf5b..d4c94e5c5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java @@ -32,11 +32,12 @@ import org.opensaml.saml2.metadata.Organization; import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.xml.security.credential.Credential; +import at.gv.egiz.eaaf.modules.pvp2.PVPConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.logging.Logger; /** @@ -48,16 +49,18 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura private static final int VALIDUNTIL_IN_HOURS = 24; private String authURL; - private IDPCredentialProvider credentialProvider; + private AbstractCredentialProvider credentialProvider; + private PVPConfiguration pvpBasicConfiguration; - public IDPPVPMetadataConfiguration(String authURL, IDPCredentialProvider credentialProvider) { + public IDPPVPMetadataConfiguration(String authURL, AbstractCredentialProvider pvpIDPCredentials, PVPConfiguration pvpBasicConfiguration) { this.authURL = authURL; - this.credentialProvider = credentialProvider; + this.credentialProvider = pvpIDPCredentials; + this.pvpBasicConfiguration = pvpBasicConfiguration; } public String getDefaultActionName() { - return (PVP2XProtocol.METADATA); + return (PVPConstants.METADATA); } /* (non-Javadoc) @@ -98,7 +101,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura @Override public String getEntityID() { try { - return PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL); + return pvpBasicConfiguration.getIDPSSOMetadataService(authURL); } catch (ConfigurationException e) { Logger.error("Can not load Metadata entry: EntityID", e); @@ -113,7 +116,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura @Override public String getEntityFriendlyName() { try { - return PVPConfiguration.getInstance().getIDPIssuerName(); + return pvpBasicConfiguration.getIDPIssuerName(); } catch (ConfigurationException e) { Logger.error("Can not load Metadata entry: EntityID friendlyName.", e); @@ -129,7 +132,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura @Override public List<ContactPerson> getContactPersonInformation() { try { - return PVPConfiguration.getInstance().getIDPContacts(); + return pvpBasicConfiguration.getIDPContacts(); } catch (ConfigurationException e) { Logger.warn("Can not load Metadata entry: Contect Person", e); @@ -145,7 +148,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura @Override public Organization getOrgansiationInformation() { try { - return PVPConfiguration.getInstance().getIDPOrganisation(); + return pvpBasicConfiguration.getIDPOrganisation(); } catch (ConfigurationException e) { Logger.warn("Can not load Metadata entry: Organisation", e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java deleted file mode 100644 index 814a2387d..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java +++ /dev/null @@ -1,162 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.config; - -import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; -import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.xml.security.credential.Credential; -import org.w3c.dom.Element; - -/** - * @author tlenz - * - */ -public interface IPVPAuthnRequestBuilderConfiguruation { - - /** - * Defines a unique name for this PVP Service-provider, which is used for logging - * - * @return - */ - public String getSPNameForLogging(); - - /** - * If true, the SAML2 isPassive flag is set in the AuthnRequest - * - * @return - */ - public Boolean isPassivRequest(); - - /** - * Define the ID of the AssertionConsumerService, - * which defines the required attributes in service-provider metadata. - * - * @return - */ - public Integer getAssertionConsumerServiceId(); - - /** - * Define the SAML2 EntityID of the service provider. - * - * @return - */ - public String getSPEntityID(); - - /** - * Define the SAML2 NameIDPolicy - * - * @return Service-Provider EntityID, but never null - */ - public String getNameIDPolicyFormat(); - - /** - * Define the AuthnContextClassRefernece of this request - * - * Example: - * http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3 - * http://www.stork.gov.eu/1.0/citizenQAALevel/4 - * - * - * @return - */ - public String getAuthnContextClassRef(); - - /** - * Define the AuthnContextComparison model, which should be used - * - * @return - */ - public AuthnContextComparisonTypeEnumeration getAuthnContextComparison(); - - - /** - * Define the credential, which should be used to sign the AuthnRequest - * - * @return - */ - public Credential getAuthnRequestSigningCredential(); - - - /** - * Define the SAML2 EntityDescriptor of the IDP, which should receive the AuthnRequest - * - * @return Credential, but never null. - */ - public EntityDescriptor getIDPEntityDescriptor(); - - /** - * Set the SAML2 NameIDPolicy allow-creation flag - * - * @return EntityDescriptor, but never null. - */ - public boolean getNameIDPolicyAllowCreation(); - - - /** - * Set the requested SubjectNameID - * - * @return SubjectNameID, or null if no SubjectNameID should be used - */ - public String getSubjectNameID(); - - /** - * Define the qualifier of the <code>SubjectNameID</code> - * <br><br> - * Like: 'urn:publicid:gv.at:cdid+BF' - * - * @return qualifier, or null if no qualifier should be set - */ - public String getSubjectNameIDQualifier(); - - /** - * Define the format of the subjectNameID, which is included in authn-request - * - * - * @return nameIDFormat, of SAML2 'transient' if nothing is defined - */ - public String getSubjectNameIDFormat(); - - /** - * Define a SP specific SAML2 requestID - * - * @return requestID, or null if the requestID should be generated automatically - */ - public String getRequestID(); - - /** - * Defines the 'method' attribute in 'SubjectConformation' element - * - * @return method, or null if no method should set - */ - public String getSubjectConformationMethode(); - - /** - * Define the information, which should be added as 'subjectConformationDate' - * in 'SubjectConformation' element - * - * @return subjectConformation information or null if no subjectConformation should be set - */ - public Element getSubjectConformationDate(); - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java deleted file mode 100644 index 3a8404cae..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java +++ /dev/null @@ -1,238 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.config; - -import java.util.List; - -import org.opensaml.saml2.core.Attribute; -import org.opensaml.saml2.metadata.ContactPerson; -import org.opensaml.saml2.metadata.Organization; -import org.opensaml.saml2.metadata.RequestedAttribute; -import org.opensaml.xml.security.credential.Credential; - -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; - -/** - * @author tlenz - * - */ -public interface IPVPMetadataBuilderConfiguration { - - - /** - * Defines a unique name for this PVP Service-provider, which is used for logging - * - * @return - */ - public String getSPNameForLogging(); - - /** - * Set metadata valid area - * - * @return valid until in hours [h] - */ - public int getMetadataValidUntil(); - - /** - * Build a SAML2 Entities element as metadata root element - * - * @return true, if the metadata should start with entities element - */ - public boolean buildEntitiesDescriptorAsRootElement(); - - /** - * - * - * @return true, if an IDP SSO-descriptor element should be generated - */ - public boolean buildIDPSSODescriptor(); - - /** - * - * - * @return true, if an SP SSO-descriptor element should be generated - */ - public boolean buildSPSSODescriptor(); - - /** - * Set the PVP entityID for this SAML2 metadata. - * The entityID must be an URL and must be start with the public-URL prefix of the server - * - * @return PVP entityID postfix as String - */ - public String getEntityID(); - - /** - * Set a friendlyName for this PVP entity - * - * @return - */ - public String getEntityFriendlyName(); - - /** - * Set the contact information for this metadata entity - * - * @return - */ - public List<ContactPerson> getContactPersonInformation(); - - /** - * Set organisation information for this metadata entity - * - * @return - */ - public Organization getOrgansiationInformation(); - - - /** - * Set the credential for metadata signing - * - * @return - * @throws CredentialsNotAvailableException - */ - public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException; - - /** - * Set the credential for request/response signing - * IDP metadata: this credential is used for SAML2 response signing - * SP metadata: this credential is used for SAML2 response signing - * - * @return - * @throws CredentialsNotAvailableException - */ - public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException; - - /** - * Set the credential for response encryption - * - * @return - * @throws CredentialsNotAvailableException - */ - public Credential getEncryptionCredentials() throws CredentialsNotAvailableException; - - /** - * Set the IDP Post-Binding URL for WebSSO - * - * @return - */ - public String getIDPWebSSOPostBindingURL(); - - /** - * Set the IDP Redirect-Binding URL for WebSSO - * - * @return - */ - public String getIDPWebSSORedirectBindingURL(); - - /** - * Set the IDP Post-Binding URL for Single LogOut - * - * @return - */ - public String getIDPSLOPostBindingURL(); - - /** - * Set the IDP Redirect-Binding URL for Single LogOut - * - * @return - */ - public String getIDPSLORedirectBindingURL(); - - /** - * Set the SP Post-Binding URL for for the Assertion-Consumer Service - * - * @return - */ - public String getSPAssertionConsumerServicePostBindingURL(); - - /** - * Set the SP Redirect-Binding URL for the Assertion-Consumer Service - * - * @return - */ - public String getSPAssertionConsumerServiceRedirectBindingURL(); - - /** - * Set the SP Post-Binding URL for Single LogOut - * - * @return - */ - public String getSPSLOPostBindingURL(); - - /** - * Set the SP Redirect-Binding URL for Single LogOut - * - * @return - */ - public String getSPSLORedirectBindingURL(); - - /** - * Set the SP SOAP-Binding URL for Single LogOut - * - * @return - */ - public String getSPSLOSOAPBindingURL(); - - - /** - * Set all SAML2 attributes which could be provided by this IDP - * - * @return - */ - public List<Attribute> getIDPPossibleAttributes(); - - /** - * Set all nameID types which could be provided by this IDP - * - * @return a List of SAML2 nameID types - */ - public List<String> getIDPPossibleNameITTypes(); - - /** - * Set all SAML2 attributes which are required by the SP - * - * @return - */ - public List<RequestedAttribute> getSPRequiredAttributes(); - - /** - * Set all nameID types which allowed from the SP - * - * @return a List of SAML2 nameID types - */ - public List<String> getSPAllowedNameITTypes(); - - /** - * Set the 'wantAssertionSigned' attribute in SP metadata - * - * @return - */ - public boolean wantAssertionSigned(); - - /** - * Set the 'wantAuthnRequestSigned' attribute - * - * @return - */ - public boolean wantAuthnRequestSigned(); -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java deleted file mode 100644 index b731e2a95..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.config; - -import org.opensaml.Configuration; -import org.opensaml.DefaultBootstrap; -import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.saml2.binding.encoding.BaseSAML2MessageEncoder; -import org.opensaml.xml.ConfigurationException; - -/** - * @author tlenz - * - */ -public class MOADefaultBootstrap extends DefaultBootstrap { - - public static synchronized void bootstrap() throws ConfigurationException { - - initializeXMLSecurity(); - - initializeXMLTooling(); - - initializeArtifactBuilderFactories(); - - initializeGlobalSecurityConfiguration(); - - initializeParserPool(); - - initializeESAPI(); - - } - - public static void initializeDefaultPVPConfiguration() { - initializeGlobalSecurityConfiguration(); - - } - - /** - * Initializes the default global security configuration. - */ - protected static void initializeGlobalSecurityConfiguration() { - Configuration.setGlobalSecurityConfiguration(MOADefaultSecurityConfigurationBootstrap.buildDefaultConfig()); - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java deleted file mode 100644 index f878b95d3..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java +++ /dev/null @@ -1,152 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.config; - -import org.opensaml.xml.encryption.EncryptionConstants; -import org.opensaml.xml.security.BasicSecurityConfiguration; -import org.opensaml.xml.security.DefaultSecurityConfigurationBootstrap; -import org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory; -import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager; -import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager; -import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; -import org.opensaml.xml.signature.SignatureConstants; - -/** - * @author tlenz - * - */ -public class MOADefaultSecurityConfigurationBootstrap extends - DefaultSecurityConfigurationBootstrap { - - public static BasicSecurityConfiguration buildDefaultConfig() { - BasicSecurityConfiguration config = new BasicSecurityConfiguration(); - - populateSignatureParams(config); - populateEncryptionParams(config); - populateKeyInfoCredentialResolverParams(config); - populateKeyInfoGeneratorManager(config); - populateKeyParams(config); - - return config; - } - - protected static void populateKeyInfoGeneratorManager( - BasicSecurityConfiguration config) { - NamedKeyInfoGeneratorManager namedManager = new NamedKeyInfoGeneratorManager(); - config.setKeyInfoGeneratorManager(namedManager); - - namedManager.setUseDefaultManager(true); - KeyInfoGeneratorManager defaultManager = namedManager - .getDefaultManager(); - - BasicKeyInfoGeneratorFactory basicFactory = new BasicKeyInfoGeneratorFactory(); - basicFactory.setEmitPublicKeyValue(true); - - X509KeyInfoGeneratorFactory x509Factory = new X509KeyInfoGeneratorFactory(); - x509Factory.setEmitEntityCertificate(true); - - defaultManager.registerFactory(basicFactory); - defaultManager.registerFactory(x509Factory); - } - - protected static void populateSignatureParams( - BasicSecurityConfiguration config) { - - //use SHA256 instead of SHA1 - config.registerSignatureAlgorithmURI("RSA", - SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); - - config.registerSignatureAlgorithmURI("DSA", - "http://www.w3.org/2000/09/xmldsig#dsa-sha1"); - - //use SHA256 instead of SHA1 - config.registerSignatureAlgorithmURI("EC", - SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256); - - //use SHA256 instead of SHA1 - config.registerSignatureAlgorithmURI("AES", - SignatureConstants.ALGO_ID_MAC_HMAC_SHA256); - - - config.registerSignatureAlgorithmURI("DESede", - SignatureConstants.ALGO_ID_MAC_HMAC_SHA256); - - config.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#"); - config.setSignatureHMACOutputLength(null); - - //use SHA256 instead of SHA1 - config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256); - } - - protected static void populateEncryptionParams( - BasicSecurityConfiguration config) { - config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128), - "http://www.w3.org/2001/04/xmlenc#aes128-cbc"); - config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192), - "http://www.w3.org/2001/04/xmlenc#aes192-cbc"); - config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256), - "http://www.w3.org/2001/04/xmlenc#aes256-cbc"); - - //support GCM mode - config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128), - EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM); - - config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192), - EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM); - - config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256), - EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM); - - - config.registerDataEncryptionAlgorithmURI("DESede", - Integer.valueOf(168), - "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"); - config.registerDataEncryptionAlgorithmURI("DESede", - Integer.valueOf(192), - "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"); - - config.registerKeyTransportEncryptionAlgorithmURI("RSA", null, "AES", - "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"); - - config.registerKeyTransportEncryptionAlgorithmURI("RSA", null, - "DESede", "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"); - - config.registerKeyTransportEncryptionAlgorithmURI("AES", - Integer.valueOf(128), null, - "http://www.w3.org/2001/04/xmlenc#kw-aes128"); - config.registerKeyTransportEncryptionAlgorithmURI("AES", - Integer.valueOf(192), null, - "http://www.w3.org/2001/04/xmlenc#kw-aes192"); - config.registerKeyTransportEncryptionAlgorithmURI("AES", - Integer.valueOf(256), null, - "http://www.w3.org/2001/04/xmlenc#kw-aes256"); - config.registerKeyTransportEncryptionAlgorithmURI("DESede", - Integer.valueOf(168), null, - "http://www.w3.org/2001/04/xmlenc#kw-tripledes"); - config.registerKeyTransportEncryptionAlgorithmURI("DESede", - Integer.valueOf(192), null, - "http://www.w3.org/2001/04/xmlenc#kw-tripledes"); - - config.setAutoGeneratedDataEncryptionKeyAlgorithmURI("http://www.w3.org/2001/04/xmlenc#aes128-cbc"); - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOAPVPMetadataConfigurationFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOAPVPMetadataConfigurationFactory.java new file mode 100644 index 000000000..54940a9d3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOAPVPMetadataConfigurationFactory.java @@ -0,0 +1,21 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.config; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataConfigurationFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; + +@Service("MOAPVPMetadataConfigurationFactory") +public class MOAPVPMetadataConfigurationFactory implements IPVPMetadataConfigurationFactory { + + @Autowired(required=true) PVPConfiguration pvpBasicConfiguration; + + @Override + public IPVPMetadataBuilderConfiguration generateMetadataBuilderConfiguration(String authURL, + AbstractCredentialProvider pvpIDPCredentials) { + return new IDPPVPMetadataConfiguration(authURL, pvpIDPCredentials, pvpBasicConfiguration); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java index 480656e30..5f39af7a4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -22,9 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.config; -import java.io.IOException; import java.net.URL; -import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.List; import java.util.Map; @@ -43,28 +41,19 @@ import org.opensaml.saml2.metadata.OrganizationName; import org.opensaml.saml2.metadata.OrganizationURL; import org.opensaml.saml2.metadata.SurName; import org.opensaml.saml2.metadata.TelephoneNumber; +import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; -import iaik.x509.X509Certificate; -public class PVPConfiguration { +@Service("MOAPVP2Configuration") +public class PVPConfiguration implements IPVP2BasicConfiguration { - private static PVPConfiguration instance; - - public static PVPConfiguration getInstance() { - if (instance == null) { - instance = new PVPConfiguration(); - } - return instance; - } - public static final String PVP2_METADATA = "/pvp2/metadata"; public static final String PVP2_IDP_REDIRECT = "/pvp2/redirect"; public static final String PVP2_IDP_POST = "/pvp2/post"; @@ -89,22 +78,7 @@ public class PVPConfiguration { public static final String IDP_CONTACT_PHONE = "phone"; private static String moaIDVersion = null; - - //PVP2 generalpvpconfigdb; - //Properties props; - //String rootDir = null; - - private PVPConfiguration() { -// try { -// //generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig(); -// //props = AuthConfigurationProviderFactory.getInstance().getGeneralPVP2ProperiesConfig(); -// //rootDir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir(); -// -// } catch (ConfigurationException e) { -// e.printStackTrace(); -// } - } - + public List<String> getIDPPublicPath() throws ConfigurationException { List<String> publicPath = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); List<String> returnvalue = new ArrayList<String>(); @@ -138,15 +112,17 @@ public class PVPConfiguration { public String getIDPSSOSOAPService(String publicURLPrefix) throws ConfigurationException { return publicURLPrefix + PVP2_IDP_SOAP; } - - public String getIDPAttributeQueryService(String publicURLPrefix) throws ConfigurationException { - return publicURLPrefix + PVP2_IDP_ATTRIBUTEQUERY; - } public String getIDPSSOMetadataService(String publicURLPrefix) throws ConfigurationException { return publicURLPrefix + PVP2_METADATA; } + @Override + public String getIDPEntityId(String authURL) throws ConfigurationException { + return getIDPSSOMetadataService(authURL); + + } + public String getIDPIssuerName() throws ConfigurationException { if (moaIDVersion == null) { @@ -156,42 +132,6 @@ public class PVPConfiguration { return AuthConfigurationProviderFactory.getInstance().getConfigurationWithKey( MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_SERVICENAMME) + moaIDVersion; } - - public iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) { - - try { - Logger.trace("Load metadata signing certificate for online application " + entityID); - IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID); - if (oaParam == null) { - Logger.info("Online Application with ID " + entityID + " not found!"); - return null; - } - - String pvp2MetadataCertificateString = - oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); - if (MiscUtil.isEmpty(pvp2MetadataCertificateString)) { - Logger.info("Online Application with ID " + entityID + " include not PVP2X metadata signing certificate!"); - return null; - - } - - X509Certificate cert = new X509Certificate(Base64Utils.decode(pvp2MetadataCertificateString, false)); - Logger.debug("Metadata signing certificate is loaded for ("+entityID+") is loaded."); - return cert; - - } catch (CertificateException e) { - Logger.warn("Metadata signer certificate is not parsed.", e); - return null; - - } catch (ConfigurationException e) { - Logger.error("Configuration is not accessable.", e); - return null; - - } catch (IOException e) { - Logger.warn("Metadata signer certificate is not decodeable.", e); - return null; - } - } public List<ContactPerson> getIDPContacts() throws ConfigurationException { List<ContactPerson> list = new ArrayList<ContactPerson>(); @@ -354,4 +294,5 @@ public class PVPConfiguration { } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java deleted file mode 100644 index 69ca4e8f5..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -/** - * @author tlenz - * - */ -public class AssertionAttributeExtractorExeption extends PVP2Exception { - - /** - * - */ - private static final long serialVersionUID = -6459000942830951492L; - - public AssertionAttributeExtractorExeption(String attributeName) { - super("Parse PVP2.1 assertion FAILED: Attribute " + attributeName - + " can not extract.", null); - } - - public AssertionAttributeExtractorExeption(String messageId, - Object[] parameters) { - super(messageId, parameters); - } - - public AssertionAttributeExtractorExeption() { - super("Parse PVP2.1 assertion FAILED. Interfederation not possible", null); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java deleted file mode 100644 index 1e029f567..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; - -/** - * @author tlenz - * - */ -public class AssertionValidationExeption extends PVP2Exception { - - private static final long serialVersionUID = -3987805399122286259L; - - public AssertionValidationExeption(String messageId, Object[] parameters) { - super(messageId, parameters); - } - - /** - * @param string - * @param object - * @param e - */ - public AssertionValidationExeption(String string, Object[] parameters, - Throwable e) { - super(string, parameters, e); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java deleted file mode 100644 index 9008a7183..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -/** - * @author tlenz - * - */ -public class AttributQueryException extends PVP2Exception { - - /** - * - */ - private static final long serialVersionUID = -4302422507173728748L; - - public AttributQueryException(String messageId, Object[] parameters) { - super(messageId, parameters); - } - - public AttributQueryException(String messageId, Object[] parameters, Throwable e) { - super(messageId, parameters, e); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestBuildException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestBuildException.java deleted file mode 100644 index eebaf6c9e..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestBuildException.java +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -/** - * @author tlenz - * - */ -public class AuthnRequestBuildException extends PVP2Exception { - - /** - * - */ - private static final long serialVersionUID = -1375451065455859354L; - - /** - * @param messageId - * @param parameters - */ - public AuthnRequestBuildException(String messageId, Object[] parameters) { - super(messageId, parameters); - } - - public AuthnRequestBuildException(String messageId, Object[] parameters, Throwable e) { - super(messageId, parameters, e); - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestValidatorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestValidatorException.java deleted file mode 100644 index f65c4d265..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestValidatorException.java +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -import at.gv.egovernment.moa.id.commons.api.IRequest; - -/** - * @author tlenz - * - */ -public class AuthnRequestValidatorException extends PVP2Exception { - - private IRequest errorRequest = null; - - /** - * - */ - private static final long serialVersionUID = 4939651000658508576L; - - /** - * @param messageId - * @param parameters - */ - public AuthnRequestValidatorException(String messageId, Object[] parameters) { - super(messageId, parameters); - - } - - public AuthnRequestValidatorException(String messageId, Object[] parameters, IRequest errorRequest) { - super(messageId, parameters); - this.errorRequest = errorRequest; - - } - - /** - * @return the errorRequest - */ - public IRequest getErrorRequest() { - return errorRequest; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnResponseValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnResponseValidationException.java deleted file mode 100644 index 957f9af1d..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnResponseValidationException.java +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -/** - * @author tlenz - * - */ -public class AuthnResponseValidationException extends PVP2Exception { - - /** - * - */ - private static final long serialVersionUID = 8023812861029406575L; - - /** - * @param messageId - * @param parameters - */ - public AuthnResponseValidationException(String messageId, Object[] parameters) { - super(messageId, parameters); - } - - public AuthnResponseValidationException(String messageId, Object[] parameters, Throwable e) { - super(messageId, parameters, e); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java deleted file mode 100644 index 9f4c7fed3..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java +++ /dev/null @@ -1,41 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -import org.opensaml.saml2.core.StatusCode; - -public class BindingNotSupportedException extends PVP2Exception { - - public BindingNotSupportedException(String binding) { - super("pvp2.11", new Object[] {binding}); - this.statusCodeValue = StatusCode.UNSUPPORTED_BINDING_URI; - } - - /** - * - */ - private static final long serialVersionUID = -7227603941387879360L; - - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java deleted file mode 100644 index 392569366..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java +++ /dev/null @@ -1,48 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -import org.opensaml.saml2.core.StatusCode; - -public class InvalidAssertionConsumerServiceException extends PVP2Exception { - - public InvalidAssertionConsumerServiceException(int idx) { - super("pvp2.00", new Object[]{idx}); - this.statusCodeValue = StatusCode.REQUESTER_URI; - } - - /** - * - */ - public InvalidAssertionConsumerServiceException(String wrongURL) { - super("pvp2.23", new Object[]{wrongURL}); - this.statusCodeValue = StatusCode.REQUESTER_URI; - - } - - /** - * - */ - private static final long serialVersionUID = 7861790149343943091L; - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java deleted file mode 100644 index b49070bd6..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java +++ /dev/null @@ -1,36 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -import org.opensaml.saml2.core.StatusCode; - -public class InvalidAssertionEncryptionException extends PVP2Exception { - - private static final long serialVersionUID = 6513388841485355549L; - - public InvalidAssertionEncryptionException() { - super("pvp2.16", new Object[]{}); - this.statusCodeValue = StatusCode.RESPONDER_URI; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java deleted file mode 100644 index 252539bf5..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java +++ /dev/null @@ -1,39 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -import org.opensaml.saml2.core.StatusCode; - -public class InvalidDateFormatException extends PVP2Exception { - - public InvalidDateFormatException() { - super("pvp2.02", null); - this.statusCodeValue = StatusCode.REQUESTER_URI; - } - - /** - * - */ - private static final long serialVersionUID = -6867976890237846085L; - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java index 15a0ccf72..0e48dfbd6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; import org.opensaml.saml2.core.StatusCode; +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; + public class MandateAttributesNotHandleAbleException extends PVP2Exception { public MandateAttributesNotHandleAbleException() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java index 204e1c2a5..94e1874a5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java @@ -22,6 +22,8 @@ */ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; + /** * @author tlenz * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java deleted file mode 100644 index 87e443930..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java +++ /dev/null @@ -1,40 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -import org.opensaml.saml2.core.StatusCode; - -public class NameIDFormatNotSupportedException extends AuthnRequestValidatorException { - - public NameIDFormatNotSupportedException(String nameIDFormat) { - super("pvp2.12", new Object[] {nameIDFormat}); - statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI; - - } - - /** - * - */ - private static final long serialVersionUID = -2270762519437873336L; - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java index 333ef9765..58c2a032d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; import org.opensaml.saml2.core.StatusCode; +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; + public class NoCredentialsException extends PVP2Exception { public static final String MOA_IDP_TARGET = "MOA-ID"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java index ce80ac5cb..821813b69 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java @@ -22,6 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; + public class NoMandateDataAvailableException extends PVP2Exception { public NoMandateDataAvailableException() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java deleted file mode 100644 index 50a1af6ad..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java +++ /dev/null @@ -1,39 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -import org.opensaml.saml2.core.StatusCode; - -public class NoMetadataInformationException extends PVP2Exception { - - public NoMetadataInformationException() { - super("pvp2.15", null); - this.statusCodeValue = StatusCode.UNKNOWN_PRINCIPAL_URI; - } - - /** - * - */ - private static final long serialVersionUID = -4608068445208032193L; - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java deleted file mode 100644 index 00fb97151..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java +++ /dev/null @@ -1,61 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -import org.opensaml.saml2.core.StatusCode; - -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; - -public abstract class PVP2Exception extends MOAIDException { - - protected String statusCodeValue = StatusCode.RESPONDER_URI; - protected String statusMessageValue = null; - - public PVP2Exception(String messageId, Object[] parameters, - Throwable wrapped) { - super(messageId, parameters, wrapped); - this.statusMessageValue = this.getMessage(); - } - - public PVP2Exception(String messageId, Object[] parameters) { - super(messageId, parameters); - this.statusMessageValue = this.getMessage(); - } - - - public String getStatusCodeValue() { - return (this.statusCodeValue); - } - - public String getStatusMessageValue() { - return (this.statusMessageValue); - } - - /** - * - */ - private static final long serialVersionUID = 7669537952484421069L; - - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotAllowedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotAllowedException.java deleted file mode 100644 index 63f42cbe5..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotAllowedException.java +++ /dev/null @@ -1,40 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -import org.opensaml.saml2.core.StatusCode; - - -public class QAANotAllowedException extends PVP2Exception { - - public QAANotAllowedException(String qaa_auth, String qaa_request) { - super("pvp2.17", new Object[] {qaa_auth, qaa_request}); - this.statusCodeValue = StatusCode.REQUESTER_URI; - } - - /** - * - */ - private static final long serialVersionUID = -3964192953884089323L; - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java deleted file mode 100644 index fdf1063c0..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java +++ /dev/null @@ -1,40 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -import org.opensaml.saml2.core.StatusCode; - - -public class QAANotSupportedException extends PVP2Exception { - - public QAANotSupportedException(String qaa) { - super("pvp2.05", new Object[] {qaa}); - this.statusCodeValue = StatusCode.REQUESTER_URI; - } - - /** - * - */ - private static final long serialVersionUID = -3964192953884089323L; - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java deleted file mode 100644 index 8f12f3cce..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java +++ /dev/null @@ -1,39 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -import org.opensaml.saml2.core.StatusCode; - -public class RequestDeniedException extends PVP2Exception { - - public RequestDeniedException() { - super("pvp2.14", null); - this.statusCodeValue = StatusCode.REQUEST_DENIED_URI; - } - - /** - * - */ - private static final long serialVersionUID = 4415896615794730553L; - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java deleted file mode 100644 index fe921f8b5..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java +++ /dev/null @@ -1,44 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -import org.opensaml.saml2.core.StatusCode; - -public class ResponderErrorException extends PVP2Exception { - - /** - * - */ - private static final long serialVersionUID = -425416760138285446L; - - public ResponderErrorException(String messageId, Object[] parameters, - Throwable wrapped) { - super(messageId, parameters, wrapped); - this.statusCodeValue = StatusCode.RESPONDER_URI; - } - - public ResponderErrorException(String messageId, Object[] parameters) { - super(messageId, parameters); - this.statusCodeValue = StatusCode.RESPONDER_URI; - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java deleted file mode 100644 index 65def4602..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java +++ /dev/null @@ -1,44 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -import org.opensaml.saml2.core.StatusCode; - -public class SAMLRequestNotSignedException extends PVP2Exception { - - public SAMLRequestNotSignedException() { - super("pvp2.07", null); - this.statusCodeValue = StatusCode.REQUESTER_URI; - } - - public SAMLRequestNotSignedException(Throwable e) { - super("pvp2.07", null, e); - this.statusCodeValue = StatusCode.REQUESTER_URI; - } - - /** - * - */ - private static final long serialVersionUID = 1L; - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java deleted file mode 100644 index 8a386c951..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java +++ /dev/null @@ -1,40 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -import org.opensaml.saml2.core.StatusCode; - - -public class SAMLRequestNotSupported extends PVP2Exception { - - public SAMLRequestNotSupported() { - super("pvp2.09", null); - this.statusCodeValue = StatusCode.REQUEST_UNSUPPORTED_URI; - } - - /** - * - */ - private static final long serialVersionUID = 1244883178458802767L; - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java deleted file mode 100644 index 9f1b6168e..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -/** - * @author tlenz - * - */ -public class SLOException extends PVP2Exception { - private static final long serialVersionUID = -5284624715788385022L; - - /** - * @param messageId - * @param parameters - */ - public SLOException(String messageId, Object[] parameters) { - super(messageId, parameters); - // TODO Auto-generated constructor stub - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java deleted file mode 100644 index fc4ed1f28..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -/** - * @author tlenz - * - */ -public class SchemaValidationException extends PVP2Exception { - - /** - * - */ - private static final long serialVersionUID = 1L; - - /** - * @param messageId - * @param parameters - */ - public SchemaValidationException(String messageId, Object[] parameters) { - super(messageId, parameters); - } - - /** - * @param messageId - * @param parameters - */ - public SchemaValidationException(String messageId, Object[] parameters, Throwable e) { - super(messageId, parameters, e); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java deleted file mode 100644 index a8bfe1070..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java +++ /dev/null @@ -1,37 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; - -import org.opensaml.saml2.core.StatusCode; - -public class UnprovideableAttributeException extends PVP2Exception { - /** - * - */ - private static final long serialVersionUID = 3972197758163647157L; - - public UnprovideableAttributeException(String attributeName) { - super("pvp2.10", new Object[] {attributeName}); - this.statusCodeValue = StatusCode.UNKNOWN_ATTR_PROFILE_URI; - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java deleted file mode 100644 index 8da5edeed..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter; - -import org.opensaml.saml2.metadata.provider.FilterException; - -/** - * @author tlenz - * - */ -public class SchemaValidationException extends FilterException { - - /** - * @param string - */ - public SchemaValidationException(String string) { - super(string); - - } - - private static final long serialVersionUID = 1L; - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java deleted file mode 100644 index 86a6a777b..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter; - -import org.opensaml.saml2.metadata.provider.FilterException; - -/** - * @author tlenz - * - */ -public class SignatureValidationException extends FilterException { - - /** - * @param string - */ - public SignatureValidationException(String string) { - super(string); - - } - - /** - * @param e - */ - public SignatureValidationException(Exception e) { - super(e); - } - - /** - * @param string - * @param object - */ - public SignatureValidationException(String string, Exception e) { - super(string, e); - } - - private static final long serialVersionUID = 1L; - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html deleted file mode 100644 index 5ae76ed96..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html +++ /dev/null @@ -1,851 +0,0 @@ -<!DOCTYPE html> -<html> -<head> -<meta content="text/html; charset=utf-8" http-equiv="Content-Type"> - -<!-- MOA-ID 2.x BKUSelection Layout CSS --> -<style type="text/css"> -@media screen and (min-width: 650px) { - body { - margin: 0; - padding: 0; - color: #000; - background-color: #fff; - text-align: center; - background-color: #6B7B8B; - } - #localBKU p { - font-size: 0.7em; - } - #localBKU input { - font-size: 0.7em; - /*border-radius: 5px;*/ - } - #bkuselectionarea input[type=button] { - font-size: 0.85em; - /*border-radius: 7px;*/ - margin-bottom: 25px; - min-width: 80px; - } - #mandateLogin { - font-size: 0.85em; - } - #bku_header h2 { - font-size: 0.8em; - } - #page { - display: block; - border: 2px solid rgb(0, 0, 0); - width: 650px; - height: 440px; - margin: 0 auto; - margin-top: 5%; - position: relative; - border-radius: 25px; - background: rgb(255, 255, 255); - } - #page1 { - text-align: center; - } - #main { - /* clear:both; */ - position: relative; - margin: 0 auto; - width: 250px; - text-align: center; - } - .OA_header { - /* background-color: white;*/ - font-size: 20pt; - margin-bottom: 25px; - margin-top: 25px; - } - #leftcontent { - /*float:left; */ - width: 250px; - margin-bottom: 25px; - text-align: left; - border: 1px solid rgb(0, 0, 0); - } - #selectArea { - font-size: 15px; - padding-bottom: 65px; - } - #leftcontent { - width: 300px; - margin-top: 30px; - } - #bku_header { - height: 5%; - padding-bottom: 3px; - padding-top: 3px; - } - #bkulogin { - overflow: hidden; - min-width: 190px; - min-height: 180px; - /*height: 260px;*/ - } - h2#tabheader { - font-size: 1.1em; - padding-left: 2%; - padding-right: 2%; - position: relative; - } - .setAssertionButton_full { - background: #efefef; - cursor: pointer; - margin-top: 15px; - width: 100px; - height: 30px - } - #leftbutton { - width: 30%; - float: left; - margin-left: 40px; - } - #rightbutton { - width: 30%; - float: right; - margin-right: 45px; - text-align: right; - } - button { - height: 25px; - width: 75px; - margin-bottom: 10px; - } - #validation { - position: absolute; - bottom: 0px; - margin-left: 270px; - padding-bottom: 10px; - } -} - -@media screen and (max-width: 205px) { - #localBKU p { - font-size: 0.6em; - } - #localBKU input { - font-size: 0.6em; - min-width: 60px; - /* max-width: 65px; */ - min-height: 1.0em; - /* border-radius: 5px; */ - } - #bkuselectionarea input[type=button] { - font-size: 0.7em; - min-width: 55px; - /*min-height: 1.1em; - border-radius: 5px;*/ - margin-bottom: 2% - } - #mandateLogin { - font-size: 0.65em; - } - #bku_header h2 { - font-size: 0.8em; - margin-top: -0.4em; - padding-top: 0.4em; - } - #bkulogin { - min-height: 150px; - } -} - -@media screen and (max-width: 249px) and (min-width: 206px) { - #localBKU p { - font-size: 0.7em; - } - #localBKU input { - font-size: 0.7em; - min-width: 70px; - /* max-width: 75px; */ - min-height: 0.95em; - /* border-radius: 6px; */ - } - #bkuselectionarea input[type=button] { - font-size: 0.75em; - min-width: 60px; - /* min-height: 0.95em; - border-radius: 6px; */ - margin-bottom: 5% - } - #mandateLogin { - font-size: 0.75em; - } - #bku_header h2 { - font-size: 0.9em; - margin-top: -0.45em; - padding-top: 0.45em; - } - #bkulogin { - min-height: 180px; - } -} - -@media screen and (max-width: 299px) and (min-width: 250px) { - #localBKU p { - font-size: 0.9em; - } - #localBKU input { - font-size: 0.8em; - min-width: 70px; - /* max-width: 75px; */ - /* border-radius: 6px; */ - } - #bkuselectionarea input[type=button] { - font-size: 0.85em; - /* min-height: 1.05em; - border-radius: 7px; */ - margin-bottom: 10%; - } - #mandateLogin { - font-size: 1em; - } - #bku_header h2 { - font-size: 1.0em; - margin-top: -0.50em; - padding-top: 0.50em; - } -} - -@media screen and (max-width: 399px) and (min-width: 300px) { - #localBKU p { - font-size: 0.9em; - } - #localBKU input { - font-size: 0.8em; - min-width: 70px; - /* max-width: 75px; */ - /* border-radius: 6px; */ - } - #bkuselectionarea input[type=button] { - font-size: 0.9em; - /* min-height: 1.2em; - border-radius: 8px; */ - margin-bottom: 10%; - max-width: 80px; - } - #mandateLogin { - font-size: 1em; - } - #bku_header h2 { - font-size: 1.1em; - margin-top: -0.55em; - padding-top: 0.55em; - } -} - -@media screen and (max-width: 649px) and (min-width: 400px) { - #localBKU p { - font-size: 0.9em; - } - #localBKU input { - font-size: 0.8em; - min-width: 70px; - /* max-width: 80px; */ - /* border-radius: 6px; */ - } - #bkuselectionarea input[type=button] { - font-size: 1.0em; - /* min-height: 1.3em; - border-radius: 10px; */ - margin-bottom: 10%; - max-width: 85px; - } - #mandateLogin { - font-size: 1.2em; - } - #bku_header h2 { - font-size: 1.3em; - margin-top: -0.65em; - padding-top: 0.65em; - } -} - -@media screen and (max-width: 649px) { - body { - margin: 0; - padding: 0; - color: #000; - text-align: center; - font-size: 100%; - background-color: #MAIN_BACKGOUNDCOLOR#; - } - #page { - visibility: hidden; - margin-top: 0%; - } - #page1 { - visibility: hidden; - } - #main { - visibility: hidden; - } - #validation { - visibility: hidden; - display: none; - } - .OA_header { - margin-bottom: 0px; - margin-top: 0px; - font-size: 0pt; - visibility: hidden; - } - #leftcontent { - visibility: visible; - margin-bottom: 0px; - text-align: left; - border: none; - vertical-align: middle; - min-height: 173px; - min-width: 204px; - } - #bku_header { - height: 10%; - min-height: 1.2em; - margin-top: 1%; - } - h2#tabheader { - padding-left: 2%; - padding-right: 2%; - position: relative; - top: 50%; - } - #bkulogin { - min-width: 190px; - min-height: 155px; - } - .setAssertionButton_full { - background: #efefef; - cursor: pointer; - margin-top: 15px; - width: 70px; - height: 25px; - } - input[type=button] { - /* height: 11%; */ - width: 70%; - } -} - - - @media screen and (max-width: 649px) { - - body { - margin:0; - padding:0; - color : #000; - text-align: center; - font-size: 100%; - background-color: #MAIN_BACKGOUNDCOLOR#; - } - - #page { - visibility: hidden; - margin-top: 0%; - } - - #page1 { - visibility: hidden; - } - - #main { - visibility: hidden; - } - - #validation { - visibility: hidden; - display: none; - } - - .OA_header { - margin-bottom: 0px; - margin-top: 0px; - font-size: 0pt; - visibility: hidden; - } - - #leftcontent { - visibility: visible; - margin-bottom: 0px; - text-align: left; - border:none; - vertical-align: middle; - min-height: 173px; - min-width: 204px; - - } - - #bku_header { - height: 10%; - min-height: 1.2em; - margin-top: 1%; - } - - h2#tabheader{ - padding-left: 2%; - padding-right: 2%; - position: relative; - top: 50%; - } - - #bkulogin { - min-width: 190px; - min-height: 155px; - } - - .setAssertionButton_full { - background: #efefef; - cursor: pointer; - margin-top: 15px; - width: 70px; - height: 25px; - } - - input[type=button] { -/* height: 11%; */ - width: 70%; - } - } - - * { - margin: 0; - padding: 0; - font-family: #FONTTYPE#; - } - - #selectArea { - padding-top: 10px; - padding-bottom: 55px; - padding-left: 10px; - } - - .setAssertionButton { - background: #efefef; - cursor: pointer; - margin-top: 15px; - width: 70px; - height: 25px; - } - - #leftbutton { - width: 35%; - float:left; - margin-left: 15px; - } - - #rightbutton { - width: 35%; - float:right; - margin-right: 25px; - text-align: right; - } - - #mandateLogin { - padding-bottom: 4%; - padding-top: 4%; - height: 10%; - position: relative; - text-align: center; - } - - .verticalcenter { - vertical-align: middle; - } - - #mandateLogin div { - clear: both; - margin-top: -1%; - position: relative; - top: 50%; - } - - #bkuselectionarea { - position: relative; - display: block; - } - - #localBKU { - padding-left: 5%; - padding-right: 2%; - padding-bottom: 4%; - padding-top: 4%; - position: relative; - clear: both; - } - - #bkukarte { - float:left; - text-align:center; - width:40%; - min-height: 70px; - padding-left: 5%; - padding-top: 2%; - } - - #bkuhandy { - float:right; - text-align:center; - width:40%; - min-height: 90px; - padding-right: 5%; - padding-top: 2%; - } - - .bkuimage { - width: 90%; - height: auto; - } - - #mandate{ - text-align:center; - padding : 5px 5px 5px 5px; - } - -/* input[type=button], .sendButton { - background: #BUTTON_BACKGROUNDCOLOR#; - color: #BUTTON_COLOR#; -/* border:1px solid #000; */ -/* cursor: pointer; -/* box-shadow: 3px 3px 3px #222222; */ -/* } - -/* button:hover, button:focus, button:active, - .sendButton:hover , .sendButton:focus, .sendButton:active, - #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active { - background: #BUTTON_BACKGROUNDCOLOR_FOCUS#; - color: #BUTTON_COLOR#; -/* border:1px solid #000; */ -/* cursor: pointer; -/* box-shadow: -1px -1px 3px #222222; */ -/* } - -*/ -input { - /*border:1px solid #000;*/ - cursor: pointer; -} - -#localBKU input { - /* color: #BUTTON_COLOR#; */ - border: 0px; - display: inline-block; -} - -#localBKU input:hover,#localBKU input:focus,#localBKU input:active { - text-decoration: underline; -} - -#installJava,#BrowserNOK { - clear: both; - font-size: 0.8em; - padding: 4px; -} - -.selectText { - -} - -.selectTextHeader { - -} - -.sendButton { - width: 30%; - margin-bottom: 1%; -} - -#leftcontent a { - text-decoration: none; - color: #000; - /* display:block;*/ - padding: 4px; -} - -#leftcontent a:hover,#leftcontent a:focus,#leftcontent a:active { - text-decoration: underline; - color: #000; -} - -.infobutton { - background-color: #005a00; - color: white; - font-family: serif; - text-decoration: none; - padding-top: 2px; - padding-right: 4px; - padding-bottom: 2px; - padding-left: 4px; - font-weight: bold; -} - -.hell { - background-color: #MAIN_BACKGOUNDCOLOR#; - color: #MAIN_COLOR#; -} - -.dunkel { - background-color: #HEADER_BACKGROUNDCOLOR#; - color: #HEADER_COLOR#; -} - -.main_header { - color: black; - font-size: 32pt; - position: absolute; - right: 10%; - top: 40px; -} -</style> -<!-- MOA-ID 2.x BKUSelection JavaScript fucnctions--> -<script type="text/javascript"> - function isIE() { - return (/MSIE (\d+\.\d+);/.test(navigator.userAgent)); - } - function isFullscreen() { - try { - return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height)); - } catch (e) { - return false; - } - } - function isActivexEnabled() { - var supported = null; - try { - supported = !!new ActiveXObject("htmlfile"); - } catch (e) { - supported = false; - } - return supported; - } - function isMetro() { - if (!isIE()) - return false; - return !isActivexEnabled() && isFullscreen(); - } - window.onload=function() { - document.getElementById("localBKU").style.display="block"; - return; - } - function bkuOnlineClicked() { - if (isMetro()) - document.getElementById("metroDetected").style.display="block"; - document.getElementById("localBKU").style.display="block"; -/* if (checkMandateSSO()) - return; */ - - setMandateSelection(); -/* setSSOSelection(); */ - - var iFrameURL = "#AUTH_URL#" + "?"; - iFrameURL += "bkuURI=" + "#ONLINE#"; - iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; -/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ - iFrameURL += "&MODUL=" + "#MODUL#"; - iFrameURL += "&ACTION=" + "#ACTION#"; - iFrameURL += "&MOASessionID=" + "#SESSIONID#"; - generateIFrame(iFrameURL); - } - function bkuHandyClicked() { - document.getElementById("localBKU").style.display="none"; -/* if (checkMandateSSO()) - return; */ - - setMandateSelection(); -/* setSSOSelection(); */ - - var iFrameURL = "#AUTH_URL#" + "?"; - iFrameURL += "bkuURI=" + "#HANDY#"; - iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; -/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ - iFrameURL += "&MODUL=" + "#MODUL#"; - iFrameURL += "&ACTION=" + "#ACTION#"; - iFrameURL += "&MOASessionID=" + "#SESSIONID#"; - generateIFrame(iFrameURL); - } - function storkClicked() { - document.getElementById("localBKU").style.display="none"; -/* if (checkMandateSSO()) - return; */ - - setMandateSelection(); -/* setSSOSelection(); */ - - var ccc = "AT"; - var countrySelection = document.getElementById("cccSelection"); - if (countrySelection != null) { - ccc = document.getElementById("cccSelection").value; - } - var iFrameURL = "#AUTH_URL#" + "?"; - iFrameURL += "bkuURI=" + "#ONLINE#"; - iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; - iFrameURL += "&CCC=" + ccc; -/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ - iFrameURL += "&MODUL=" + "#MODUL#"; - iFrameURL += "&ACTION=" + "#ACTION#"; - iFrameURL += "&MOASessionID=" + "#SESSIONID#"; - generateIFrame(iFrameURL); - } - function generateIFrame(iFrameURL) { - var el = document.getElementById("bkulogin"); - var width = el.clientWidth; - var heigth = el.clientHeight - 20; - var parent = el.parentNode; - - iFrameURL += "&heigth=" + heigth; - iFrameURL += "&width=" + width; - - var iframe = document.createElement("iframe"); - iframe.setAttribute("src", iFrameURL); - iframe.setAttribute("width", el.clientWidth - 1); - iframe.setAttribute("height", el.clientHeight - 1); - iframe.setAttribute("frameborder", "0"); - iframe.setAttribute("scrolling", "no"); - iframe.setAttribute("title", "Login"); - parent.replaceChild(iframe, el); - } - function setMandateSelection() { - document.getElementById("moaidform").action = "#AUTH_URL#"; - document.getElementById("useMandate").value = "false"; - var checkbox = document.getElementById("mandateCheckBox"); - if (checkbox != null) { - if (document.getElementById("mandateCheckBox").checked) { - document.getElementById("useMandate").value = "true"; - } - } - } - function onChangeChecks() { - if (top.innerWidth < 650) { - document.getElementById("moaidform").setAttribute("target","_parent"); - } else { - document.getElementById("moaidform").removeAttribute("target"); - } - - } -/* function setSSOSelection() { - document.getElementById("useSSO").value = "false"; - var checkbox = document.getElementById("SSOCheckBox"); - if (checkbox != null) { - if (document.getElementById("SSOCheckBox").checked) { - document.getElementById("useSSO").value = "true"; - } - } - } */ - -/* function checkMandateSSO() { - var sso = document.getElementById("SSOCheckBox"); - var mandate = document.getElementById("mandateCheckBox"); - - - if (sso.checked && mandate.checked) { - alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!") - mandate.checked = false; - sso.checked = false; - return true; - } else { - return false; - } - } */ - </script> -<title>Anmeldung mittels Bürgerkarte oder Handy-Signatur</title> -</head> -<body onload="onChangeChecks();" onresize="onChangeChecks();"> - <div id="page"> - <div id="page1" class="case selected-case" role="main"> - <h2 class="OA_header" role="heading">Anmeldung an: #OAName#</h2> - <div id="main"> - <div id="leftcontent" class="hell" role="application"> - <div id="bku_header" class="dunkel"> - <h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2> - </div> - <div id="bkulogin" class="hell" role="form"> - <div id="mandateLogin" style=""> - <div> - <input tabindex="1" type="checkbox" name="Mandate" - id="mandateCheckBox" class="verticalcenter" role="checkbox" - onClick='document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);'#MANDATECHECKED#> - <label for="mandateCheckBox" class="verticalcenter">in - Vertretung anmelden</label> - <!--a href="info_mandates.html" - target="_blank" - class="infobutton verticalcenter" - tabindex="5">i</a--> - </div> - </div> - <div id="bkuselectionarea"> - <div id="bkukarte"> - <img class="bkuimage" src="#CONTEXTPATH#/img/online-bku.png" - alt="OnlineBKU" /> <input name="bkuButtonOnline" type="button" - onClick="bkuOnlineClicked();" tabindex="2" role="button" - value="Karte" /> - </div> - <div id="bkuhandy"> - <img class="bkuimage" src="#CONTEXTPATH#/img/mobile-bku.png" - alt="HandyBKU" /> <input name="bkuButtonHandy" type="button" - onClick="bkuHandyClicked();" tabindex="3" role="button" - value="HANDY" /> - </div> - </div> - <div id="localBKU"> - <form method="get" id="moaidform" action="#AUTH_URL#" - class="verticalcenter" target="_parent"> - <input type="hidden" name="bkuURI" value="#LOCAL#"> <input - type="hidden" name="useMandate" id="useMandate"> <input - type="hidden" name="SSO" id="useSSO"> <input - type="hidden" name="CCC" id="ccc"> <input type="hidden" - name="MODUL" value="#MODUL#"> <input type="hidden" - name="ACTION" value="#ACTION#"> <input type="hidden" - name="MOASessionID" value="#SESSIONID#"> <input - type="submit" value=">lokale Bürgerkartenumgebung" tabindex="4" - role="button" class="hell"> - <!--p> - <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small> - </p--> - </form> - </div> - <div id="stork" align="center" style="#STORKVISIBLE#"> - <h2 id="tabheader" class="dunkel">Home Country Selection</h2> - <p> - <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" > - <option value="BE">België/Belgique</option> - <option value="EE">Eesti</option> - <option value="ES">España</option> - <option value="IS">Ísland</option> - <option value="IT">Italia</option> - <option value="LI">Liechtenstein</option> - <option value="LT">Lithuania</option> - <option value="PT">Portugal</option> - <option value="SI">Slovenija</option> - <option value="FI">Suomi</option> - <option value="SE">Sverige</option> - </select> - <button name="bkuButton" type="button" onClick="storkClicked();">Proceed</button> - <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a> - </p> - </div> - - <div id="metroDetected" style="display: none"> - <p>Anscheinend verwenden Sie Internet Explorer im - Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den - Optionen um die Karten-Anmeldung starten zu können.</p> - </div> - </div> - </div> - </div> - </div> - <div id="validation"> - <a href="http://validator.w3.org/check?uri="> <img - style="border: 0; width: 88px; height: 31px" - src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" /> - </a> <a href="http://jigsaw.w3.org/css-validator/"> <img - style="border: 0; width: 88px; height: 31px" - src="https://jigsaw.w3.org/css-validator/images/vcss-blue" - alt="CSS ist valide!" /> - </a> - </div> - </div> -</body> -</html>
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java deleted file mode 100644 index 8c8345bbf..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.messages; - -import java.io.Serializable; - -import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.saml2.metadata.provider.MetadataProvider; -import org.opensaml.saml2.metadata.provider.MetadataProviderException; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; -import at.gv.egovernment.moa.logging.Logger; - -/** - * @author tlenz - * - */ -public class InboundMessage implements InboundMessageInterface, Serializable{ - - private static final long serialVersionUID = 2395131650841669663L; - - private Element samlMessage = null; - private boolean verified = false; - private String entityID = null; - private String relayState = null; - - - public EntityDescriptor getEntityMetadata(MetadataProvider metadataProvider) throws NoMetadataInformationException { - try { - if (metadataProvider == null) - throw new NullPointerException("No PVP MetadataProvider found."); - - return metadataProvider.getEntityDescriptor(this.entityID); - - } catch (MetadataProviderException e) { - Logger.warn("No Metadata for EntitiyID " + entityID); - throw new NoMetadataInformationException(); - } - } - - /** - * @param entitiyID the entitiyID to set - */ - public void setEntityID(String entitiyID) { - this.entityID = entitiyID; - } - - public void setVerified(boolean verified) { - this.verified = verified; - } - - /** - * @param relayState the relayState to set - */ - public void setRelayState(String relayState) { - this.relayState = relayState; - } - - public void setSAMLMessage(Element msg) { - this.samlMessage = msg; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getRelayState() - */ - @Override - public String getRelayState() { - return relayState; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getEntityID() - */ - @Override - public String getEntityID() { - return entityID; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#isVerified() - */ - @Override - public boolean isVerified() { - return verified; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getInboundMessage() - */ - @Override - public Element getInboundMessage() { - return samlMessage; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java deleted file mode 100644 index 60a6f069a..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.messages; - -import org.w3c.dom.Element; - -/** - * @author tlenz - * - */ -public interface InboundMessageInterface { - - public String getRelayState(); - public String getEntityID(); - public boolean isVerified(); - public Element getInboundMessage(); - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java deleted file mode 100644 index 7679e74a6..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java +++ /dev/null @@ -1,66 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.messages; - - -import org.opensaml.Configuration; -import org.opensaml.saml2.core.RequestAbstractType; -import org.opensaml.xml.io.Unmarshaller; -import org.opensaml.xml.io.UnmarshallerFactory; -import org.opensaml.xml.io.UnmarshallingException; -import org.opensaml.xml.signature.SignableXMLObject; - -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.logging.Logger; - -public class MOARequest extends InboundMessage{ - - private static final long serialVersionUID = 8613921176727607896L; - - private String binding = null; - - public MOARequest(SignableXMLObject inboundMessage, String binding) { - setSAMLMessage(inboundMessage.getDOM()); - this.binding = binding; - - } - - public String getRequestBinding() { - return binding; - } - - public SignableXMLObject getSamlRequest() { - UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); - Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage()); - - try { - return (SignableXMLObject) unmashaller.unmarshall(getInboundMessage()); - - } catch (UnmarshallingException e) { - Logger.warn("AuthnRequest Unmarshaller error", e); - return null; - } - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java deleted file mode 100644 index f2512b122..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java +++ /dev/null @@ -1,56 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.messages; - -import org.opensaml.Configuration; -import org.opensaml.saml2.core.StatusResponseType; -import org.opensaml.xml.io.Unmarshaller; -import org.opensaml.xml.io.UnmarshallerFactory; -import org.opensaml.xml.io.UnmarshallingException; - -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.logging.Logger; - -public class MOAResponse extends InboundMessage { - - private static final long serialVersionUID = -1133012928130138501L; - - public MOAResponse(StatusResponseType response) { - setSAMLMessage(response.getDOM()); - } - - public StatusResponseType getResponse() { - UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); - Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage()); - - try { - return (StatusResponseType) unmashaller.unmarshall(getInboundMessage()); - - } catch (UnmarshallingException e) { - Logger.warn("AuthnResponse Unmarshaller error", e); - return null; - } - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java deleted file mode 100644 index 3da4dc18a..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.metadata; - -/** - * @author tlenz - * - */ -public interface IMOARefreshableMetadataProvider { - - /** - * Refresh a entity or load a entity in a metadata provider - * - * @param entityID - * @return true, if refresh is success, otherwise false - */ - public boolean refreshMetadataProvider(String entityID); -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index 7f6f9b88c..1fa17c683 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -23,397 +23,91 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.metadata; import java.io.IOException; +import java.net.MalformedURLException; import java.security.cert.CertificateException; import java.util.ArrayList; -import java.util.Collection; -import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Map.Entry; -import java.util.Timer; -import javax.xml.namespace.QName; - -import org.opensaml.saml2.metadata.EntitiesDescriptor; -import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.saml2.metadata.RoleDescriptor; -import org.opensaml.saml2.metadata.provider.BaseMetadataProvider; -import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider; -import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; -import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.MOAHttpClient; +import org.apache.commons.httpclient.params.HttpClientParams; import org.opensaml.saml2.metadata.provider.MetadataProvider; -import org.opensaml.saml2.metadata.provider.MetadataProviderException; -import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider; -import org.opensaml.xml.XMLObject; import org.opensaml.xml.parse.BasicParserPool; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.IDestroyableObject; -import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PVPEntityCategoryFilter; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPEntityCategoryFilter; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataSignatureFilter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @Service("PVPMetadataProvider") -public class MOAMetadataProvider extends SimpleMOAMetadataProvider - implements ObservableMetadataProvider, IGarbageCollectorProcessing, - IMOARefreshableMetadataProvider, IDestroyableObject { +public class MOAMetadataProvider extends AbstractChainingMetadataProvider { - //private static final int METADATA_GARBAGE_TIMEOUT_SEC = 604800; //7 days - -// private static MOAMetadataProvider instance = null; - MetadataProvider internalProvider = null; - private Timer timer = null; - private static Object mutex = new Object(); - //private Map<String, Date> lastAccess = null; - - - public MOAMetadataProvider() { - internalProvider = new ChainingMetadataProvider(); - //lastAccess = new HashMap<String, Date>(); + @Autowired(required=true) AuthConfiguration moaAuthConfig; - } - -// public static MOAMetadataProvider getInstance() { -// if (instance == null) { -// synchronized (mutex) { -// if (instance == null) { -// instance = new MOAMetadataProvider(); -// -// //add this to MOA garbage collector -// MOAGarbageCollector.addModulForGarbageCollection(instance); -// -// } -// } -// } -// return instance; -// } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector() - */ @Override - public void runGarbageCollector() { - synchronized (mutex) { - - /**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/ - try { - Logger.trace("Check consistence of PVP2X metadata"); - addAndRemoveMetadataProvider(); - - } catch (ConfigurationException e) { - Logger.error("Access to MOA-ID configuration FAILED.", e); - - } - } + protected String getMetadataURL(String entityId) throws EAAFConfigurationException { + ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityId); + if (oaParam != null) + return oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); - } - - -// private static void reInitialize() { -// synchronized (mutex) { -// -// /**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/ -// if (instance != null) -// try { -// Logger.trace("Check consistence of PVP2X metadata"); -// instance.addAndRemoveMetadataProvider(); -// -// } catch (ConfigurationException e) { -// Logger.error("Access to MOA-ID configuration FAILED.", e); -// -// } -// else -// Logger.info("MOAMetadataProvider is not loaded."); -// } -// } - - public void fullyDestroy() { - internalDestroy(); + else { + Logger.debug("Can not process PVP2X metadata: NO onlineApplication with Id: " + entityId); + return null; + } + } - - @Override - public synchronized boolean refreshMetadataProvider(String entityID) { - try { - //check if metadata provider is already loaded - try { - if (internalProvider.getEntityDescriptor(entityID) != null) - return true; - - } catch (MetadataProviderException e) {} - + protected MetadataProvider createNewMetadataProvider(String entityId) throws EAAFConfigurationException, IOException, CertificateException { + ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityId); + if (oaParam != null) { + String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); + String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + if (MiscUtil.isNotEmpty(certBase64)) { + byte[] cert = Base64Utils.decode(certBase64, false); + String oaFriendlyName = oaParam.getUniqueIdentifier(); + + return createNewSimpleMetadataProvider(metadataURL, + buildMetadataFilterChain(oaParam, metadataURL, cert), + oaFriendlyName, + getTimer(), + new BasicParserPool(), + createHttpClient(metadataURL)); - //reload metadata provider - IOAAuthParameters oaParam = - authConfig.getOnlineApplicationParameter(entityID); - if (oaParam != null) { - String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); - if (MiscUtil.isNotEmpty(metadataURL)) { - Map<String, HTTPMetadataProvider> actuallyLoadedProviders = getAllActuallyLoadedProviders(); - - // check if MetadataProvider is actually loaded - if (actuallyLoadedProviders.containsKey(metadataURL)) { - actuallyLoadedProviders.get(metadataURL).refresh(); - Logger.info("PVP2X metadata for onlineApplication: " - + entityID + " is refreshed."); - return true; - - } else { - //load new Metadata Provider - String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); - if (MiscUtil.isNotEmpty(certBase64)) { - byte[] cert = Base64Utils.decode(certBase64, false); - String oaFriendlyName = oaParam.getFriendlyName(); - - if (timer == null) - timer = new Timer(true); - - ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider; - MetadataProvider newMetadataProvider = createNewMoaMetadataProvider(metadataURL, - buildMetadataFilterChain(oaParam, metadataURL, cert), - oaFriendlyName, - timer, - new BasicParserPool()); - - chainProvider.addMetadataProvider(newMetadataProvider); - - emitChangeEvent(); - - Logger.info("PVP2X metadata for onlineApplication: " - + entityID + " is added."); - return true; - - } else - Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata certificate for OA with Id: " + entityID); - - } - - } else - Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata URL for OA with Id: " + entityID); - } else - Logger.debug("Can not refresh PVP2X metadata: NO onlineApplication with Id: " + entityID); - - - } catch (MetadataProviderException e) { - Logger.warn("Refresh PVP2X metadata for onlineApplication: " - + entityID + " FAILED.", e); - - } catch (IOException e) { - Logger.warn("Refresh PVP2X metadata for onlineApplication: " - + entityID + " FAILED.", e); - - } catch (CertificateException e) { - Logger.warn("Refresh PVP2X metadata for onlineApplication: " - + entityID + " FAILED.", e); + Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata certificate for OA with Id: " + entityId); - } catch (ConfigurationException e) { - Logger.warn("Refresh PVP2X metadata for onlineApplication: " - + entityID + " FAILED.", e); } - return false; - - } - - private Map<String, HTTPMetadataProvider> getAllActuallyLoadedProviders() { - Map<String, HTTPMetadataProvider> loadedproviders = new HashMap<String, HTTPMetadataProvider>(); - ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider; - - //make a Map of all actually loaded HTTPMetadataProvider - List<MetadataProvider> providers = chainProvider.getProviders(); - for (MetadataProvider provider : providers) { - if (provider instanceof HTTPMetadataProvider) { - HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider; - loadedproviders.put(httpprovider.getMetadataURI(), httpprovider); - - } - } - - return loadedproviders; - } - - - private void addAndRemoveMetadataProvider() throws ConfigurationException { - if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) { - Logger.info("Reload MOAMetaDataProvider."); - - /*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException) - *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/ - Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>(); - ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider; - - //get all actually loaded metadata providers - Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders(); - - /* TODO: maybe add metadata provider destroy after timeout. - * But could be a problem if one Metadataprovider load an EntitiesDescriptor - * with more the multiple EntityDescriptors. If one of this EntityDesciptors - * are expired the full EntitiesDescriptor is removed. - * - * Timeout requires a better solution in this case! - */ -// Date now = new Date(); -// Date expioredate = new Date(now.getTime() - (METADATA_GARBAGE_TIMEOUT_SEC * 1000)); -// Logger.debug("Starting PVP Metadata garbag collection (Expioredate:" -// + expioredate + ")"); - - //load all PVP2 OAs form ConfigurationDatabase and - //compare actually loaded Providers with configured PVP2 OAs - Map<String, String> allOAs = authConfig.getConfigurationWithWildCard( - MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES - + ".%." - + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); - - if (allOAs != null) { - Iterator<Entry<String, String>> oaInterator = allOAs.entrySet().iterator(); - while (oaInterator.hasNext()) { - Entry<String, String> oaKeyPair = oaInterator.next(); - - IOAAuthParameters oaParam = - authConfig.getOnlineApplicationParameter(oaKeyPair.getValue()); - if (oaParam != null) { - String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); - - HTTPMetadataProvider httpProvider = null; - try { - if (MiscUtil.isNotEmpty(metadataurl)) { - if (loadedproviders.containsKey(metadataurl)) { - // PVP2 OA is actually loaded, to nothing - providersinuse.put(metadataurl, loadedproviders.get(metadataurl)); - loadedproviders.remove(metadataurl); - - - //INFO: load metadata dynamically if they are requested -// } else if ( MiscUtil.isNotEmpty(metadataurl) && -// !providersinuse.containsKey(metadataurl) ) { -// //PVP2 OA is new, add it to MOAMetadataProvider -// String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); -// if (MiscUtil.isNotEmpty(certBase64)) { -// byte[] cert = Base64Utils.decode(certBase64, false); -// String oaFriendlyName = oaParam.getFriendlyName(); -// -// -// Logger.info("Loading metadata for: " + oaFriendlyName); -// httpProvider = createNewHTTPMetaDataProvider( -// metadataurl, -// buildMetadataFilterChain(oaParam, metadataurl, cert), -// oaFriendlyName); -// -// if (httpProvider != null) -// providersinuse.put(metadataurl, httpProvider); -// } + Logger.debug("Can not process PVP2X metadata: NO onlineApplication with Id: " + entityId); + return null; - } - } - } catch (Throwable e) { - Logger.error( - "Failed to add Metadata (unhandled reason: " - + e.getMessage(), e); - - if (httpProvider != null) { - Logger.debug("Destroy failed Metadata provider"); - httpProvider.destroy(); - } - - } - } - } - } - - //remove all actually loaded MetadataProviders with are not in ConfigurationDB any more - Collection<HTTPMetadataProvider> notusedproviders = loadedproviders.values(); - for (HTTPMetadataProvider provider : notusedproviders) { - String metadataurl = provider.getMetadataURI(); - - try { - - provider.destroy(); - - /*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException) - *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/ - //chainProvider.removeMetadataProvider(provider); - - Logger.info("Remove not used MetadataProvider with MetadataURL " + metadataurl); - - } catch (Throwable e) { - Logger.error("HTTPMetadataProvider with URL " + metadataurl - + " can not be removed from the list of actually loaded Providers.", e); - - } - - } - - try { - chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values())); - - emitChangeEvent(); - - } catch (MetadataProviderException e) { - Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy", e); - - } - - - - } else { - Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy"); - } - } - - public void internalDestroy() { - if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) { - Logger.info("Destrorying PVP-Authentication MetaDataProvider."); - ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider; - - List<MetadataProvider> providers = chainProvider.getProviders(); - for (MetadataProvider provider : providers) { - if (provider instanceof HTTPMetadataProvider) { - HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider; - Logger.debug("Destroy HTTPMetadataProvider +" + httpprovider.getMetadataURI()); - httpprovider.destroy(); - - } else { - Logger.warn("MetadataProvider can not be destroyed."); - } - } - - internalProvider = new ChainingMetadataProvider(); - - if (timer != null) - timer.cancel(); - - } else { - Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy"); - } - } - - @Deprecated - /** - * Load all PVP metadata from OA configuration - * - * This method is deprecated because OA metadata should be loaded dynamically - * if the corresponding OA is requested. - */ - private void loadAllPVPMetadataFromKonfiguration() { - ChainingMetadataProvider chainProvider = new ChainingMetadataProvider(); - Logger.info("Loading metadata"); - Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>(); - Map<String, String> allOAs = authConfig.getConfigurationWithWildCard( + @Override + protected List<String> getAllMetadataURLsFromConfiguration() throws EAAFConfigurationException { + List<String> metadataURLs = new ArrayList<String>(); + + Map<String, String> allOAs = moaAuthConfig.getConfigurationWithWildCard( MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + ".%." + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); @@ -423,81 +117,67 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider while (oaInterator.hasNext()) { Entry<String, String> oaKeyPair = oaInterator.next(); - IOAAuthParameters oaParam = - authConfig.getOnlineApplicationParameter(oaKeyPair.getValue()); + ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue()); if (oaParam != null) { String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); - String oaFriendlyName = oaParam.getFriendlyName(); - MetadataProvider httpProvider = null; - - try { - String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); - if (MiscUtil.isNotEmpty(certBase64) && MiscUtil.isNotEmpty(metadataurl)) { - byte[] cert = Base64Utils.decode(certBase64, false); - - - if (timer == null) - timer = new Timer(true); - - Logger.info("Loading metadata for: " + oaFriendlyName); - if (!providersinuse.containsKey(metadataurl)) { - httpProvider = createNewMoaMetadataProvider( - metadataurl, - buildMetadataFilterChain(oaParam, metadataurl, cert), - oaFriendlyName, - timer, - new BasicParserPool()); + if (MiscUtil.isNotEmpty(metadataurl)) + metadataURLs.add(metadataurl); + else + Logger.trace("OA: " + oaParam.getUniqueIdentifier() + " has NO PVP2 metadata URL"); - if (httpProvider != null) - providersinuse.put(metadataurl, httpProvider); - - } else { - Logger.info(metadataurl + " are already added."); - } - - } else { - Logger.info(oaFriendlyName - + " is not a PVP2 Application skipping"); - } - } catch (Throwable e) { - Logger.error( - "Failed to add Metadata (unhandled reason: " - + e.getMessage(), e); - - if (httpProvider != null && httpProvider instanceof BaseMetadataProvider) { - Logger.debug("Destroy failed Metadata provider"); - ((BaseMetadataProvider)httpProvider).destroy(); - - } - } - } + } else + Logger.warn("Something is suspect! OA is in Set of OAs, but no specific OA configuration is found."); } - } else - Logger.info("No Online-Application configuration found. PVP 2.1 metadata provider initialization failed!"); - - try { - chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values())); + } else + Logger.debug("No OA configuration found."); + + return metadataURLs; + } - } catch (MetadataProviderException e) { - Logger.error( - "Failed to add Metadata (unhandled reason: " - + e.getMessage(), e); + private HttpClient createHttpClient(String metadataURL) { + MOAHttpClient httpClient = new MOAHttpClient(); + HttpClientParams httpClientParams = new HttpClientParams(); + httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT); + httpClient.setParams(httpClientParams); + + if (metadataURL.startsWith("https:")) { + try { + //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getTrustedCACertificates(), + null, + AuthConfiguration.DEFAULT_X509_CHAININGMODE, + moaAuthConfig.isTrustmanagerrevoationchecking(), + moaAuthConfig.getRevocationMethodOrder(), + moaAuthConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); + + httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) { + Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + + } } - internalProvider = chainProvider; + return httpClient; } - - private PVPMetadataFilterChain buildMetadataFilterChain(IOAAuthParameters oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException { - PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate); - filterChain.getFilters().add(new SchemaValidationFilter()); + + private MetadataFilterChain buildMetadataFilterChain(ISPConfiguration oaParam, String metadataURL, byte[] certificate) throws CertificateException{ + MetadataFilterChain filterChain = new MetadataFilterChain(); + filterChain.getFilters().add(new SchemaValidationFilter(moaAuthConfig.isPVPSchemaValidationActive())); + filterChain.getFilters().add(new MetadataSignatureFilter(metadataURL, certificate)); filterChain.getFilters().add( new PVPEntityCategoryFilter(authConfig.getBasicMOAIDConfigurationBoolean( AuthConfiguration.PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER, false))); - if (oaParam.isInderfederationIDP()) { + + + if ((new OAAuthParameterDecorator(oaParam)).isInderfederationIDP()) { Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies"); filterChain.getFilters().add(new InterfederatedIDPPublicServiceFilter(metadataURL, oaParam.hasBaseIdTransferRestriction())); @@ -506,116 +186,4 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider return filterChain; } - public boolean requireValidMetadata() { - return internalProvider.requireValidMetadata(); - } - - public void setRequireValidMetadata(boolean requireValidMetadata) { - internalProvider.setRequireValidMetadata(requireValidMetadata); - } - - public MetadataFilter getMetadataFilter() { - return internalProvider.getMetadataFilter(); - } - - public void setMetadataFilter(MetadataFilter newFilter) - throws MetadataProviderException { - internalProvider.setMetadataFilter(newFilter); - } - - public XMLObject getMetadata() throws MetadataProviderException { - return internalProvider.getMetadata(); - } - - public EntitiesDescriptor getEntitiesDescriptor(String entitiesID) - throws MetadataProviderException { - EntitiesDescriptor entitiesDesc = null; - try { - entitiesDesc = internalProvider.getEntitiesDescriptor(entitiesID); - - if (entitiesDesc == null) { - Logger.debug("Can not find PVP metadata for entityID: " + entitiesID - + " Start refreshing process ..."); - if (refreshMetadataProvider(entitiesID)) - return internalProvider.getEntitiesDescriptor(entitiesID); - - } - - } catch (MetadataProviderException e) { - Logger.debug("Can not find PVP metadata for entityID: " + entitiesID - + " Start refreshing process ..."); - if (refreshMetadataProvider(entitiesID)) - return internalProvider.getEntitiesDescriptor(entitiesID); - - } - - return entitiesDesc; - } - - public EntityDescriptor getEntityDescriptor(String entityID) - throws MetadataProviderException { - EntityDescriptor entityDesc = null; - try { - entityDesc = internalProvider.getEntityDescriptor(entityID); - if (entityDesc == null) { - Logger.debug("Can not find PVP metadata for entityID: " + entityID - + " Start refreshing process ..."); - if (refreshMetadataProvider(entityID)) - return internalProvider.getEntityDescriptor(entityID); - - } - - } catch (MetadataProviderException e) { - Logger.debug("Can not find PVP metadata for entityID: " + entityID - + " Start refreshing process ..."); - if (refreshMetadataProvider(entityID)) - return internalProvider.getEntityDescriptor(entityID); - - } - -// if (entityDesc != null) -// lastAccess.put(entityID, new Date()); - - return entityDesc; - } - - public List<RoleDescriptor> getRole(String entityID, QName roleName) - throws MetadataProviderException { - List<RoleDescriptor> result = internalProvider.getRole(entityID, roleName); - -// if (result != null) -// lastAccess.put(entityID, new Date()); - - return result; - } - - public RoleDescriptor getRole(String entityID, QName roleName, - String supportedProtocol) throws MetadataProviderException { - RoleDescriptor result = internalProvider.getRole(entityID, roleName, supportedProtocol); - -// if (result != null) -// lastAccess.put(entityID, new Date()); - - return result; - } - - /* (non-Javadoc) - * @see org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers() - */ - @Override - public List<Observer> getObservers() { - return ((ChainingMetadataProvider) internalProvider).getObservers(); - } - - protected void emitChangeEvent() { - if ((getObservers() == null) || (getObservers().size() == 0)) { - return; - } - - List<Observer> tempObserverList = new ArrayList<Observer>(getObservers()); - for (ObservableMetadataProvider.Observer observer : tempObserverList) - if (observer != null) - observer.onEvent(this); - } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java deleted file mode 100644 index 6c2235654..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java +++ /dev/null @@ -1,246 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.metadata; - -import java.io.File; -import java.util.Timer; - -import javax.net.ssl.SSLHandshakeException; - -import org.apache.commons.httpclient.MOAHttpClient; -import org.apache.commons.httpclient.params.HttpClientParams; -import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider; -import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; -import org.opensaml.saml2.metadata.provider.MetadataFilter; -import org.opensaml.saml2.metadata.provider.MetadataProvider; -import org.opensaml.xml.parse.ParserPool; -import org.springframework.beans.factory.annotation.Autowired; - -import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; -import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; - -/** - * @author tlenz - * - */ -public abstract class SimpleMOAMetadataProvider implements MetadataProvider{ - - private static final String URI_PREFIX_HTTP = "http:"; - private static final String URI_PREFIX_HTTPS = "https:"; - private static final String URI_PREFIX_FILE = "file:"; - - - @Autowired - protected AuthConfiguration authConfig; - - /** - * Create a single SAML2 MOA specific metadata provider - * - * @param metadataLocation where the metadata should be loaded, but never null. If the location starts with http(s):, than a http - * based metadata provider is used. If the location starts with file:, than a filesystem based metadata provider is used - * @param filter Filters, which should be used to validate the metadata - * @param IdForLogging Id, which is used for Logging - * @param timer {@link Timer} which is used to schedule metadata refresh operations - * - * @return SAML2 Metadata Provider, or null if the metadata provider can not initialized - */ - protected MetadataProvider createNewMoaMetadataProvider(String metadataLocation, MetadataFilter filter, - String IdForLogging, Timer timer, ParserPool pool) { - if (metadataLocation.startsWith(URI_PREFIX_HTTP) || metadataLocation.startsWith(URI_PREFIX_HTTPS)) - return createNewHTTPMetaDataProvider(metadataLocation, filter, IdForLogging, timer, pool); - - else { - String absoluteMetadataLocation = FileUtils.makeAbsoluteURL( - metadataLocation, - authConfig.getRootConfigFileDir()); - - if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) { - File metadataFile = new File(absoluteMetadataLocation); - if (metadataFile.exists()) - return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool); - - else { - Logger.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist"); - return null; - } - - } - } - - Logger.warn("SAML2 metadata has an unsupported metadata location prefix: " + metadataLocation); - return null; - - } - - - /** - * Create a single SAML2 filesystem based metadata provider - * - * @param metadataFile File, where the metadata should be loaded - * @param filter Filters, which should be used to validate the metadata - * @param IdForLogging Id, which is used for Logging - * @param timer {@link Timer} which is used to schedule metadata refresh operations - * @param pool - * - * @return SAML2 Metadata Provider - */ - private MetadataProvider createNewFileSystemMetaDataProvider(File metadataFile, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool) { - FilesystemMetadataProvider fileSystemProvider = null; - try { - fileSystemProvider = new FilesystemMetadataProvider(timer, metadataFile); - fileSystemProvider.setParserPool(pool); - fileSystemProvider.setRequireValidMetadata(true); - fileSystemProvider.setMinRefreshDelay(1000*60*15); //15 minutes - fileSystemProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours - //httpProvider.setRefreshDelayFactor(0.1F); - - fileSystemProvider.setMetadataFilter(filter); - fileSystemProvider.initialize(); - - fileSystemProvider.setRequireValidMetadata(true); - - return fileSystemProvider; - - } catch (Exception e) { - Logger.warn( - "Failed to load Metadata file for " - + IdForLogging + "[ " - + "File: " + metadataFile.getAbsolutePath() - + " Msg: " + e.getMessage() + " ]", e); - - - Logger.warn("Can not initialize SAML2 metadata provider from filesystem: " + metadataFile.getAbsolutePath() - + " Reason: " + e.getMessage(), e); - - if (fileSystemProvider != null) - fileSystemProvider.destroy(); - - } - - return null; - - } - - - - /** - * Create a single SAML2 HTTP metadata provider - * - * @param metadataURL URL, where the metadata should be loaded - * @param filter Filters, which should be used to validate the metadata - * @param IdForLogging Id, which is used for Logging - * @param timer {@link Timer} which is used to schedule metadata refresh operations - * @param pool - * - * @return SAML2 Metadata Provider - */ - private MetadataProvider createNewHTTPMetaDataProvider(String metadataURL, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool) { - HTTPMetadataProvider httpProvider = null; - //Timer timer= null; - MOAHttpClient httpClient = null; - try { - httpClient = new MOAHttpClient(); - - HttpClientParams httpClientParams = new HttpClientParams(); - httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT); - httpClient.setParams(httpClientParams); - - if (metadataURL.startsWith("https:")) { - try { - //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 - MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - PVPConstants.SSLSOCKETFACTORYNAME, - authConfig.getTrustedCACertificates(), - null, - AuthConfiguration.DEFAULT_X509_CHAININGMODE, - authConfig.isTrustmanagerrevoationchecking(), - authConfig.getRevocationMethodOrder(), - authConfig.getBasicMOAIDConfigurationBoolean( - AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); - - httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); - - } catch (MOAHttpProtocolSocketFactoryException e) { - Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore."); - - } - } - -// timer = new Timer(true); - httpProvider = new HTTPMetadataProvider(timer, httpClient, - metadataURL); - httpProvider.setParserPool(pool); - httpProvider.setRequireValidMetadata(true); - httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes - httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours - //httpProvider.setRefreshDelayFactor(0.1F); - - httpProvider.setMetadataFilter(filter); - httpProvider.initialize(); - - httpProvider.setRequireValidMetadata(true); - - return httpProvider; - - } catch (Throwable e) { - if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { - Logger.warn("SSL-Server certificate for metadata " - + metadataURL + " not trusted.", e); - - } if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) { - Logger.warn("Signature verification for metadata" - + metadataURL + " FAILED.", e); - - } if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) { - Logger.warn("Schema validation for metadata " - + metadataURL + " FAILED.", e); - } - - Logger.warn( - "Failed to load Metadata file for " - + IdForLogging + "[ " - + e.getMessage() + " ]", e); - - if (httpProvider != null) { - Logger.debug("Destroy failed Metadata provider"); - httpProvider.destroy(); - } - -// if (timer != null) { -// Logger.debug("Destroy Timer."); -// timer.cancel(); -// } - - - } - - return null; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java deleted file mode 100644 index af9ba0180..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java +++ /dev/null @@ -1,216 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.signer; - -import java.security.KeyStore; -import java.security.PrivateKey; -import java.security.interfaces.ECPrivateKey; -import java.security.interfaces.RSAPrivateKey; - -import org.opensaml.xml.security.credential.Credential; -import org.opensaml.xml.security.credential.UsageType; -import org.opensaml.xml.security.x509.X509Credential; -import org.opensaml.xml.signature.Signature; -import org.opensaml.xml.signature.SignatureConstants; - -import at.gv.egovernment.moa.id.opemsaml.MOAKeyStoreX509CredentialAdapter; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.KeyStoreUtils; -import at.gv.egovernment.moa.util.MiscUtil; - -public abstract class AbstractCredentialProvider { - - private KeyStore keyStore = null; - - /** - * Get a friendlyName for this keyStore implementation - * This friendlyName is used for logging - * - * @return keyStore friendlyName - */ - public abstract String getFriendlyName(); - - /** - * Get KeyStore - * - * @return URL to the keyStore - */ - public abstract String getKeyStoreFilePath(); - - /** - * Get keyStore password - * - * @return Password of the keyStore - */ - public abstract String getKeyStorePassword(); - - /** - * Get alias of key for metadata signing - * - * @return key alias - */ - public abstract String getMetadataKeyAlias(); - - /** - * Get password of key for metadata signing - * - * @return key password - */ - public abstract String getMetadataKeyPassword(); - - /** - * Get alias of key for request/response signing - * - * @return key alias - */ - public abstract String getSignatureKeyAlias(); - - /** - * Get password of key for request/response signing - * - * @return key password - */ - public abstract String getSignatureKeyPassword(); - - /** - * Get alias of key for IDP response encryption - * - * @return key alias - */ - public abstract String getEncryptionKeyAlias(); - - /** - * Get password of key for IDP response encryption - * - * @return key password - */ - public abstract String getEncryptionKeyPassword(); - - - public X509Credential getIDPMetaDataSigningCredential() - throws CredentialsNotAvailableException { - try { - - if (keyStore == null) - keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), - getKeyStorePassword()); - - MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter( - keyStore, getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray()); - - credentials.setUsageType(UsageType.SIGNING); - if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { - Logger.error(getFriendlyName() + " Metadata Signing credentials is not found or contains no PrivateKey."); - throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: " - + getMetadataKeyAlias() + ") is not found or contains no PrivateKey."}); - - } - return credentials; - } catch (Exception e) { - Logger.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials"); - e.printStackTrace(); - throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e); - } - } - - public X509Credential getIDPAssertionSigningCredential() - throws CredentialsNotAvailableException { - try { - if (keyStore == null) - keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), - getKeyStorePassword()); - - MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter( - keyStore, getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray()); - - credentials.setUsageType(UsageType.SIGNING); - if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { - Logger.error(getFriendlyName() + " Assertion Signing credentials is not found or contains no PrivateKey."); - throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: " - + getSignatureKeyAlias() + ") is not found or contains no PrivateKey."}); - - } - - return (X509Credential) credentials; - } catch (Exception e) { - Logger.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials"); - e.printStackTrace(); - throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e); - } - } - - public X509Credential getIDPAssertionEncryptionCredential() - throws CredentialsNotAvailableException { - try { - if (keyStore == null) - keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), - getKeyStorePassword()); - - //if no encryption key is configured return null - if (MiscUtil.isEmpty(getEncryptionKeyAlias())) - return null; - - MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter( - keyStore, getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray()); - - credentials.setUsageType(UsageType.ENCRYPTION); - - if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { - Logger.error(getFriendlyName() + " Assertion Encryption credentials is not found or contains no PrivateKey."); - throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Encryption credentials (Alias: " - + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey."}); - - } - - return (X509Credential) credentials; - - } catch (Exception e) { - Logger.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials"); - e.printStackTrace(); - throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e); - } - } - - public static Signature getIDPSignature(Credential credentials) { - PrivateKey privatekey = credentials.getPrivateKey(); - Signature signer = SAML2Utils.createSAMLObject(Signature.class); - - if (privatekey instanceof RSAPrivateKey) { - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); - - } else if (privatekey instanceof ECPrivateKey) { - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256); - - } else { - Logger.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId() + " credential."); - - - } - - signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - signer.setSigningCredential(credentials); - return signer; - - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java deleted file mode 100644 index 85de666c9..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java +++ /dev/null @@ -1,44 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.signer; - -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; - -public class CredentialsNotAvailableException extends MOAIDException { - - public CredentialsNotAvailableException(String messageId, - Object[] parameters) { - super(messageId, parameters); - } - - public CredentialsNotAvailableException(String messageId, - Object[] parameters, Throwable e) { - super(messageId, parameters, e); - } - - /** - * - */ - private static final long serialVersionUID = -2564476345552842599L; - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java index 381289824..389d97b18 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java @@ -25,13 +25,14 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.signer; import java.util.Properties; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; -@Service("IDPCredentialProvider") +//@Service("PVPIDPCredentialProvider") public class IDPCredentialProvider extends AbstractCredentialProvider { public static final String IDP_JAVAKEYSTORE = "idp.ks.file"; public static final String IDP_KS_PASS = "idp.ks.kspassword"; @@ -53,14 +54,14 @@ public class IDPCredentialProvider extends AbstractCredentialProvider { * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath() */ @Override - public String getKeyStoreFilePath() { + public String getKeyStoreFilePath() throws EAAFException { if (props == null) props = authConfig.getGeneralPVP2ProperiesConfig(); + return FileUtils.makeAbsoluteURL( - props.getProperty(IDP_JAVAKEYSTORE), - authConfig.getRootConfigFileDir()); - + props.getProperty(IDP_JAVAKEYSTORE), + authConfig.getRootConfigFileDir()); } /* (non-Javadoc) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java deleted file mode 100644 index ef64efb56..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java +++ /dev/null @@ -1,27 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.signer; - -public class SAMLSigner { - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java deleted file mode 100644 index 106be8a09..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java +++ /dev/null @@ -1,286 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.utils; - -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.Date; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import org.opensaml.saml2.core.Assertion; -import org.opensaml.saml2.core.Attribute; -import org.opensaml.saml2.core.AttributeStatement; -import org.opensaml.saml2.core.AuthnContextClassRef; -import org.opensaml.saml2.core.AuthnStatement; -import org.opensaml.saml2.core.Response; -import org.opensaml.saml2.core.StatusResponseType; -import org.opensaml.saml2.core.Subject; -import org.opensaml.xml.XMLObject; - -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -public class AssertionAttributeExtractor { - - private Assertion assertion = null; - private Map<String, List<String>> attributs = new HashMap<String, List<String>>(); - //private PersonalAttributeList storkAttributes = new PersonalAttributeList(); - - private final List<String> minimalAttributeNameList = Arrays.asList( - PVPConstants.PRINCIPAL_NAME_NAME, - PVPConstants.GIVEN_NAME_NAME, - PVPConstants.ENC_BPK_LIST_NAME, - PVPConstants.BPK_NAME); - - /** - * Parse the SAML2 Response element and extracts included information - * <br><br> - * <b>INFO:</b> Actually, only the first SAML2 Assertion of the SAML2 Response is used! - * - * @param samlResponse SAML2 Response - * @throws AssertionAttributeExtractorExeption - */ - public AssertionAttributeExtractor(StatusResponseType samlResponse) throws AssertionAttributeExtractorExeption { - if (samlResponse != null && samlResponse instanceof Response) { - List<Assertion> assertions = ((Response) samlResponse).getAssertions(); - if (assertions.size() == 0) - throw new AssertionAttributeExtractorExeption("Assertion"); - - else if (assertions.size() > 1) - Logger.warn("Found more then ONE PVP2.1 assertions. Only the First is used."); - - assertion = assertions.get(0); - - if (assertion.getAttributeStatements() != null && - assertion.getAttributeStatements().size() > 0) { - AttributeStatement attrStat = assertion.getAttributeStatements().get(0); - for (Attribute attr : attrStat.getAttributes()) { - if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) { - List<String> storkAttrValues = new ArrayList<String>(); - for (XMLObject el : attr.getAttributeValues()) - storkAttrValues.add(el.getDOM().getTextContent()); - -// PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(), -// false, storkAttrValues , "Available"); -// storkAttributes.put(attr.getName(), storkAttr ); - - } else { - List<String> attrList = new ArrayList<String>(); - for (XMLObject el : attr.getAttributeValues()) - attrList.add(el.getDOM().getTextContent()); - - attributs.put(attr.getName(), attrList); - - } - } - - } - - } else - throw new AssertionAttributeExtractorExeption(); - } - - /** - * Get all SAML2 attributes from first SAML2 AttributeStatement element - * - * @return List of SAML2 Attributes - */ - public List<Attribute> getAllResponseAttributesFromFirstAttributeStatement() { - return assertion.getAttributeStatements().get(0).getAttributes(); - - } - - /** - * Get all SAML2 attributes of specific SAML2 AttributeStatement element - * - * @param attrStatementID List ID of the AttributeStatement element - * @return List of SAML2 Attributes - */ - public List<Attribute> getAllResponseAttributes(int attrStatementID) { - return assertion.getAttributeStatements().get(attrStatementID).getAttributes(); - - } - - /** - * check attributes from assertion with minimal required attribute list - * @return - */ - public boolean containsAllRequiredAttributes() { - return containsAllRequiredAttributes(minimalAttributeNameList); - - } - - /** - * check attributes from assertion with attributeNameList - * bPK or enc_bPK are always needed - * - * @param List of attributes which are required - * - * @return - */ - public boolean containsAllRequiredAttributes(Collection<String> attributeNameList) { - - //first check if a bPK or an encrypted bPK is available - boolean flag = true; - for (String attr : attributeNameList) { - if (!attributs.containsKey(attr)) { - flag = false; - Logger.debug("Assertion contains no Attribute " + attr); - - } - - } - - if (flag) - return flag; - - else { - Logger.debug("Assertion contains no bPK or encryptedbPK."); - return false; - - } - } - - public boolean containsAttribute(String attributeName) { - return attributs.containsKey(attributeName); - - } - - public String getSingleAttributeValue(String attributeName) { - if (attributs.containsKey(attributeName) && attributs.get(attributeName).size() > 0) - return attributs.get(attributeName).get(0); - else - return null; - - } - - public List<String> getAttributeValues(String attributeName) { - return attributs.get(attributeName); - - } - - /** - * Return all include PVP attribute names - * - * @return - */ - public Set<String> getAllIncludeAttributeNames() { - return attributs.keySet(); - - } - -// public PersonalAttributeList getSTORKAttributes() { -// return storkAttributes; -// } - - - public String getNameID() throws AssertionAttributeExtractorExeption { - if (assertion.getSubject() != null) { - Subject subject = assertion.getSubject(); - - if (subject.getNameID() != null) { - if (MiscUtil.isNotEmpty(subject.getNameID().getValue())) - return subject.getNameID().getValue(); - - else - Logger.error("SAML2 NameID Element is empty."); - } - } - - throw new AssertionAttributeExtractorExeption("nameID"); - } - - public String getSessionIndex() throws AssertionAttributeExtractorExeption { - AuthnStatement authn = getAuthnStatement(); - - if (MiscUtil.isNotEmpty(authn.getSessionIndex())) - return authn.getSessionIndex(); - - else - throw new AssertionAttributeExtractorExeption("SessionIndex"); - } - - /** - * @return - * @throws AssertionAttributeExtractorExeption - */ - public String getQAALevel() throws AssertionAttributeExtractorExeption { - AuthnStatement authn = getAuthnStatement(); - if (authn.getAuthnContext() != null && authn.getAuthnContext().getAuthnContextClassRef() != null) { - AuthnContextClassRef qaaClass = authn.getAuthnContext().getAuthnContextClassRef(); - - if (MiscUtil.isNotEmpty(qaaClass.getAuthnContextClassRef())) - return qaaClass.getAuthnContextClassRef(); - - else - throw new AssertionAttributeExtractorExeption("AuthnContextClassRef (QAALevel)"); - } - - throw new AssertionAttributeExtractorExeption("AuthnContextClassRef"); - } - - public Assertion getFullAssertion() { - return assertion; - } - - - /** - * Get the Assertion validTo period - * - * Primarily, the 'SessionNotOnOrAfter' attribute in the SAML2 'AuthnStatment' element is used. - * If this is empty, this method returns value of SAML 'Conditions' element. - * - * @return Date, until this SAML2 assertion is valid - */ - public Date getAssertionNotOnOrAfter() { - if (getFullAssertion().getAuthnStatements() != null - && getFullAssertion().getAuthnStatements().size() > 0) { - for (AuthnStatement el : getFullAssertion().getAuthnStatements()) { - if (el.getSessionNotOnOrAfter() != null) - return (el.getSessionNotOnOrAfter().toDate()); - } - - } - - return getFullAssertion().getConditions().getNotOnOrAfter().toDate(); - - } - - private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption { - List<AuthnStatement> authnList = assertion.getAuthnStatements(); - if (authnList.size() == 0) - throw new AssertionAttributeExtractorExeption("AuthnStatement"); - - else if (authnList.size() > 1) - Logger.warn("Found more then ONE AuthnStatements in PVP2.1 assertions. Only the First is used."); - - return authnList.get(0); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java index e02ecb662..d7ada1f36 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java @@ -35,6 +35,7 @@ import org.opensaml.xml.XMLObject; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java deleted file mode 100644 index 28a85b4af..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java +++ /dev/null @@ -1,145 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.utils; - -import java.io.IOException; -import java.security.NoSuchAlgorithmException; -import java.util.List; - -import javax.xml.namespace.QName; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.transform.TransformerException; - -import org.opensaml.Configuration; -import org.opensaml.common.impl.SecureRandomIdentifierGenerator; -import org.opensaml.saml2.core.Status; -import org.opensaml.saml2.core.StatusCode; -import org.opensaml.saml2.metadata.AssertionConsumerService; -import org.opensaml.saml2.metadata.SPSSODescriptor; -import org.opensaml.ws.soap.soap11.Body; -import org.opensaml.ws.soap.soap11.Envelope; -import org.opensaml.xml.XMLObject; -import org.opensaml.xml.XMLObjectBuilderFactory; -import org.opensaml.xml.io.Marshaller; -import org.opensaml.xml.io.MarshallingException; -import org.w3c.dom.Document; - -import at.gv.egovernment.moa.id.util.Random; - -public class SAML2Utils { - - public static <T> T createSAMLObject(final Class<T> clazz) { - try { - XMLObjectBuilderFactory builderFactory = Configuration - .getBuilderFactory(); - - QName defaultElementName = (QName) clazz.getDeclaredField( - "DEFAULT_ELEMENT_NAME").get(null); - @SuppressWarnings("unchecked") - T object = (T) builderFactory.getBuilder(defaultElementName) - .buildObject(defaultElementName); - return object; - } catch (Throwable e) { - e.printStackTrace(); - return null; - } - } - - public static String getSecureIdentifier() { - return "_".concat(Random.nextHexRandom16()); - - /*Bug-Fix: There are open problems with RandomNumberGenerator via Java SPI and Java JDK 8.121 - * Generation of a 16bit Random identifier FAILES with an Caused by: java.lang.ArrayIndexOutOfBoundsException - * Caused by: java.lang.ArrayIndexOutOfBoundsException - at iaik.security.random.o.engineNextBytes(Unknown Source) - at iaik.security.random.SecRandomSpi.engineNextBytes(Unknown Source) - at java.security.SecureRandom.nextBytes(SecureRandom.java:468) - at org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:62) - at org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:56) - at at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils.getSecureIdentifier(SAML2Utils.java:69) - */ - //return idGenerator.generateIdentifier(); - } - - private static SecureRandomIdentifierGenerator idGenerator; - - private static DocumentBuilder builder; - static { - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - try { - builder = factory.newDocumentBuilder(); - } catch (ParserConfigurationException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - try { - idGenerator = new SecureRandomIdentifierGenerator(); - } catch(NoSuchAlgorithmException e) { - e.printStackTrace(); - } - } - - public static Document asDOMDocument(XMLObject object) throws IOException, - MarshallingException, TransformerException { - Document document = builder.newDocument(); - Marshaller out = Configuration.getMarshallerFactory().getMarshaller( - object); - out.marshall(object, document); - return document; - } - - public static Status getSuccessStatus() { - Status status = SAML2Utils.createSAMLObject(Status.class); - StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); - statusCode.setValue(StatusCode.SUCCESS_URI); - status.setStatusCode(statusCode); - return status; - } - - public static int getDefaultAssertionConsumerServiceIndex(SPSSODescriptor spSSODescriptor) { - - List<AssertionConsumerService> assertionConsumerList = spSSODescriptor.getAssertionConsumerServices(); - - for (AssertionConsumerService el : assertionConsumerList) { - if (el.isDefault()) - return el.getIndex(); - - } - - return 0; - } - - public static Envelope buildSOAP11Envelope(XMLObject payload) { - XMLObjectBuilderFactory bf = Configuration.getBuilderFactory(); - Envelope envelope = (Envelope) bf.getBuilder(Envelope.DEFAULT_ELEMENT_NAME).buildObject(Envelope.DEFAULT_ELEMENT_NAME); - Body body = (Body) bf.getBuilder(Body.DEFAULT_ELEMENT_NAME).buildObject(Body.DEFAULT_ELEMENT_NAME); - - body.getUnknownXMLObjects().add(payload); - envelope.setBody(body); - - return envelope; - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java deleted file mode 100644 index 86ca591ee..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java +++ /dev/null @@ -1,187 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.validation; - -import javax.xml.namespace.QName; -import javax.xml.transform.dom.DOMSource; -import javax.xml.validation.Schema; -import javax.xml.validation.Validator; - -import org.opensaml.common.SignableSAMLObject; -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.common.xml.SAMLSchemaBuilder; -import org.opensaml.security.MetadataCriteria; -import org.opensaml.security.SAMLSignatureProfileValidator; -import org.opensaml.ws.message.MessageContext; -import org.opensaml.ws.security.SecurityPolicyException; -import org.opensaml.ws.security.SecurityPolicyRule; -import org.opensaml.xml.XMLObject; -import org.opensaml.xml.security.CriteriaSet; -import org.opensaml.xml.security.credential.UsageType; -import org.opensaml.xml.security.criteria.EntityIDCriteria; -import org.opensaml.xml.security.criteria.UsageCriteria; -import org.opensaml.xml.signature.SignatureTrustEngine; -import org.opensaml.xml.validation.ValidationException; -import org.w3c.dom.Element; -import org.xml.sax.SAXException; - -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -/** - * @author tlenz - * - */ -public abstract class AbstractRequestSignedSecurityPolicyRule implements SecurityPolicyRule { - - private SignatureTrustEngine trustEngine = null; - private QName peerEntityRole = null; - /** - * @param peerEntityRole - * - */ - public AbstractRequestSignedSecurityPolicyRule(SignatureTrustEngine trustEngine, QName peerEntityRole) { - this.trustEngine = trustEngine; - this.peerEntityRole = peerEntityRole; - - } - - - /** - * Reload the PVP metadata for a given entity - * - * @param entityID for which the metadata should be refreshed. - * @return true if the refresh was successful, otherwise false - */ - protected abstract boolean refreshMetadataProvider(String entityID); - - - protected abstract SignableSAMLObject getSignedSAMLObject(XMLObject inboundData); - - /* (non-Javadoc) - * @see org.opensaml.ws.security.SecurityPolicyRule#evaluate(org.opensaml.ws.message.MessageContext) - */ - @Override - public void evaluate(MessageContext context) throws SecurityPolicyException { - try { - verifySignature(context); - - } catch (SecurityPolicyException e) { - if (MiscUtil.isEmpty(context.getInboundMessageIssuer())) { - throw e; - - } - Logger.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + context.getInboundMessageIssuer()); - if (!refreshMetadataProvider(context.getInboundMessageIssuer())) - throw e; - - else { - Logger.trace("PVP2X metadata reload finished. Check validate message again."); - verifySignature(context); - - } - Logger.trace("Second PVP2X message validation finished"); - - } - - - } - - private void verifySignature(MessageContext context) throws SecurityPolicyException { - SignableSAMLObject samlObj = getSignedSAMLObject(context.getInboundMessage()); - if (samlObj != null && samlObj.getSignature() != null) { - - SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); - try { - profileValidator.validate(samlObj.getSignature()); - performSchemaValidation(samlObj.getDOM()); - - } catch (ValidationException e) { - Logger.warn("Signature is not conform to SAML signature profile", e); - throw new SecurityPolicyException("Signature is not conform to SAML signature profile"); - - } catch (SchemaValidationException e) { - Logger.warn("Signature is not conform to SAML signature profile", e); - throw new SecurityPolicyException("Signature is not conform to SAML signature profile"); - - } - - - - CriteriaSet criteriaSet = new CriteriaSet(); - criteriaSet.add( new EntityIDCriteria(context.getInboundMessageIssuer()) ); - criteriaSet.add( new MetadataCriteria(peerEntityRole, SAMLConstants.SAML20P_NS) ); - criteriaSet.add( new UsageCriteria(UsageType.SIGNING) ); - - try { - if (!trustEngine.validate(samlObj.getSignature(), criteriaSet)) { - throw new SecurityPolicyException("Signature validation FAILED."); - - } - Logger.debug("PVP message signature valid."); - - } catch (org.opensaml.xml.security.SecurityException e) { - Logger.info("PVP2x message signature validation FAILED. Message:" + e.getMessage()); - throw new SecurityPolicyException("Signature validation FAILED."); - - } - - } else { - throw new SecurityPolicyException("PVP Message is not signed."); - - } - - } - - private void performSchemaValidation(Element source) throws SchemaValidationException { - - String err = null; - try { - Schema test = SAMLSchemaBuilder.getSAML11Schema(); - Validator val = test.newValidator(); - val.validate(new DOMSource(source)); - Logger.debug("Schema validation check done OK"); - return; - - } catch (SAXException e) { - err = e.getMessage(); - if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) - Logger.warn("Schema validation FAILED with exception:", e); - else - Logger.warn("Schema validation FAILED with message: "+ e.getMessage()); - - } catch (Exception e) { - err = e.getMessage(); - if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) - Logger.warn("Schema validation FAILED with exception:", e); - else - Logger.warn("Schema validation FAILED with message: "+ e.getMessage()); - - } - - throw new SchemaValidationException("pvp2.22", new Object[]{err}); - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java index 4ae89466d..b42a1de28 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java @@ -1,52 +1,44 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ +/******************************************************************************* + *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.validation; +import javax.servlet.http.HttpServletRequest; + import org.opensaml.saml2.core.AuthnRequest; import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.core.NameIDPolicy; +import org.opensaml.saml2.metadata.AttributeConsumingService; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; +import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator; +import at.gv.egiz.eaaf.modules.pvp2.exception.NameIDFormatNotSupportedException; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes; +import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException; -import at.gv.egovernment.moaspss.logging.Logger; /** * @author tlenz * */ -public class AuthnRequestValidator { - - public static void validate(AuthnRequest req) throws AuthnRequestValidatorException{ +@Service("MOAAuthnRequestValidator") +public class AuthnRequestValidator implements IAuthnRequestValidator { + + public void validate(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authnReq, SPSSODescriptor spSSODescriptor) throws AuthnRequestValidatorException{ //validate NameIDPolicy - NameIDPolicy nameIDPolicy = req.getNameIDPolicy(); + NameIDPolicy nameIDPolicy = authnReq.getNameIDPolicy(); if (nameIDPolicy != null) { String nameIDFormat = nameIDPolicy.getFormat(); if (nameIDFormat != null) { if ( !(NameID.TRANSIENT.equals(nameIDFormat) || NameID.PERSISTENT.equals(nameIDFormat) || NameID.UNSPECIFIED.equals(nameIDFormat)) ) { - + throw new NameIDFormatNotSupportedException(nameIDFormat); } @@ -55,8 +47,32 @@ public class AuthnRequestValidator { Logger.trace("Find NameIDPolicy, but NameIDFormat is 'null'"); } else Logger.trace("AuthnRequest includes no 'NameIDPolicy'"); - + + //select AttributeConsumingService from request + AttributeConsumingService attributeConsumer = null; + Integer aIdx = authnReq.getAttributeConsumingServiceIndex(); + int attributeIdx = 0; + + if(aIdx != null) { + attributeIdx = aIdx.intValue(); + } + + if (spSSODescriptor.getAttributeConsumingServices() != null && + spSSODescriptor.getAttributeConsumingServices().size() > 0) { + attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx); + } + + String useMandate = httpReq.getParameter(MOAIDAuthConstants.PARAM_USEMANDATE); + if(useMandate != null) { + if(useMandate.equals("true") && attributeConsumer != null) { + if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) { + MandateAttributesNotHandleAbleException e = new MandateAttributesNotHandleAbleException(); + throw new AuthnRequestValidatorException(e.getErrorId(), e.getParams(), e.getMessage(), pendingReq, e); + } + } + } } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java index a9f9b206e..91de943d5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java @@ -28,7 +28,8 @@ import java.util.List; import org.opensaml.saml2.core.RequestAbstractType; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.modules.pvp2.api.validation.ISAMLValidator; public class ChainSAMLValidator implements ISAMLValidator { @@ -39,7 +40,7 @@ private List<ISAMLValidator> validator = new ArrayList<ISAMLValidator>(); } public void validateRequest(RequestAbstractType request) - throws MOAIDException { + throws EAAFException { Iterator<ISAMLValidator> validatorIterator = validator.iterator(); while(validatorIterator.hasNext()) { ISAMLValidator validator = validatorIterator.next(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java deleted file mode 100644 index 4f697d986..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java +++ /dev/null @@ -1,31 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.validation; - -import org.opensaml.saml2.core.RequestAbstractType; - -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; - -public interface ISAMLValidator { - public void validateRequest(RequestAbstractType request) throws MOAIDException; -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java deleted file mode 100644 index 7b3f890e9..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.validation; - -import javax.xml.namespace.QName; - -import org.opensaml.common.SignableSAMLObject; -import org.opensaml.saml2.metadata.provider.MetadataProvider; -import org.opensaml.xml.XMLObject; -import org.opensaml.xml.signature.SignatureTrustEngine; - -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider; -import at.gv.egovernment.moa.logging.Logger; - -/** - * @author tlenz - * - */ -public class MOAPVPSignedRequestPolicyRule extends - AbstractRequestSignedSecurityPolicyRule { - - private IMOARefreshableMetadataProvider metadataProvider = null; - - /** - * @param metadataProvider - * @param trustEngine - * @param peerEntityRole - */ - public MOAPVPSignedRequestPolicyRule(MetadataProvider metadataProvider, SignatureTrustEngine trustEngine, - QName peerEntityRole) { - super(trustEngine, peerEntityRole); - if (metadataProvider instanceof IMOARefreshableMetadataProvider) - this.metadataProvider = (IMOARefreshableMetadataProvider) metadataProvider; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#refreshMetadataProvider(java.lang.String) - */ - @Override - protected boolean refreshMetadataProvider(String entityID) { - if (metadataProvider != null) - return metadataProvider.refreshMetadataProvider(entityID); - - return false; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#getSignedSAMLObject(org.opensaml.xml.XMLObject) - */ - @Override - protected SignableSAMLObject getSignedSAMLObject(XMLObject inboundData) { - if (inboundData instanceof SignableSAMLObject) - return (SignableSAMLObject) inboundData; - - else - return null; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOASAML2AuthRequestSignedRole.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOASAML2AuthRequestSignedRole.java deleted file mode 100644 index efcf21b50..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOASAML2AuthRequestSignedRole.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.validation; - -import org.opensaml.common.binding.SAMLMessageContext; -import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule; -import org.opensaml.ws.transport.http.HTTPInTransport; -import org.opensaml.xml.util.DatatypeHelper; - -/** - * @author tlenz - * - */ -public class MOASAML2AuthRequestSignedRole extends SAML2AuthnRequestsSignedRule { - - @Override - protected boolean isMessageSigned(SAMLMessageContext messageContext) { - // This handles HTTP-Redirect and HTTP-POST-SimpleSign bindings. - HTTPInTransport inTransport = (HTTPInTransport) messageContext.getInboundMessageTransport(); - String sigParam = inTransport.getParameterValue("Signature"); - boolean isSigned = !DatatypeHelper.isEmpty(sigParam); - - String sigAlgParam = inTransport.getParameterValue("SigAlg"); - boolean isSigAlgExists = !DatatypeHelper.isEmpty(sigAlgParam); - - return isSigned && isSigAlgExists; - - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java index 952a6024a..9abaf9330 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java @@ -27,13 +27,14 @@ import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.security.SAMLSignatureProfileValidator; import org.opensaml.xml.validation.ValidationException; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.modules.pvp2.api.validation.ISAMLValidator; +import at.gv.egiz.eaaf.modules.pvp2.idp.exception.SAMLRequestNotSignedException; public class SAMLSignatureValidator implements ISAMLValidator { public void validateRequest(RequestAbstractType request) - throws MOAIDException { + throws EAAFException { if (request.getSignature() == null) { throw new SAMLRequestNotSignedException(); } @@ -48,7 +49,7 @@ public class SAMLSignatureValidator implements ISAMLValidator { } public static void validateSignable(SignableSAMLObject signableObject) - throws MOAIDException { + throws EAAFException { if (signableObject.getSignature() == null) { throw new SAMLRequestNotSignedException(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java index d05d180e1..1286c2351 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java @@ -23,7 +23,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.verification; import java.io.IOException; -import java.util.List; +import java.security.cert.CertificateException; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; @@ -34,82 +34,38 @@ import org.opensaml.xml.security.x509.BasicX509Credential; import org.opensaml.xml.signature.SignatureValidator; import org.opensaml.xml.validation.ValidationException; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SAMLMetadataSignatureException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; +import iaik.x509.X509Certificate; public class EntityVerifier { - public static byte[] fetchSavedCredential(String entityID) { -// List<OnlineApplication> oaList = ConfigurationDBRead -// .getAllActiveOnlineApplications(); - try { - IOAAuthParameters oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID); - - if (oa == null) { - Logger.debug("No OnlineApplication with EntityID: " + entityID); - return null; - - } - - String certBase64 = oa.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); - if (MiscUtil.isNotEmpty(certBase64)) { - return Base64Utils.decode(certBase64, false); - - } - - } catch (ConfigurationException e) { - Logger.error("Access MOA-ID configuration FAILED.", e); - - } catch (IOException e) { - Logger.warn("Decoding PVP2X metadata certificate FAILED.", e); - - } - - return null; - } - public static void verify(EntityDescriptor entityDescriptor) - throws MOAIDException { - if (entityDescriptor.getSignature() == null) { - throw new SAMLRequestNotSignedException(); - } - - try { - SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); - sigValidator.validate(entityDescriptor.getSignature()); - } catch (ValidationException e) { - Logger.error("Failed to validate Signature", e); - throw new SAMLRequestNotSignedException(e); - } - + throws EAAFException { + Credential credential = getSPTrustedCredential(entityDescriptor.getEntityID()); if (credential == null) { throw new NoCredentialsException(entityDescriptor.getEntityID()); } - - SignatureValidator sigValidator = new SignatureValidator(credential); - try { - sigValidator.validate(entityDescriptor.getSignature()); - } catch (ValidationException e) { - Logger.error("Failed to verfiy Signature", e); - throw new SAMLRequestNotSignedException(e); - } + + verify(entityDescriptor, credential); + } public static void verify(EntityDescriptor entityDescriptor, Credential cred) - throws MOAIDException { + throws EAAFException { if (entityDescriptor.getSignature() == null) { - throw new SAMLRequestNotSignedException(); + throw new SAMLMetadataSignatureException(); } try { @@ -117,7 +73,7 @@ public class EntityVerifier { sigValidator.validate(entityDescriptor.getSignature()); } catch (ValidationException e) { Logger.error("Failed to validate Signature", e); - throw new SAMLRequestNotSignedException(e); + throw new SAMLMetadataSignatureException(e); } SignatureValidator sigValidator = new SignatureValidator(cred); @@ -125,14 +81,14 @@ public class EntityVerifier { sigValidator.validate(entityDescriptor.getSignature()); } catch (ValidationException e) { Logger.error("Failed to verfiy Signature", e); - throw new SAMLRequestNotSignedException(e); + throw new SAMLMetadataSignatureException(e); } } public static void verify(EntitiesDescriptor entityDescriptor, - Credential cred) throws MOAIDException { + Credential cred) throws EAAFException { if (entityDescriptor.getSignature() == null) { - throw new SAMLRequestNotSignedException(); + throw new SAMLMetadataSignatureException(); } try { @@ -140,7 +96,7 @@ public class EntityVerifier { sigValidator.validate(entityDescriptor.getSignature()); } catch (ValidationException e) { Logger.error("Failed to validate Signature", e); - throw new SAMLRequestNotSignedException(e); + throw new SAMLMetadataSignatureException(e); } SignatureValidator sigValidator = new SignatureValidator(cred); @@ -149,58 +105,14 @@ public class EntityVerifier { } catch (ValidationException e) { Logger.error("Failed to verfiy Signature", e); - throw new SAMLRequestNotSignedException(e); - } - } - - public static void verify(EntitiesDescriptor entityDescriptor) - throws MOAIDException { - if (entityDescriptor.getSignature() == null) { - throw new SAMLRequestNotSignedException(); - } - - try { - SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); - sigValidator.validate(entityDescriptor.getSignature()); - } catch (ValidationException e) { - Logger.error("Failed to validate Signature", e); - throw new SAMLRequestNotSignedException(e); - } - - List<EntityDescriptor> entities = entityDescriptor - .getEntityDescriptors(); - - if (entities.size() > 0) { - - if (entities.size() > 1) { - Logger.warn("More then one EntityID in Metadatafile with Name " - + entityDescriptor.getName() - + " defined. Actually only the first" - + " entryID is used to select the certificate to perform Metadata verification."); - } - - Credential credential = getSPTrustedCredential(entities.get(0).getEntityID()); - - if (credential == null) { - throw new NoCredentialsException("moaID IDP"); - } - - SignatureValidator sigValidator = new SignatureValidator(credential); - try { - sigValidator.validate(entityDescriptor.getSignature()); - - } catch (ValidationException e) { - Logger.error("Failed to verfiy Signature", e); - throw new SAMLRequestNotSignedException(e); - } + throw new SAMLMetadataSignatureException(e); } } - + public static Credential getSPTrustedCredential(String entityID) throws CredentialsNotAvailableException { - iaik.x509.X509Certificate cert = PVPConfiguration.getInstance() - .getTrustEntityCertificate(entityID); + iaik.x509.X509Certificate cert = getTrustEntityCertificate(entityID); if (cert == null) { throw new CredentialsNotAvailableException("ServiceProvider Certificate can not be loaded from Database", null); @@ -213,5 +125,46 @@ public class EntityVerifier { return credential; } + + private static iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) { + + try { + Logger.trace("Load metadata signing certificate for online application " + entityID); + ISPConfiguration oaParam = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID); + if (oaParam == null) { + Logger.info("Online Application with ID " + entityID + " not found!"); + return null; + } + + String pvp2MetadataCertificateString = + oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + if (MiscUtil.isEmpty(pvp2MetadataCertificateString)) { + Logger.info("Online Application with ID " + entityID + " include not PVP2X metadata signing certificate!"); + return null; + + } + + X509Certificate cert = new X509Certificate(Base64Utils.decode(pvp2MetadataCertificateString, false)); + Logger.debug("Metadata signing certificate is loaded for ("+entityID+") is loaded."); + return cert; + + } catch (CertificateException e) { + Logger.warn("Metadata signer certificate is not parsed.", e); + return null; + + } catch (ConfigurationException e) { + Logger.error("Configuration is not accessable.", e); + return null; + + } catch (IOException e) { + Logger.warn("Metadata signer certificate is not decodeable.", e); + return null; + + } catch (EAAFConfigurationException e) { + Logger.error("Configuration is not accessable.", e); + return null; + + } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java deleted file mode 100644 index f6104bdeb..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java +++ /dev/null @@ -1,197 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.verification; - -import javax.xml.namespace.QName; -import javax.xml.transform.dom.DOMSource; -import javax.xml.validation.Schema; -import javax.xml.validation.Validator; - -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.common.xml.SAMLSchemaBuilder; -import org.opensaml.saml2.core.RequestAbstractType; -import org.opensaml.saml2.core.StatusResponseType; -import org.opensaml.saml2.metadata.IDPSSODescriptor; -import org.opensaml.saml2.metadata.SPSSODescriptor; -import org.opensaml.security.MetadataCriteria; -import org.opensaml.security.SAMLSignatureProfileValidator; -import org.opensaml.xml.security.CriteriaSet; -import org.opensaml.xml.security.credential.UsageType; -import org.opensaml.xml.security.criteria.EntityIDCriteria; -import org.opensaml.xml.security.criteria.UsageCriteria; -import org.opensaml.xml.signature.SignatureTrustEngine; -import org.opensaml.xml.validation.ValidationException; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; -import org.w3c.dom.Element; -import org.xml.sax.SAXException; - -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -@Service("SAMLVerificationEngine") -public class SAMLVerificationEngine { - - @Autowired(required=true) MOAMetadataProvider metadataProvider; - - public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception { - try { - if (msg instanceof MOARequest && - ((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType) - verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine); - - else - verifyIDPResponse(((MOAResponse)msg).getResponse(), sigTrustEngine); - - } catch (InvalidProtocolRequestException e) { - if (MiscUtil.isEmpty(msg.getEntityID())) { - throw e; - - } - Logger.debug("PVP2X message validation FAILED. Relead metadata for entityID: " + msg.getEntityID()); - - if (metadataProvider == null || !metadataProvider.refreshMetadataProvider(msg.getEntityID())) - throw e; - - else { - Logger.trace("PVP2X metadata reload finished. Check validate message again."); - - if (msg instanceof MOARequest && - ((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType) - verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine); - - else - verifyIDPResponse(((MOAResponse)msg).getResponse(), sigTrustEngine); - - } - Logger.trace("Second PVP2X message validation finished"); - } - } - - public void verifyIDPResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine) throws InvalidProtocolRequestException{ - verifyResponse(samlObj, sigTrustEngine, IDPSSODescriptor.DEFAULT_ELEMENT_NAME); - - } - - public void verifySLOResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException { - verifyResponse(samlObj, sigTrustEngine, SPSSODescriptor.DEFAULT_ELEMENT_NAME); - - } - - private void verifyResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine, QName defaultElementName) throws InvalidProtocolRequestException{ - SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); - try { - profileValidator.validate(samlObj.getSignature()); - performSchemaValidation(samlObj.getDOM()); - - } catch (ValidationException e) { - Logger.warn("Signature is not conform to SAML signature profile", e); - throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); - - } catch (SchemaValidationException e) { - throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); - - } - - CriteriaSet criteriaSet = new CriteriaSet(); - criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) ); - criteriaSet.add( new MetadataCriteria(defaultElementName, SAMLConstants.SAML20P_NS) ); - criteriaSet.add( new UsageCriteria(UsageType.SIGNING) ); - - try { - if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) { - throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); - } - } catch (org.opensaml.xml.security.SecurityException e) { - Logger.warn("PVP2x message signature validation FAILED.", e); - throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); - } - } - - public void verifyRequest(RequestAbstractType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException { - SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); - try { - profileValidator.validate(samlObj.getSignature()); - performSchemaValidation(samlObj.getDOM()); - - } catch (ValidationException e) { - Logger.warn("Signature is not conform to SAML signature profile", e); - throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); - - } catch (SchemaValidationException e) { - throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); - - } - - CriteriaSet criteriaSet = new CriteriaSet(); - criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) ); - criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) ); - criteriaSet.add( new UsageCriteria(UsageType.SIGNING) ); - - try { - if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) { - throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); - } - } catch (org.opensaml.xml.security.SecurityException e) { - Logger.warn("PVP2x message signature validation FAILED.", e); - throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); - } - } - - protected void performSchemaValidation(Element source) throws SchemaValidationException { - - String err = null; - try { - Schema test = SAMLSchemaBuilder.getSAML11Schema(); - Validator val = test.newValidator(); - val.validate(new DOMSource(source)); - Logger.debug("Schema validation check done OK"); - return; - - } catch (SAXException e) { - err = e.getMessage(); - if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) - Logger.warn("Schema validation FAILED with exception:", e); - else - Logger.warn("Schema validation FAILED with message: "+ e.getMessage()); - - } catch (Exception e) { - err = e.getMessage(); - if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) - Logger.warn("Schema validation FAILED with exception:", e); - else - Logger.warn("Schema validation FAILED with message: "+ e.getMessage()); - - } - - throw new SchemaValidationException("pvp2.22", new Object[]{err}); - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java index 385fe90fb..d1d8c9368 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java @@ -47,11 +47,12 @@ import org.opensaml.xml.validation.ValidationException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SAMLVerificationEngine; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java deleted file mode 100644 index 3ea124db6..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java +++ /dev/null @@ -1,87 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.verification; - -import java.util.ArrayList; -import java.util.List; - -import org.opensaml.saml2.metadata.provider.MetadataProvider; -import org.opensaml.security.MetadataCredentialResolver; -import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver; -import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver; -import org.opensaml.xml.security.keyinfo.KeyInfoProvider; -import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider; -import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider; -import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider; -import org.opensaml.xml.signature.SignatureTrustEngine; -import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine; -//import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine; -//import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver; - -public class TrustEngineFactory { - -// public static SignatureTrustEngine getSignatureTrustEngine() { -// try { -// MetadataPKIXValidationInformationResolver mdResolver = new MetadataPKIXValidationInformationResolver( -// MOAMetadataProvider.getInstance()); -// -// List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>(); -// keyInfoProvider.add(new DSAKeyValueProvider()); -// keyInfoProvider.add(new RSAKeyValueProvider()); -// keyInfoProvider.add(new InlineX509DataProvider()); -// -// KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( -// keyInfoProvider); -// -// PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine( -// mdResolver, keyInfoResolver); -// -// return engine; -// -// } catch (Exception e) { -// e.printStackTrace(); -// return null; -// } -// } - - public static SignatureTrustEngine getSignatureKnownKeysTrustEngine(MetadataProvider provider) { - MetadataCredentialResolver resolver; - - resolver = new MetadataCredentialResolver(provider); - - List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>(); - keyInfoProvider.add(new DSAKeyValueProvider()); - keyInfoProvider.add(new RSAKeyValueProvider()); - keyInfoProvider.add(new InlineX509DataProvider()); - - KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( - keyInfoProvider); - - ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine( - resolver, keyInfoResolver); - - return engine; - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java index 16b179d89..75ca2ccdf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java @@ -33,11 +33,11 @@ import org.opensaml.saml2.metadata.provider.FilterException; import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.xml.XMLObject; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.MiscUtil; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java index 589713c4b..57f1c2f9a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java @@ -23,23 +23,20 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata; import java.security.cert.CertificateException; -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.saml2.metadata.provider.MetadataFilter; -import org.opensaml.xml.XMLObject; +import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.x509.BasicX509Credential; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.AbstractMetadataSignatureFilter; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier; import at.gv.egovernment.moa.logging.Logger; import iaik.x509.X509Certificate; -public class MetadataSignatureFilter implements MetadataFilter { +public class MetadataSignatureFilter extends AbstractMetadataSignatureFilter { private String metadataURL; private BasicX509Credential savedCredential; @@ -52,111 +49,52 @@ public class MetadataSignatureFilter implements MetadataFilter { savedCredential.setEntityCertificate(cert); } - public void processEntityDescriptorr(EntityDescriptor desc) throws MOAIDException { - -// String entityID = desc.getEntityID(); - - EntityVerifier.verify(desc); - } - - public void processEntitiesDescriptor(EntitiesDescriptor desc) throws MOAIDException { - Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator(); - - if(desc.getSignature() != null) { - EntityVerifier.verify(desc, this.savedCredential); + @Override + protected void verify(EntityDescriptor desc) throws PVP2MetadataException { + try { + EntityVerifier.verify(desc); + + } catch (EAAFException e) { + Logger.info("PVP2 metadata verification FAILED for entity: " + desc.getEntityID() + + " Reason: " + e.getMessage()); + throw new PVP2MetadataException("PVP2 metadata verification FAILED for entity: " + desc.getEntityID(), null, e); } - while(entID.hasNext()) { - processEntitiesDescriptor(entID.next()); - } - - Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator(); + } - List<EntityDescriptor> verifiedEntIT = new ArrayList<EntityDescriptor>(); - - //check every Entity - - while(entIT.hasNext()) { - - EntityDescriptor entity = entIT.next(); - - String entityID = entity.getEntityID(); - - //CHECK if Entity also match MetaData signature. - /*This check is necessary to prepend declaration of counterfeit OA metadata!!*/ - Logger.debug("Validate metadata for entityID: " + entityID + " ..... "); - byte[] entityCert = EntityVerifier.fetchSavedCredential(entityID); - - if (entityCert != null) { + @Override + protected void verify(EntitiesDescriptor desc) throws PVP2MetadataException { + try { + EntityVerifier.verify(desc, this.savedCredential); - X509Certificate cert; - try { - cert = new X509Certificate(entityCert); - BasicX509Credential entityCrendential = new BasicX509Credential(); - entityCrendential.setEntityCertificate(cert); - - EntityVerifier.verify(desc, entityCrendential); - - //add entity to verified entity-list - verifiedEntIT.add(entity); - Logger.debug("Metadata for entityID: " + entityID + " valid"); - - - } catch (Exception e) { - - //remove entity of signature can not be verified. - Logger.info("Entity " + entityID + " is removed from metadata " - + desc.getName() + ". Entity verification error: " + e.getMessage()); -// throw new MOAIDException("The App", null, e); - } - - } else { - //remove entity if it is not registrated as OA - Logger.info("Entity " + entityID + " is removed from metadata " - + desc.getName() + ". Entity is not registrated or no certificate is found!"); -// throw new NoCredentialsException("NO Certificate found for OA " + entityID); - } + } catch (EAAFException e) { + Logger.info("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL + + " Reason: " + e.getMessage()); + throw new PVP2MetadataException("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL, null, e); - //TODO: insert to support signed Entity-Elements - //processEntityDescriptorr(entIT.next()); - } + } - //set only verified entity elements - desc.getEntityDescriptors().clear(); - desc.getEntityDescriptors().addAll(verifiedEntIT); } - - public void doFilter(XMLObject metadata) throws SignatureValidationException { + + @Override + protected void verify(EntityDescriptor entity, EntitiesDescriptor entities) throws PVP2MetadataException { try { - if (metadata instanceof EntitiesDescriptor) { - EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; - if(entitiesDescriptor.getSignature() == null) { - throw new MOAIDException("Root element of metadata file has to be signed", null); - } - processEntitiesDescriptor(entitiesDescriptor); - - - if (entitiesDescriptor.getEntityDescriptors().size() == 0) { - throw new MOAIDException("No valid entity in metadata " - + entitiesDescriptor.getName() + ". Metadata is not loaded.", null); - } - - - } else if (metadata instanceof EntityDescriptor) { - EntityDescriptor entityDescriptor = (EntityDescriptor) metadata; - processEntityDescriptorr(entityDescriptor); + if (entity.isSigned()) { + Logger.debug("EntityDescriptor: " + entity.getEntityID() + " is signed. Starting signature verification ... "); + EntityVerifier.verify(entity); } else { - throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null); + Logger.debug("EntityDescriptor: " + entity.getEntityID() + " is not signed. Verify EntitiesDescriptor by using 'Entity' certificate ... "); + Credential entityCredential = EntityVerifier.getSPTrustedCredential(entity.getEntityID()); + EntityVerifier.verify(entities, entityCredential); + } + } catch (EAAFException e) { + Logger.info("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL + + " Reason: " + e.getMessage()); + throw new PVP2MetadataException("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL, null, e); - - Logger.info("Metadata signature policy check done OK"); - } catch (MOAIDException e) { - Logger.warn("Metadata signature policy check FAILED.", e); - throw new SignatureValidationException(e); } } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java deleted file mode 100644 index caabfea30..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java +++ /dev/null @@ -1,230 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata; - -import java.util.ArrayList; -import java.util.List; - -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.common.Extensions; -import org.opensaml.saml2.core.Attribute; -import org.opensaml.saml2.metadata.AttributeConsumingService; -import org.opensaml.saml2.metadata.EntitiesDescriptor; -import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.saml2.metadata.LocalizedString; -import org.opensaml.saml2.metadata.RequestedAttribute; -import org.opensaml.saml2.metadata.SPSSODescriptor; -import org.opensaml.saml2.metadata.ServiceName; -import org.opensaml.saml2.metadata.provider.FilterException; -import org.opensaml.saml2.metadata.provider.MetadataFilter; -import org.opensaml.samlext.saml2mdattr.EntityAttributes; -import org.opensaml.xml.XMLObject; - -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.Trible; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; -import at.gv.egovernment.moaspss.logging.Logger; - -/** - * @author tlenz - * - */ -public class PVPEntityCategoryFilter implements MetadataFilter { - - - private boolean isUsed = false; - - /** - * Filter to map PVP EntityCategories into a set of single PVP attributes - * - * @param isUsed if true PVP EntityCategories are mapped, otherwise they are ignored - * - */ - public PVPEntityCategoryFilter(boolean isUsed) { - this.isUsed = isUsed; - } - - - /* (non-Javadoc) - * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) - */ - @Override - public void doFilter(XMLObject metadata) throws FilterException { - - if (isUsed) { - Logger.trace("Map PVP EntityCategory to single PVP Attributes ... "); - String entityId = null; - try { - if (metadata instanceof EntitiesDescriptor) { - Logger.trace("Find EnitiesDescriptor ... "); - EntitiesDescriptor entitiesDesc = (EntitiesDescriptor) metadata; - if (entitiesDesc.getEntityDescriptors() != null) { - for (EntityDescriptor el : entitiesDesc.getEntityDescriptors()) - resolveEntityCategoriesToAttributes(el); - - } - - } else if (metadata instanceof EntityDescriptor) { - Logger.trace("Find EntityDescriptor"); - resolveEntityCategoriesToAttributes((EntityDescriptor)metadata); - - - } else - throw new MOAIDException("Invalid Metadata file Root element is no Entities- or EntityDescriptor", null); - - - - } catch (Exception e) { - Logger.warn("SAML2 Metadata processing FAILED: Can not resolve EntityCategories for metadata: " + entityId, e); - - } - - } else - Logger.trace("Filter to map PVP EntityCategory to single PVP Attributes is deactivated"); - - } - - private void resolveEntityCategoriesToAttributes(EntityDescriptor metadata) { - Logger.debug("Resolving EntityCategorie for Entity: " + metadata.getEntityID() + " ..."); - Extensions extensions = metadata.getExtensions(); - if (extensions != null) { - List<XMLObject> listOfExt = extensions.getUnknownXMLObjects(); - if (listOfExt != null && !listOfExt.isEmpty()) { - Logger.trace("Find #" + listOfExt.size() + " 'Extension' elements "); - for (XMLObject el : listOfExt) { - Logger.trace("Find ExtensionElement: " + el.getElementQName().toString()); - if (el instanceof EntityAttributes) { - EntityAttributes entityAttrElem = (EntityAttributes)el; - if (entityAttrElem.getAttributes() != null) { - Logger.trace("Find EntityAttributes. Start attribute processing ..."); - for (Attribute entityAttr : entityAttrElem.getAttributes()) { - if (entityAttr.getName().equals(PVPConstants.ENTITY_CATEGORY_ATTRIBITE)) { - if (!entityAttr.getAttributeValues().isEmpty()) { - String entityAttrValue = entityAttr.getAttributeValues().get(0).getDOM().getTextContent(); - if (PVPConstants.EGOVTOKEN.equals(entityAttrValue)) { - Logger.debug("Find 'EGOVTOKEN' EntityAttribute. Adding single pvp attributes ... "); - addAttributesToEntityDescriptor(metadata, - buildAttributeList(PVPConstants.EGOVTOKEN_PVP_ATTRIBUTES), - entityAttrValue); - - - } else if (PVPConstants.CITIZENTOKEN.equals(entityAttrValue)) { - Logger.debug("Find 'CITIZENTOKEN' EntityAttribute. Adding single pvp attributes ... "); - addAttributesToEntityDescriptor(metadata, - buildAttributeList(PVPConstants.CITIZENTOKEN_PVP_ATTRIBUTES), - entityAttrValue); - - } else - Logger.info("EntityAttributeValue: " + entityAttrValue + " is UNKNOWN!"); - - } else - Logger.info("EntityAttribute: No attribute value"); - - } else - Logger.info("EntityAttribute: " + entityAttr.getName() + " is NOT supported"); - - } - - } else - Logger.info("Can NOT resolve EntityAttributes! Reason: Only EntityAttributes are supported!"); - - } - } - - } else - Logger.trace("'Extension' element is 'null' or empty"); - - } else - Logger.trace("No 'Extension' element found"); - - } - - /** - * @param metadata - * @param attrList - */ - private void addAttributesToEntityDescriptor(EntityDescriptor metadata, List<RequestedAttribute> attrList, String entityAttr) { - SPSSODescriptor spSSODesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); - if (spSSODesc != null) { - if (spSSODesc.getAttributeConsumingServices() == null || - spSSODesc.getAttributeConsumingServices().isEmpty()) { - Logger.trace("No 'AttributeConsumingServices' found. Added it ..."); - - AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class); - attributeService.setIndex(0); - attributeService.setIsDefault(true); - ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); - serviceName.setName(new LocalizedString("Default Service", "en")); - attributeService.getNames().add(serviceName); - - if (attrList != null && !attrList.isEmpty()) { - attributeService.getRequestAttributes().addAll(attrList); - Logger.info("Add " + attrList.size() + " attributes for 'EntityAttribute': " + entityAttr); - - } - - spSSODesc.getAttributeConsumingServices().add(attributeService); - - } else { - Logger.debug("Find 'AttributeConsumingServices'. Starting updating process ... "); - for (AttributeConsumingService el : spSSODesc.getAttributeConsumingServices()) { - Logger.debug("Update 'AttributeConsumingService' with Index: " + el.getIndex()); - - //load currently requested attributes - List<String> currentlyReqAttr = new ArrayList<String>(); - for (RequestedAttribute reqAttr : el.getRequestAttributes()) - currentlyReqAttr.add(reqAttr.getName()); - - - //check against EntityAttribute List - for (RequestedAttribute entityAttrListEl : attrList) { - if (!currentlyReqAttr.contains(entityAttrListEl.getName())) { - el.getRequestAttributes().add(entityAttrListEl); - - } else - Logger.debug("'AttributeConsumingService' already contains attr: " + entityAttrListEl.getName()); - - } - - } - - } - - } else - Logger.info("Can ONLY add 'EntityAttributes' to 'SPSSODescriptor'"); - - } - - private List<RequestedAttribute> buildAttributeList(List<Trible<String, String, Boolean>> attrSet) { - List<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>(); - for (Trible<String, String, Boolean> el : attrSet) - requestedAttributes.add(PVPAttributeBuilder.buildReqAttribute(el.getFirst(), el.getSecond(), el.getThird())); - - return requestedAttributes; - - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java index 4c1da747b..615a0eaa7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java @@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata; import java.security.cert.CertificateException; -import at.gv.egovernment.moa.id.saml2.MetadataFilterChain; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain; /** * @author tlenz diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java deleted file mode 100644 index 83a2b61d2..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java +++ /dev/null @@ -1,106 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata; - -import javax.xml.transform.dom.DOMSource; -import javax.xml.validation.Schema; -import javax.xml.validation.Validator; - -import org.opensaml.common.xml.SAMLSchemaBuilder; -import org.opensaml.saml2.metadata.provider.MetadataFilter; -import org.opensaml.xml.XMLObject; -import org.xml.sax.SAXException; - -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException; -import at.gv.egovernment.moa.logging.Logger; - -/** - * @author tlenz - * - */ -public class SchemaValidationFilter implements MetadataFilter { - - private boolean isActive = true; - - public SchemaValidationFilter() { - try { - isActive = AuthConfigurationProviderFactory.getInstance().isPVPSchemaValidationActive(); - - } catch (ConfigurationException e) { - e.printStackTrace(); - } - } - - /** - * - */ - public SchemaValidationFilter(boolean useSchemaValidation) { - this.isActive = useSchemaValidation; - } - - - /* (non-Javadoc) - * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) - */ - @Override - public void doFilter(XMLObject arg0) throws SchemaValidationException { - - String errString = null; - - if (isActive) { - try { - Schema test = SAMLSchemaBuilder.getSAML11Schema(); - Validator val = test.newValidator(); - DOMSource source = new DOMSource(arg0.getDOM()); - val.validate(source); - Logger.info("Metadata Schema validation check done OK"); - return; - - } catch (SAXException e) { - if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) - Logger.warn("Metadata Schema validation FAILED with exception:", e); - else - Logger.warn("Metadata Schema validation FAILED with message: "+ e.getMessage()); - - errString = e.getMessage(); - - } catch (Exception e) { - if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) - Logger.warn("Metadata Schema validation FAILED with exception:", e); - else - Logger.warn("Metadata Schema validation FAILED with message: "+ e.getMessage()); - - errString = e.getMessage(); - - } - - throw new SchemaValidationException("Metadata Schema validation FAILED with message: "+ errString); - - } else - Logger.info("Metadata Schema validation check is DEACTIVATED!"); - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java index 0df6379b0..405e44112 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java @@ -40,13 +40,19 @@ import org.springframework.transaction.annotation.Transactional; import com.fasterxml.jackson.core.JsonProcessingException; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; @@ -54,11 +60,8 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.commons.utils.JsonMapper; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.id.data.EncryptedData; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.SessionEncrytionUtil; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -68,35 +71,18 @@ import at.gv.egovernment.moa.util.MiscUtil; public class DBAuthenticationSessionStoreage implements IAuthenticationSessionStoreage{ @PersistenceContext(unitName="session") - private EntityManager entityManager; + private EntityManager entityManager; @Autowired AuthConfiguration authConfig; private static JsonMapper mapper = new JsonMapper(); - - //@Autowired MOASessionDBUtils moaSessionDBUtils; - - @Override - public boolean isAuthenticated(String internalSsoSessionID) { - - AuthenticatedSessionStore session; - try { - session = searchInDatabase(internalSsoSessionID); - return session.isAuthenticated(); - - } catch (MOADatabaseException e) { - return false; - } - } - @Override public AuthenticationSession createInternalSSOSession(IRequest target) throws MOADatabaseException, BuildException { String id = Random.nextLongRandom(); try { AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore(); dbsession.setSessionid(id); - dbsession.setAuthenticated(false); //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 Date now = new Date(); @@ -106,9 +92,10 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt //set additional session informations AuthenticationSessionExtensions sessionExt = new AuthenticationSessionExtensions(); sessionExt.setUniqueSessionId(target.getUniqueSessionIdentifier()); - dbsession.setAdditionalInformation(mapper.serialize(sessionExt).getBytes("UTF-8")); + dbsession.setAdditionalInformationBytes(mapper.serialize(sessionExt).getBytes("UTF-8")); - AuthenticationSession session = new AuthenticationSession(id, now, target.getMOASession()); + AuthenticationSession session = new AuthenticationSession(id, now, + (IAuthenticationSession)target.getSessionData(AuthenticationSessionWrapper.class)); encryptSession(session, dbsession); //store AssertionStore element to Database @@ -123,7 +110,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } catch (JsonProcessingException | UnsupportedEncodingException e) { Logger.warn("Extended session information can not be stored.", e); - throw new MOADatabaseException(e); + throw new MOADatabaseException("Extended session information can not be stored.", e); } @@ -153,9 +140,9 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt public AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException { AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); - if (MiscUtil.isNotEmpty(dbsession.getAdditionalInformation())) { + if (dbsession.getAdditionalInformationBytes() != null) { try { - return (AuthenticationSessionExtensions)mapper.deserialize(new String(dbsession.getAdditionalInformation(), "UTF-8"), + return (AuthenticationSessionExtensions)mapper.deserialize(new String(dbsession.getAdditionalInformationBytes(), "UTF-8"), AuthenticationSessionExtensions.class); } catch (Exception e) { @@ -171,7 +158,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt try { AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); - dbsession.setAdditionalInformation( + dbsession.setAdditionalInformationBytes( mapper.serialize(sessionExtensions).getBytes("UTF-8")); entityManager.merge(dbsession); @@ -180,7 +167,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } catch (MOADatabaseException e) { Logger.warn("MOASession could not be stored."); - throw new MOADatabaseException(e); + throw new MOADatabaseException("MOASession could not be stored.", e); } catch (JsonProcessingException | UnsupportedEncodingException e) { Logger.warn("Extended session information can not be stored.", e); @@ -228,12 +215,12 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } @Override - public AuthenticationSession getInternalMOASessionWithSSOID(String SSOSessionID) throws MOADatabaseException { - MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID"); - Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database."); + public String getInternalSSOSessionWithSSOID(String externelSSOId) throws MOADatabaseException { + MiscUtil.assertNotNull(externelSSOId, "SSOsessionID"); + Logger.trace("Get authenticated session with SSOID " + externelSSOId + " from database."); Query query = entityManager.createNamedQuery("getSessionWithSSOID"); - query.setParameter("sessionid", SSOSessionID); + query.setParameter("sessionid", externelSSOId); List<AuthenticatedSessionStore> results = query.getResultList(); Logger.trace("Found entries: " + results.size()); @@ -245,7 +232,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } else try { - return decryptSession(results.get(0)); + return decryptSession(results.get(0)).getSSOSessionID(); } catch (Throwable e) { Logger.warn("MOASession deserialization-exception by using internal MOASessionID=" + results.get(0).getSessionid(), e); @@ -290,11 +277,11 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } @Override - public void addSSOInformation(String moaSessionID, String SSOSessionID, + public void addSSOInformation(String internalSSOSessionID, String externalSSOSessionID, SLOInformationInterface SLOInfo, IRequest protocolRequest) throws AuthenticationException { Query query = entityManager.createNamedQuery("getSessionWithID"); - query.setParameter("sessionid", moaSessionID); + query.setParameter("sessionid", internalSSOSessionID); List<AuthenticatedSessionStore> results = query.getResultList(); Logger.trace("Found entries: " + results.size()); @@ -312,7 +299,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt //check if OA already has an active OA session if (dbsession.getActiveOAsessions() != null) { for (OASessionStore el : dbsession.getActiveOAsessions()) { - if (el.getOaurlprefix().equals(protocolRequest.getOAURL())) + if (el.getOaurlprefix().equals(protocolRequest.getSPEntityId())) activeOA = el; } } @@ -321,7 +308,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt activeOA = new OASessionStore(); //set active OA applications - activeOA.setOaurlprefix(protocolRequest.getOAURL()); + activeOA.setOaurlprefix(protocolRequest.getSPEntityId()); activeOA.setMoasession(dbsession); activeOA.setCreated(new Date()); @@ -353,28 +340,28 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } dbsession.setSSOSession(true); - dbsession.setSSOsessionid(SSOSessionID); - dbsession.setAuthenticated(false); + dbsession.setSSOsessionid(externalSSOSessionID); + dbsession.setAuthenticated(true); //Store MOASession entityManager.merge(dbsession); if (SLOInfo != null) - Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL() + Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getSPEntityId() + " and AssertionID: " + SLOInfo.getSessionIndex()); else - Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL()); + Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getSPEntityId()); } @Override - public List<OASessionStore> getAllActiveOAFromMOASession(IAuthenticationSession moaSession) { - MiscUtil.assertNotNull(moaSession, "MOASession"); + public List<OASessionStore> getAllActiveOAFromMOASession(String ssoSessionId) { + MiscUtil.assertNotNull( ssoSessionId, "MOASession"); - Logger.trace("Get OAs for moaSession " + moaSession.getSessionID() + " from database."); + Logger.trace("Get OAs for moaSession " + ssoSessionId + " from database."); Query query = entityManager.createNamedQuery("getAllActiveOAsForSessionID"); - query.setParameter("sessionID", moaSession.getSessionID()); + query.setParameter("sessionID", ssoSessionId); List<OASessionStore> results = query.getResultList(); Logger.trace("Found entries: " + results.size()); @@ -384,13 +371,13 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } @Override - public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(IAuthenticationSession moaSession) { - MiscUtil.assertNotNull(moaSession, "MOASession"); + public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(String ssoSessionId) { + MiscUtil.assertNotNull( ssoSessionId, "MOASession"); - Logger.trace("Get active IDPs for moaSession " + moaSession.getSessionID() + " from database."); + Logger.trace("Get active IDPs for moaSession " + ssoSessionId + " from database."); Query query = entityManager.createNamedQuery("getAllActiveIDPsForSessionID"); - query.setParameter("sessionID", moaSession.getSessionID()); + query.setParameter("sessionID", ssoSessionId); List<InterfederationSessionStore> results = query.getResultList(); Logger.trace("Found entries: " + results.size()); @@ -399,7 +386,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } @Override - public IAuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) { + public String searchSSOSessionWithNameIDandOAID(String oaID, String userNameID) { MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier"); MiscUtil.assertNotNull(userNameID, "userNameID"); Logger.trace("Get moaSession for userNameID " + userNameID + " and OA " @@ -419,8 +406,10 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } - try { - return decryptSession(results.get(0)); + try { + AuthenticationSession decrytedSession = decryptSession(results.get(0)); + + return decrytedSession.getSSOSessionID(); } catch (BuildException e) { Logger.warn("MOASession deserialization-exception by using MOASessionID=" + results.get(0).getSessionid(), e); @@ -434,11 +423,11 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt MiscUtil.assertNotNull(moaSession, "MOASession"); MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier"); MiscUtil.assertNotNull(protocolType, "usedProtocol"); - Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSessionID() + " with OAID " + Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSSOSessionID() + " with OAID " + oaID + " from database."); Query query = entityManager.createNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol"); - query.setParameter("sessionID", moaSession.getSessionID()); + query.setParameter("sessionID", moaSession.getSSOSessionID()); query.setParameter("oaID", oaID); query.setParameter("protocol", protocolType); List<AuthenticatedSessionStore> results = query.getResultList(); @@ -545,25 +534,25 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } @Override - public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException { + public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException, EAAFConfigurationException { AuthenticatedSessionStore dbsession = null; - AuthenticationSession moaSession = null; + String internalSSOSessionId = null; Date now = new Date(); //search for active session if (MiscUtil.isNotEmpty(req.getInternalSSOSessionIdentifier())) { Logger.debug("Internal SSO-Session object: " + req.getInternalSSOSessionIdentifier() + " used for federated SSO"); - moaSession = getInternalMOASessionWithSSOID(req.getInternalSSOSessionIdentifier()); + internalSSOSessionId = req.getInternalSSOSessionIdentifier(); } else { Logger.debug("No internal SSO-Session object exists for federated SSO --> create new session object"); - moaSession = createInternalSSOSession(req); + internalSSOSessionId = createInternalSSOSession(req).getSSOSessionID(); } - if (moaSession != null) { + if (MiscUtil.isNotEmpty(internalSSOSessionId)) { try { - dbsession = searchInDatabase(moaSession.getSessionID()); + dbsession = searchInDatabase(internalSSOSessionId); }catch (MOADatabaseException e) { Logger.error("NO MOASession found but MOASession MUST already exist!"); @@ -617,7 +606,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt idp.setIdpurlprefix(idpEntityID); idp.setAuthURL(req.getAuthURL()); - IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(idp.getIdpurlprefix()); + IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(idp.getIdpurlprefix(), OAAuthParameterDecorator.class); idp.setStoreSSOInformation(oa.isInterfederationSSOStorageAllowed()); idp.setMoasession(dbsession); idpList.add(idp); @@ -793,7 +782,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt Query query = entityManager.createNamedQuery("getSSOSessionWithOldSessionID"); query.setParameter("sessionid", ssoId); List<OldSSOSessionIDStore> results = query.getResultList(); - + Logger.trace("Found entries: " + results.size()); // Assertion requires an unique artifact diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java index 2395b913d..61c83aaf2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java @@ -37,6 +37,7 @@ import org.hibernate.HibernateException; import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; @@ -240,15 +241,22 @@ public class DBTransactionStorage implements ITransactionStorage { } } - public Object getAssertionStore(String key) throws MOADatabaseException{ + @Override + public Object getRaw(String key) throws MOADatabaseException { return searchInDatabase(key); } @Override - public void putAssertionStore(Object element) throws MOADatabaseException{ - entityManager.merge(element); + public void putRaw(String key, Object element) throws MOADatabaseException { + if (element instanceof AssertionStore) + entityManager.merge(element); + else { + Logger.error("Can not persist Object of type: " + element.getClass().getName()); + throw new RuntimeException("Can not persist Object of type: " + element.getClass().getName()); + + } } private void cleanDelete(AssertionStore element) { @@ -310,7 +318,7 @@ public class DBTransactionStorage implements ITransactionStorage { } catch (BuildException e) { Logger.warn("Sessioninformation could not be stored."); - throw new MOADatabaseException(e); + throw new MOADatabaseException("Can not store data into transaction-storage", e); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java index c8d09e17e..add697a85 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java @@ -25,34 +25,27 @@ package at.gv.egovernment.moa.id.storage; import java.util.Date; import java.util.List; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; /** * @author tlenz * */ public interface IAuthenticationSessionStoreage { - - /** - * Check if the stored MOASession is already authenticated - * - * @param internalSsoSessionID Internal MOA SSO-Session identifier - * @return true if the MOASession is authenticated, otherwise false - */ - public boolean isAuthenticated(String internalSsoSessionID); /** * Create a new MOA SSO-Session object in database @@ -110,13 +103,13 @@ public interface IAuthenticationSessionStoreage { public void setAuthenticated(String internalSsoSessionID, boolean isAuthenticated); /** - * Find the MOASessionId of an active Single Sign-On session + * Find the internal SSO session identifier of an active Single Sign-On session * - * @param SSOSessionID Single Sign-On sessionID - * @return internal MOA SSO-Session of the associated SSO-Session Id + * @param externelSSOId external Single Sign-On sessionID + * @return internal SSO-Session identifier * @throws MOADatabaseException */ - public AuthenticationSession getInternalMOASessionWithSSOID(String SSOSessionID) throws MOADatabaseException; + public String getInternalSSOSessionWithSSOID(String externelSSOId) throws MOADatabaseException; /** * Check if a MOASession is an active Single Sign-On session @@ -151,28 +144,28 @@ public interface IAuthenticationSessionStoreage { /** * Get all Single Sign-On authenticated Service-Provider of a MOASession * - * @param moaSession MOASession data object + * @param ssoSessionId SSO session id * @return List of Service-Provider information */ - public List<OASessionStore> getAllActiveOAFromMOASession(IAuthenticationSession moaSession); + public List<OASessionStore> getAllActiveOAFromMOASession(String ssoSessionId); /** * Get all active interfederation connections for a MOASession * - * @param moaSession MOASession data object + * @param ssoSessionId SSO session id * @return List of Interfederation-IDP information */ - public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(IAuthenticationSession moaSession); + public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(String ssoSessionId); /** - * Search a MOASession by using already transfered authentication information + * Search a SSO session by using already transfered authentication information * * @param oaID Service-Provider identifier, which has received the authentication information * @param userNameID UserId (bPK), which was send to this Service-Provider - * @return MOASession, or null if no corresponding MOASession is found + * @return SSO-session identifier, or null if no corresponding SSO session is found */ - public IAuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID); + public String searchSSOSessionWithNameIDandOAID(String oaID, String userNameID); /** * Search a active Single Sign-On session for a specific Service-Provider @@ -220,8 +213,9 @@ public interface IAuthenticationSessionStoreage { * @throws MOADatabaseException * @throws AssertionAttributeExtractorExeption * @throws BuildException + * @throws EAAFConfigurationException */ - public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException; + public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException, EAAFConfigurationException; /** * Search an active federation IDP which could be used for federated Single Sign-On by using an AttributeQuery diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java deleted file mode 100644 index 51a36d426..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.storage; - -import java.util.Date; -import java.util.List; - -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; - -/** - * @author tlenz - * - */ -public interface ITransactionStorage { - - /** - * Check if transaction storage contains a data object with a specific key - * - * @param key Key, which identifies a data object - * @return true if key is found, otherwise false - */ - public boolean containsKey(String key); - - /** - * Store a data object with a key to transaction storage - * - * @param key Id which identifiers the data object - * @param value Data object which should be stored. - * This data must implement the <code>java.io.Serializable</code> interface - * @param timeout_ms Defines the period of time a data object is kept within the storage - * @throws MOADatabaseException In case of store operation failed - */ - public void put(String key, Object value, int timeout_ms) throws MOADatabaseException; - - /** - * Get a data object from transaction storage - * - * @param key key Id which identifiers the data object - * @return The transaction-data object, or null - * @throws MOADatabaseException In case of load operation failed - */ - public Object get(String key) throws MOADatabaseException; - - /** - * Get a data object from transaction storage - * - * @param key Id which identifiers the data object - * @param clazz The class type which is stored with this key - * @return The transaction-data object from type class, or null - * @throws MOADatabaseException In case of load operation failed - */ - public <T> T get(String key, final Class<T> clazz) throws MOADatabaseException; - - /** - * Get a data object from transaction storage - * - * @param key Id which identifiers the data object - * @param clazz The class type which is stored with this key - * @param Data-object timeout in [ms] - * @return The transaction-data object from type class, or null - * @throws MOADatabaseException In case of load operation failed - * @throws AuthenticationException In case of data-object timeout occurs - */ - public <T> T get(String key, final Class<T> clazz, long dataTimeOut) throws MOADatabaseException, AuthenticationException; - - - /** - * Change the key of a data object and store it under the new key - * - * @param oldKey Old key of the data object - * @param newKey New key, which should be used to store the data object - * @param value Data object which should be stored - * @throws MOADatabaseException In case of store operation failed - */ - public void changeKey(String oldKey, String newKey, Object value) throws MOADatabaseException; - - /** - * Remove a data object from transaction storage - * - * @param key Id which identifiers the data object - */ - public void remove(String key); - - /** - * Get all entries for Clean-up the transaction storage - * - * @param now Current time - * @param dataTimeOut Data-object timeout in [ms] - * @return List of entry-keys which as a timeout - */ - public List<String> clean(Date now, long dataTimeOut); - - - /** - * Get whole AssertionStoreObject, required for SLO - * <br> - * <b>IMPORTANT:</b> This method does NOT decrypt information before storage - * - * @param key key Id which identifiers the data object - * @return The transaction-data object, or null - * @throws MOADatabaseException In case of load operation failed - */ - public Object getAssertionStore(String key) throws MOADatabaseException; - - /** - * Put whole AssertionStoreObject to db, required for SLO - * <br> - * <b>IMPORTANT:</b> This method does NOT encrypt information before storage - * - * @param element assertion store object - */ - public void putAssertionStore(Object element) throws MOADatabaseException; - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java index 2b9a6656b..8d36e81bb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java @@ -39,6 +39,8 @@ import org.springframework.data.redis.core.SessionCallback; import org.springframework.data.redis.serializer.JacksonJsonRedisSerializer; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; @@ -351,12 +353,13 @@ private AssertionStore prepareAssertion(AssertionStore element, String key, Obje } @Override -public Object getAssertionStore(String key) throws MOADatabaseException { +public Object getRaw(String key) throws EAAFException { return searchInDatabase(key); + } @Override -public void putAssertionStore(Object element) throws MOADatabaseException { +public void putRaw(String key, Object element) throws EAAFException { // TODO Auto-generated method stub AssertionStore as = (AssertionStore)element; final int expTime = redisTemplate.getExpire(as.getArtifact(), TimeUnit.MILLISECONDS).intValue(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java index 84d40f619..8fdf1eab8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java @@ -37,6 +37,7 @@ import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.DatabaseEncryptionException; import at.gv.egovernment.moa.id.data.EncryptedData; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java deleted file mode 100644 index 655675f00..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.util; - -import java.util.Locale; - -import at.gv.egovernment.moa.id.auth.exception.BKUException; -import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.ProcessExecutionException; -import at.gv.egovernment.moa.util.Messages; -import at.gv.egovernment.moa.util.MiscUtil; - -/** - * @author tlenz - * - */ -public class ErrorResponseUtils { - - public static final String INTERNALERRORCODE = "9199"; - - private static ErrorResponseUtils instance = null; - private static final String[] DEFAULT_MESSAGE_RESOURCES = - { "resources/properties/protocol_response_statuscodes" }; - private static final Locale[] DEFAULT_MESSAGE_LOCALES = - new Locale[] { new Locale("de", "AT") }; - private Messages messages = null; - - - public static ErrorResponseUtils getInstance() { - if (instance == null) { - instance = new ErrorResponseUtils(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES); - - } - return instance; - } - - private ErrorResponseUtils(String[] resourceNames, Locale[] locales) { - this.messages = new Messages(resourceNames, locales); - } - - public String getResponseErrorCode(Throwable throwable) { - String errorCode = null; - - if (throwable instanceof BKUException) { - BKUException error = (BKUException) throwable; - errorCode = mapInternalErrorToExternalError(error.getMessageId()) + - error.getBkuErrorCode(); - - } else if (throwable instanceof MISSimpleClientException) { - MISSimpleClientException error = (MISSimpleClientException) throwable; - - if (MiscUtil.isNotEmpty(error.getMISErrorCode())) - errorCode = mapInternalErrorToExternalError(error.getMessageId()) + - error.getMISErrorCode(); - else - errorCode = mapInternalErrorToExternalError(error.getMessageId()); - - } else if (throwable instanceof MOAIDException) { - MOAIDException error = (MOAIDException) throwable; - errorCode = mapInternalErrorToExternalError(error.getMessageId()); - - } else if (throwable instanceof ProcessExecutionException) { - errorCode = "1100"; - - } else { - errorCode = INTERNALERRORCODE; - - } - - return errorCode; - - } - - public String mapInternalErrorToExternalError(String intErrorCode) { - String extErrorCode = messages.getMessage(intErrorCode, null); - - if (MiscUtil.isEmpty(extErrorCode)) - extErrorCode = INTERNALERRORCODE; - - return extErrorCode; - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java deleted file mode 100644 index 4cb6af127..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java +++ /dev/null @@ -1,196 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.util; - -/** - * HTTP Utilities - * - * @author Rudolf Schamberger - * @version $Id$ - */ - -import java.io.BufferedInputStream; -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.io.Reader; -import java.net.HttpURLConnection; -import java.net.URL; - -import javax.servlet.http.HttpServletRequest; - -import org.apache.regexp.RE; -import org.apache.regexp.RESyntaxException; - -import at.gv.egovernment.moa.util.StringUtils; - -/** - * - * @author Rudolf Schamberger - * - */ -public class HTTPUtils { - - /** - * Utility used to obtainin correct encoded HTTP content. - * Reads a given Content adressed by HTTP-URL into String. - * Content encoding is considered by using the Content-Type HTTP header charset value. - * @param URL HTTP URL to read from. - * @return String representation of content - * @throws IOException on data-reading problems - */ - public static String readHttpURL(String URL) - throws IOException { - - URL url = new URL(URL); - HttpURLConnection conn = (HttpURLConnection)url.openConnection(); - conn.setRequestMethod("GET"); - String contentType = conn.getContentType(); - RE regExp = null; - try { - regExp = new RE("(;.*charset=)(\"*)(.*[^\"])"); - } catch (RESyntaxException e) { - //RESyntaxException is not possible = expr. is costant - } - boolean charsetSupplied = regExp.match(contentType); - String encoding = "ISO-8859-1"; //default HTTP encoding - if (charsetSupplied) { - encoding = regExp.getParen(3); - } - InputStream instream = new BufferedInputStream(conn.getInputStream()); - InputStreamReader isr = new InputStreamReader(instream, encoding); - Reader in = new BufferedReader(isr); - int ch; - StringBuffer buffer = new StringBuffer(); - while ((ch = in.read()) > -1) { - buffer.append((char)ch); - } - in.close(); - conn.disconnect(); - return buffer.toString(); - } - - /** - * Helper method to retrieve server URL including context path - * @param request HttpServletRequest - * @return Server URL including context path (e.g. http://localhost:8443/moa-id-auth - */ - public static String getBaseURL(HttpServletRequest request) { - StringBuffer buffer = new StringBuffer(getServerURL(request)); - - // add context path if available - String contextPath = request.getContextPath(); - if (!StringUtils.isEmpty(contextPath)) { - buffer.append(contextPath); - } - - return buffer.toString(); - } - - /** - * Helper method to retrieve server URL - * @param request HttpServletRequest - * @return Server URL (e.g. http://localhost:8443) - */ - public static String getServerURL(HttpServletRequest request) { - StringBuffer buffer = new StringBuffer(); - - // get protocol - String protocol = request.getScheme(); - buffer.append(protocol).append("://"); - - // server name - buffer.append(request.getServerName()); - - // add port if necessary - int port = request.getServerPort(); - if ((protocol.equals("http") && port != 80) || (protocol.equals("https") && port != 443)) { - buffer.append(':'); - buffer.append(port); - } - - return buffer.toString(); - } - - /** - * Extract the IDP PublicURLPrefix from authrequest - * - * @param req HttpServletRequest - * @return PublicURLPrefix <String> which ends always without / - */ - public static String extractAuthURLFromRequest(HttpServletRequest req) { - String authURL = req.getScheme() + "://" + req.getServerName(); - if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { - authURL = authURL.concat(":" + req.getServerPort()); - } - authURL = authURL.concat(req.getContextPath()); - return authURL; - - } - - /** - * Extract the IDP requested URL from authrequest - * - * @param req HttpServletRequest - * @return RequestURL <String> which ends always without / - */ - public static String extractAuthServletPathFromRequest(HttpServletRequest req) { - return extractAuthURLFromRequest(req).concat(req.getServletPath()); - - } - - public static String addURLParameter(String url, String paramname, - String paramvalue) { - String param = paramname + "=" + paramvalue; - if (url.indexOf("?") < 0) - return url + "?" + param; - else - return url + "&" + param; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java index 81041260c..d8114f19d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java @@ -35,6 +35,7 @@ import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; @@ -57,7 +58,6 @@ import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse; import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse; import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.MiscUtil; public class IdentityLinkReSigner { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java new file mode 100644 index 000000000..10e22c806 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java @@ -0,0 +1,205 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.util; + +import java.io.IOException; +import java.util.Properties; + +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; +import at.gv.egovernment.moa.id.data.AuthenticationRole; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Service("MOAIDLoALevelMapper") +public class LoALevelMapper implements ILoALevelMapper{ + + private static final String PVP_SECCLASS_PREFIX = "http://www.ref.gv.at/ns/names/agiz/pvp/"; + private static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/"; + private static final String eIDAS_QAA_PREFIX = "http://eidas.europa.eu/"; + + private static final String MAPPING_RESOURCE = + "resources/properties/pvp-stork_mapping.properties"; + + private static final String MAPPING_SECCLASS_PREFIX = "secclass_"; + private static final String MAPPING_EIDAS_PREFIX = "eidas_"; + + private Properties mapping = null; + + public LoALevelMapper() { + try { + mapping = new Properties(); + mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE)); + Logger.debug("PVP -> STORK Role mapping initialisation finished."); + + } catch (IOException e) { + Logger.error("PVP -> STORK Role mapping initialisation FAILED." , e); + mapping = null; + + } + + + } + + public String mapToeIDASLoA(String qaa) { + if (qaa.startsWith(STORK_QAA_PREFIX)) + return mapSTORKQAAToeIDASQAA(qaa); + + else if (qaa.startsWith(PVP_SECCLASS_PREFIX)) + return mapSTORKQAAToeIDASQAA(mapSecClassToQAALevel(qaa)); + + else if (qaa.startsWith(MAPPING_EIDAS_PREFIX)) + return qaa; + + else { + Logger.info("QAA: " + qaa + " is NOT supported by LoA level mapper"); + return null; + + } + + } + + public String mapToSecClass(String qaa) { + if (qaa.startsWith(STORK_QAA_PREFIX)) + return mapStorkQAAToSecClass(qaa); + + else if (qaa.startsWith(MAPPING_EIDAS_PREFIX)) + return mapStorkQAAToSecClass(mapeIDASQAAToSTORKQAA(qaa)); + + else if (qaa.startsWith(PVP_SECCLASS_PREFIX)) + return qaa; + + else { + Logger.info("QAA: " + qaa + " is NOT supported by LoA level mapper"); + return null; + + } + + } + + + /** + * Map STORK QAA level to eIDAS QAA level + * + * @param storkQAA STORK QAA level + * @return + */ + public String mapSTORKQAAToeIDASQAA(String storkQAA) { + if (mapping != null) { + String input = storkQAA.substring(STORK_QAA_PREFIX.length()); + String mappedQAA = mapping.getProperty(MAPPING_EIDAS_PREFIX + input); + if (MiscUtil.isNotEmpty(mappedQAA)) { + Logger.info("Map STORK-QAA " + storkQAA + " to eIDAS-QAA " + mappedQAA); + return mappedQAA; + + } + } + Logger.warn("No eIDAS-QAA mapping for STORK-QAA " + storkQAA +" !"); + return null; + + } + + /** + * Map eIDAS QAA-level to STORK QAA-level + * + * @param qaaLevel eIDAS QAA-level + * @return STORK QAA-level + */ + public String mapeIDASQAAToSTORKQAA(String qaaLevel) { + if (mapping != null) { + String input = qaaLevel.substring(eIDAS_QAA_PREFIX.length()); + String mappedQAA = mapping.getProperty(input); + if (MiscUtil.isNotEmpty(mappedQAA)) { + Logger.info("Map eIDAS-QAA " + qaaLevel + " to STORK-QAA " + mappedQAA); + return mappedQAA; + + } + } + Logger.warn("No eIDAS-QAA mapping for eIDAS-QAA " + qaaLevel +" !"); + return null; + } + + /**Map a STORK QAA level to PVP SecClass + * + * @param STORK-QAA level + * @return PVP SecClass pvpQAALevel + */ + public String mapStorkQAAToSecClass(String storkQAALevel) { + if (mapping != null) { + String input = storkQAALevel.substring(STORK_QAA_PREFIX.length()); + String mappedQAA = mapping.getProperty(MAPPING_SECCLASS_PREFIX + input); + if (MiscUtil.isNotEmpty(mappedQAA)) { + Logger.info("Map STORK-QAA " + storkQAALevel + " to PVP SecClass " + mappedQAA); + return mappedQAA; + + } + } + Logger.warn("No mapping for STORK-QAA " + storkQAALevel +" !"); + return null; + } + + /**Map a PVP SecClass to STORK QAA level + * + * @param PVP SecClass pvpQAALevel + * @return STORK-QAA level + */ + public String mapSecClassToQAALevel(String pvpQAALevel) { + if (mapping != null) { + String input = pvpQAALevel.substring(PVP_SECCLASS_PREFIX.length()); + String mappedQAA = mapping.getProperty(input); + if (MiscUtil.isNotEmpty(mappedQAA)) { + Logger.info("Map PVP SecClass " + pvpQAALevel + " to STORK-QAA " + mappedQAA); + return mappedQAA; + + } + } + Logger.warn("No mapping for PVP SecClass " + pvpQAALevel +" !"); + return null; + } + + /**Map a PVP Role attribute to STORK ECAuthenticationRole attribute values + * + * @param PVP Role attribute + * @return STORK ECAuthenticationRole attribute value + */ + public String map(AuthenticationRole el) { + if (mapping != null) { + //String ecRole = mapping.getProperty(el.getRawRoleString()); + String ecRole = mapping.getProperty(el.getRoleName()); + if (MiscUtil.isNotEmpty(ecRole)) { + //Logger.info("Map PVPRole " + el.getRawRoleString() + " to ECRole " + ecRole); + Logger.info("Map PVPRole " + el.getRoleName() + " to ECRole " + ecRole); + return ecRole; + } + } + //Logger.warn("NO mapping for PVPRole "+ el.getRawRoleString() + " !"); + Logger.warn("NO mapping for PVPRole "+ el.getRoleName() + " !"); + return null; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index 885d03fd8..a44d8c1b6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -62,13 +62,13 @@ import javax.xml.parsers.ParserConfigurationException; import org.xml.sax.SAXException;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
@@ -522,6 +522,7 @@ public class ParamValidatorUtils extends MOAIDAuthConstants{ String bkuURL = req.getParameter(PARAM_BKU);
String useMandate = req.getParameter(PARAM_USEMANDATE);
String ccc = req.getParameter(PARAM_CCC);
+ String useeIDAS = req.getParameter("useeIDAS");
// check parameter
@@ -532,6 +533,8 @@ public class ParamValidatorUtils extends MOAIDAuthConstants{ throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
if (!ParamValidatorUtils.isValidUseMandate(useMandate))
throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
+ if (!ParamValidatorUtils.isValidUseMandate(useeIDAS))
+ throw new WrongParametersException("StartAuthentication", "useeIDAS", "auth.12");
if (!ParamValidatorUtils.isValidCCC(ccc))
throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
@@ -539,7 +542,7 @@ public class ParamValidatorUtils extends MOAIDAuthConstants{ return false;
}
- if (StringUtils.isEmpty(bkuURL))
+ if (StringUtils.isEmpty(bkuURL) && StringUtils.isEmpty(useeIDAS))
return false;
else
return true;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java deleted file mode 100644 index 88a64bd07..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.util; - -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotAllowedException; - -/** - * @author tlenz - * - */ -public class QAALevelVerifier { - - public static void verifyQAALevel(String qaaAuth, String qaaRequest) throws QAANotAllowedException { - - Integer qaaA = Integer.valueOf(qaaAuth.substring(PVPConstants.STORK_QAA_PREFIX.length())); - Integer qaaR = Integer.valueOf(qaaRequest.substring(PVPConstants.STORK_QAA_PREFIX.length())); - - if (qaaA < qaaR) - throw new QAANotAllowedException(qaaAuth, qaaRequest); - - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java deleted file mode 100644 index 38c384c3a..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java +++ /dev/null @@ -1,187 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.util; - - -import java.nio.ByteBuffer; -import java.security.SecureRandom; -import java.text.DateFormat; -import java.text.SimpleDateFormat; -import java.util.Date; - -import org.apache.commons.codec.binary.Hex; - -import com.google.common.primitives.Bytes; - -import iaik.security.random.SeedGenerator; - - -/** - * Random number generator used to generate ID's - * @author Paul Ivancsics - * @version $Id$ - */ -public class Random { - - - private final static char[] allowedPreFix = - {'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z', - 'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z'}; - private static final DateFormat dateFormater = new SimpleDateFormat("yyyyddMM"); - - /** random number generator used */ - //private static SecureRandom random = new SecureRandom(); - private static SecureRandom random; - private static SeedGenerator seedgenerator; - - static { - random = iaik.security.random.SHA256FIPS186Random.getDefault(); - seedgenerator = iaik.security.random.AutoSeedGenerator.getDefault(); - - } - - /** - * Generate a unique process reference-value [160bit], which always starts with a letter - * <br> - * This unique ID consists of single letter, a 64bit date String[yyyyddMM], - * and a 88bit random value. - * - * @return 160bit ID, which is hex encoded - */ - public static String nextProcessReferenceValue() { - //pre-process all three parts of a unique reference value - String now = dateFormater.format(new Date()); //8 bytes = 64bit - byte[] randValue = nextByteRandom(11); - char preFix = allowedPreFix[Math.abs(random.nextInt() % allowedPreFix.length)]; - - //generate ID - String returnValue = preFix + new String(Hex.encodeHex(Bytes.concat(now.getBytes(), randValue))); // 20 bytes = 160 bits - if (returnValue.length() > 40) - return returnValue.substring(0, 40); - else - return returnValue; - - } - - - - /** - * Creates a new random number [256bit], and encode it as hex value. - * - * @return random hex encoded value [256bit] - */ - public static String nextHexRandom32() { - return new String(Hex.encodeHex(nextByteRandom(32))); // 32 bytes = 256 bits - - } - - /** - * Creates a new random number [128bit], and encode it as hex value. - * - * @return random hex encoded value [128bit] - */ - public static String nextHexRandom16() { - return new String(Hex.encodeHex(nextByteRandom(16))); // 16 bytes = 128 bits - - } - - /** - * Creates a new random number [64bit], to be used as an ID. - * - * @return random long as a String [64bit] - */ - public static String nextLongRandom() { - return "".concat(String.valueOf(Math.abs(generateLongRandom(32)))); // 32 bytes = 256 bits - - } - - /** - * Creates a new random number, to be used as an ID. - * - * @return random long as a String [64bit] - */ - @Deprecated - public static String nextRandom() { - long l = ByteBuffer.wrap(nextByteRandom(32)).getLong(); // 32 bytes = 256 bits - return "" + Math.abs(l); - - } - -/** - * Creates a new random byte[] - * - * @param size Size of random number in byte - * @return - */ -public static byte[] nextBytes(int size) { - return nextByteRandom(size); - -} - - public static void seedRandom() { - - if (seedgenerator.seedAvailable()) - random.setSeed(seedgenerator.getSeed()); - } - - private static long generateLongRandom(int size) { - return ByteBuffer.wrap(nextByteRandom(size)).getLong(); - } - - /** - * Generate a new random number - * - * @param size Size of random number in byte - * @return - */ - private static synchronized byte[] nextByteRandom(int size) { - byte[] b = new byte[size]; - random.nextBytes(b); - return b; - - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index cd700c74a..611dff3b1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -89,6 +89,43 @@ public class SSLUtils { } + public static SSLSocketFactory getSSLSocketFactory( + ConfigurationProvider conf, String url ) + throws IOException, GeneralSecurityException, ConfigurationException, PKIException { + + // else create new SSLSocketFactory + String trustStoreURL = conf.getTrustedCACertificates(); + + if (trustStoreURL == null) + throw new ConfigurationException( + "config.08", new Object[] {"TrustedCACertificates"}); + + String acceptedServerCertURL = ""; + + //INFO: MOA-ID 2.x always use defaultChainingMode + + try { + SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory( + url, + null, + trustStoreURL, + acceptedServerCertURL, + AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(), + AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(), + AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder(), + null, + null, + "pkcs12"); + + return ssf; + + } catch (SSLConfigurationException e) { + throw new ConfigurationException(e.getErrorID(), e.getParameters(), e.getE()); + + } + } + + /** * Creates an <code>SSLSocketFactory</code> which utilizes an * <code>IAIKX509TrustManager</code> for the given trust store, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java deleted file mode 100644 index a4d79ac05..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java +++ /dev/null @@ -1,69 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -/** - * - */ -package at.gv.egovernment.moa.id.util; - -import javax.servlet.http.HttpServletRequest; - -public class ServletUtils { - - - public static String getBaseUrl( HttpServletRequest request ) { - if ( ( request.getServerPort() == 80 ) || - ( request.getServerPort() == 443 ) ) - return request.getScheme() + "://" + - request.getServerName() + - request.getContextPath(); - else - return request.getScheme() + "://" + - request.getServerName() + ":" + request.getServerPort() + - request.getContextPath(); - } - -} diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index 6a5ce2171..14d4d9fb6 100644 --- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder +++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -1,17 +1,9 @@ -at.gv.egovernment.moa.id.protocols.builder.attributes.BirthdateAttributeBuilder -at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder -at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIssuingNationAttributeBuilder -at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder -at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSectorForIDAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate -at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePIN -at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePINType at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder -at.gv.egovernment.moa.id.protocols.builder.attributes.GivenNameAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.MandateFullMandateAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder @@ -27,7 +19,4 @@ at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepOIDAttribute at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeOIDAttributeBuilder -at.gv.egovernment.moa.id.protocols.builder.attributes.PrincipalNameAttributeBuilder -at.gv.egovernment.moa.id.protocols.builder.attributes.PVPVersionAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey -at.gv.egovernment.moa.id.protocols.builder.attributes.EIDeIDASQAALevelAttributeBuilder diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule index 5116c2a08..5116c2a08 100644 --- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule +++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml index ba8c47304..6f32926e0 100644 --- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml +++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml @@ -15,21 +15,40 @@ <task:annotation-driven executor="MOA-ID-Auth_TaskExecutor" scheduler="MOA-ID-Auth_Scheduler"/> <task:executor id="MOA-ID-Auth_TaskExecutor" pool-size="5"/> <task:scheduler id="MOA-ID-Auth_Scheduler" pool-size="10"/> - - <bean id="processEngine" class="at.gv.egovernment.moa.id.process.ProcessEngineImpl"> - <property name="transitionConditionExpressionEvaluator"> - <bean class="at.gv.egovernment.moa.id.process.springweb.SpringWebExpressionEvaluator" /> - </property> - </bean> - + <!-- import auth modules --> <import resource="classpath*:**/*.authmodule.beans.xml" /> - <bean id="moduleRegistration" class="at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration" factory-method="getInstance" /> - <context:component-scan base-package="at.gv.egovernment.moa.id.auth.servlet" /> <context:component-scan base-package="at.gv.egovernment.moa.id.protocols" /> + <bean id="PVPIDPCredentialProvider" + class="at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider" /> + + <bean id="PVP2XProtocol" + class="at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol"> + <property name="pvpIDPCredentials"> + <ref bean="PVPIDPCredentialProvider" /> + </property> + </bean> + + <bean id="pvpMetadataService" + class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.MetadataAction"> + <property name="pvpIDPCredentials"> + <ref bean="PVPIDPCredentialProvider" /> + </property> + </bean> + + <bean id="PVPAuthenticationRequestAction" + class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AuthenticationAction"> + <property name="pvpIDPCredentials"> + <ref bean="PVPIDPCredentialProvider" /> + </property> + </bean> + + <bean id="MOAAuthnRequestValidator" + class="at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator" /> + <bean id="MOAID_AuthenticationManager" class="at.gv.egovernment.moa.id.moduls.AuthenticationManager"/> @@ -42,17 +61,15 @@ <bean id="MOAID_SSOManager" class="at.gv.egovernment.moa.id.moduls.SSOManager"/> + <bean id="moaGUIConfigurationFactory" + class="at.gv.egovernment.moa.id.auth.frontend.MOAIDGuiBilderConfigurationFactory" /> + <bean id="UserWhiteList_Store" + class="at.gv.egovernment.moa.id.config.auth.data.UserWhitelistStore"/> <bean id="AuthenticationSessionStoreage" class="at.gv.egovernment.moa.id.storage.DBAuthenticationSessionStoreage"/> - - <bean id="RequestStorage" - class="at.gv.egovernment.moa.id.moduls.RequestStorage"/> - - <bean id="ProcessInstanceStoreage" - class="at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl"/> - + <bean id="MOAReversionLogger" class="at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger"/> @@ -62,6 +79,12 @@ <bean id="MOAGarbageCollector" class="at.gv.egovernment.moa.id.auth.MOAGarbageCollector"/> + <bean id="MOAIDLoALevelMapper" + class="at.gv.egovernment.moa.id.util.LoALevelMapper"/> + + <bean id="MOASAML2SubjectNameIDGenerator" + class="at.gv.egovernment.moa.id.auth.builder.MOAIDSubjectNameIdGenerator" /> + <!-- <bean id="taskExecutor" class="org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor"> <property name="corePoolSize" value="5" /> <property name="maxPoolSize" value="10" /> @@ -76,21 +99,17 @@ <bean id="EvaluateBKUSelectionTask" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.EvaluateBKUSelectionTask" scope="prototype"/> - - <bean id="RestartAuthProzessManagement" - class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.RestartAuthProzessManagement" - scope="prototype"/> - - <bean id="FinalizeAuthenticationTask" - class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.FinalizeAuthenticationTask" - scope="prototype"/> - + <bean id="GenerateSSOConsentEvaluatorFrameTask" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GenerateSSOConsentEvaluatorFrameTask" scope="prototype"/> <bean id="EvaluateSSOConsentsTaskImpl" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.EvaluateSSOConsentsTaskImpl" + scope="prototype"/> + + <bean id="UserRestrictionTask" + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask" scope="prototype"/> <beans profile="advancedLogOn"> diff --git a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml index 9c27ba581..b23948688 100644 --- a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml +++ b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml @@ -11,6 +11,8 @@ <context:property-placeholder location="${moa.id.configuration}"/> + <bean id="MOAIDMessageProvider" class="at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider" /> + <bean id="moaidauthconfig" class="at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider"> <constructor-arg value="#{systemProperties['moa.id.configuration']}"/> </bean> diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 4205f2175..66b9be341 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -52,6 +52,8 @@ auth.31=Federated authentication FAILED. No information for AttributeQuery, mayb auth.32=Federated authentication FAILED. No configuration for IDP {0}
auth.33=Federated authentication FAILED. Configuration of IDP {0} does not allow inbound messages.
auth.34=Federated authentication FAILED. Configuration of IDP {0} is marked as BusinessService-IDP, but Public-Service attributes are requested.
+auth.35=Der Anmeldevorgang wurde automatisiert abgebrochen, da der Benutzer nicht für dieses Onlineapplikation berechtigt ist.
+auth.36=Der Anmeldevorgang wurde automatisiert abgebrochen, da der gew\u00E4hlte Authentifizierungsprozess nicht mehr zur Verf\u00FCgung steht. (Msg:{0})
init.00=MOA-ID-Auth wurde erfolgreich gestartet
init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar
@@ -59,6 +61,7 @@ init.02=Fehler beim Starten des Service MOA-ID-Auth init.04=Fehler beim Datenbankzugriff mit der SessionID {0}
internal.00=W\u00e4hrend des Anmeldevorgangs wurde ein nicht erlaubter Prozesszustand erreicht wodurch der Anmeldeprozess aus sicherheitsgr\u00FCnden abgebrochen wurde.
+internal.01=W\u00e4hrend des Abmeldevorgangs wurde ein nicht erlaubter Prozesszustand erreicht wodurch der Abmeldeprozess abgebrochen wurde.
config.00=MOA ID Konfiguration erfolgreich geladen: {0}
config.01=Umgebungsvariable "moa.id.configuration" nicht gesetzt
@@ -110,6 +113,8 @@ builder.06=Fehler beim generieren der Anmeldedaten aus SSO IDP Interfederation I builder.07=Fehlerhaftes SecurityLayer Template.
builder.08=Authentication process could NOT completed. Reason: {0}
builder.09=Can not build GUI component. Reason: {0}
+builder.10=Can not create or update SSO session. SSO NOT POSSIBLE
+builder.11=Fehler beim generieren der Anmeldedaten f\u00FCr die Online Applikation
service.00=Fehler beim Aufruf des Web Service: {0}
service.01=Fehler beim Aufruf des Web Service: kein Endpoint
@@ -153,7 +158,7 @@ validator.03=Der Namespace eines \u00F6ffentlicher Schl\u00FCssels ist ung\u00FC validator.04=Es wurde ein SAML\:Attribut ohne \u00F6ffentlichen Schl\u00FCssel gefunden {0}
validator.05=Es wurde {0} keine DSIG:Signature gefunden
-validator.06=Die Signatur ist ung\u00FCltig
+validator.06=Die Signatur ist ung\u00FCltig. Operation: {0}
validator.07=Das Zertifikat der Personenbindung ist ung\u00FCltig.<br>{0}
validator.08=Das Manifest ist ung\u00FCltig
validator.09=Die \u00F6ffentlichen Schl\u00FCssel des Identitiy Link stimmen nicht mit dem retournierten Zertifikat \u00FCberein
@@ -293,7 +298,7 @@ pvp2.13=Interner Server Fehler pvp2.14=SAML Anfrage verweigert
pvp2.15=Keine Metadateninformation gefunden
pvp2.16=Fehler beim verschl\u00FCsseln der PVP2 Assertion
-pvp2.17=Der QAA Level {0} entspricht nicht dem angeforderten QAA Level {1}
+pvp2.17=Der QAA Level {0} entspricht nicht dem angeforderten QAA Level {1} im Matching-Mode {2}
pvp2.18=Es konnten nicht alle Single Sign-On Sessions beendet werden.
pvp2.19=Der Single LogOut Vorgang musste wegen eines unkorregierbaren Fehler abgebrochen werden.
pvp2.20=F\u00FCr die im Request angegebene EntityID konnten keine g\u00FCltigen Metadaten gefunden werden.
@@ -301,12 +306,13 @@ pvp2.21=Die Signature des Requests konnte nicht g\u00FCltig validiert werden. pvp2.22=Der Request konnte nicht g\u00FCltig validiert werden (Fehler\={0}).
pvp2.23={0} ist keine gueltige AssertionConsumerServiceURL oder entspricht nicht den Metadaten.
pvp2.24=Der Request konnte nicht verarbeitet werden (Fehler\={0}).
+pvp2.25=Fehler beim Validieren der PVP2 Metadaten
##add status codes!!!!
sp.pvp2.00=Can not build PVP AuthnRequest for {0} {1}. No valid SingleSignOnService endpoint found.
-sp.pvp2.01=Can not build PVP AuthnRequest for {0} {0}. IDP is not allowed for federated authentication.
-sp.pvp2.02=Can not build PVP AuthnRequest for {0} {0}. IDP has no (valid) metadata.
+sp.pvp2.01=Can not build PVP AuthnRequest for {0}. IDP is not allowed for federated authentication.
+sp.pvp2.02=Can not build PVP AuthnRequest for {0}. IDP has no (valid) metadata.
sp.pvp2.03=Receive PVP Response from {0} with unsupported Binding.
sp.pvp2.04=Receive invalid PVP Response from {0}. No PVP metadata found.
sp.pvp2.05=Receive invalid PVP Response from {0} {1}. StatusCode:{2} Msg:{3}.
@@ -317,6 +323,7 @@ sp.pvp2.09=Receive invalid PVP Response from {0} {1}. StatusCodes:{2} {3} Msg:{4 sp.pvp2.10=Receive invalid PVP Response from {0}. No valid assertion included.
sp.pvp2.11=Receive invalid PVP Response from {0}. Assertion decryption FAILED.
sp.pvp2.12=Receive invalid PVP Response from {0}. Msg:{1}
+sp.pvp2.13=Can not build PVP AuthnRequest for {0}. Internal processing error.
oauth20.01=Fehlerhafte redirect url
oauth20.02=Fehlender oder ung\u00FCltiger Parameter "{0}"
@@ -332,7 +339,19 @@ oauth20.10=Protokollspezifische Authentifizierungsinformationen konnten nicht ge slo.00=Sie konnten erfolgreich von allen Online-Applikation abgemeldet werden.
slo.01=Sie konnten NICHT erfolgreich von allen Online-Applikationen abgemeldet werden\!<BR>Bitte schlie\u00DFen Sie aus sicherheitsgr\u00FCnden Ihren Browser.
slo.02=Es wurde keine aktive SSO Session gefunden oder Sie sind bei keiner Online-Applikation angemeldet.
+slo.03=Der Single LogOut Prozess konnte nicht weitergef\u00FChrt oder abgeschlossen werden\!<BR>Bitte schlie\u00DFen Sie aus sicherheitsgr\u00FCnden Ihren Browser.
process.01=Fehler beim Ausf\u00FChren des Prozesses.
process.02=Fehler beim Erstellen eines geeigneten Prozesses f\u00FCr die SessionID {0}.
process.03=Fehler beim Weiterf\u00FChren es Prozesses. Msg:{0}
+process.03=Fehler beim Ausf\u00FChren des Prozesses. Interner state ung\u00FCltig.
+
+sl20.00=Allgemeiner Fehler w\u00e4hrend SL2.0 Authentifizierung. Msg: {0}
+sl20.01=Fehler beim Generieren des SL2.0 Kommandos. Msg: {0}
+sl20.02=Fehler beim Parsen des SL2.0 Kommandos. Msg: {0}
+sl20.03=Fehlende Konfiguration im SL2.0 Modul. Msg: {0}
+sl20.04=Http request enth\u00e4lt keinen SL2.0 Transportcontainer.
+sl20.05=Fehler beim Validieren eines JWS oder JWE Tokens. Reason: {0}.
+sl20.06=Http transport-binding error. Reason: {0}
+sl20.07=Fehler beim Validieren der eID information. Type: {0} Reason: {1}
+sl20.08=SL2.0 Teilnehmer antwortet mit einem Fehler. Code: {0} Reason: {1}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index 0a37fdc91..b878eadf3 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -32,6 +32,8 @@ auth.31=4400 auth.32=4401 auth.33=4401 auth.34=4401 +auth.35=1111 +auth.36=1111 init.00=9199 init.01=9199 @@ -39,6 +41,7 @@ init.02=9199 init.04=9101 internal.00=9199 +internal.01=9199 config.00=9199 config.01=9199 @@ -88,6 +91,8 @@ builder.06=4400 builder.07=9002 builder.08=1008 builder.09=9103 +builder.10=1009 +builder.11=9102 service.00=4300 service.03=4300 @@ -103,6 +108,7 @@ service.10=4500 process.01=9104 process.02=9104 process.03=9105 +process.03=9104 sp.pvp2.00=4501 sp.pvp2.01=4501 @@ -117,6 +123,7 @@ sp.pvp2.09=4503 sp.pvp2.10=4502 sp.pvp2.11=4502 sp.pvp2.12=4502 +sp.pvp2.13=4501 validator.00=1102 validator.01=1102 @@ -247,12 +254,26 @@ pvp2.22=6105 pvp2.23=6105 pvp2.24=6105 +slo.00=1100 +slo.01=1100 +slo.02=1100 +slo.03=1100 oauth20.01=6200 oauth20.06=1000 oauth20.09=9005 oauth20.10=9102 +sl20.00=14999 +sl20.01=14000 +sl20.02=14001 +sl20.03=14800 +sl20.04=14001 +sl20.05=xxxxx +sl20.06=xxxxx +sl20.07=xxxxx +sl20.08=xxxxx + ##Map MIS/BKU statuscodes to MOA-ID-Auth statuscodes mis.301=1005 bku.6001=1005
\ No newline at end of file diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java new file mode 100644 index 000000000..1ea057186 --- /dev/null +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java @@ -0,0 +1,87 @@ +package at.gv.egovernment.moa.id.config.auth.data; + +import java.io.ByteArrayInputStream; +import java.util.Arrays; +import java.util.List; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.util.Base64Utils; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_basic_user_whitelist.xml") +public class AuthenticationDataBuilderTest { + + @Autowired private AuthenticationDataBuilder authBuilder; + + private static final String DUMMY_IDL = "PHNhbWw6QXNzZXJ0aW9uIEFzc2VydGlvbklEPSJzenIuYm1pLmd2LmF0LUFzc2VydGlvbklEMTUyNzY2OTEwMDU5MTI3NDQiIElzc3VlSW5zdGFudD0iMjAxOC0wNS0zMFQxMDozMTo0MCswMTowMCIgSXNzdWVyPSJodHRwOi8vcG9ydGFsLmJtaS5ndi5hdC9yZWYvc3pyL2lzc3VlciIgTWFqb3JWZXJzaW9uPSIxIiBNaW5vclZlcnNpb249IjAiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphc3NlcnRpb24iIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJubWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOmVjZHNhPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSMiIHhtbG5zOnNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSI+Cgk8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+CgkJPHNhbWw6U3ViamVjdD4KCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KCQkJCTxzYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjA6Y206c2VuZGVyLXZvdWNoZXM8L3NhbWw6Q29uZmlybWF0aW9uTWV0aG9kPgoJCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE+CgkJCQkJPHByOlBlcnNvbiBzaTp0eXBlPSJwcjpQaHlzaWNhbFBlcnNvblR5cGUiPjxwcjpJZGVudGlmaWNhdGlvbj48cHI6VmFsdWU+dHFDUUVDNytBcUdFZWVMMzkwVjVKZz09PC9wcjpWYWx1ZT48cHI6VHlwZT51cm46cHVibGljaWQ6Z3YuYXQ6YmFzZWlkPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24+PHByOk5hbWU+PHByOkdpdmVuTmFtZT5NYXg8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPk11c3Rlcm1hbm48L3ByOkZhbWlseU5hbWU+PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4xOTQwLTAxLTAxPC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj4KCQkJCTwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KCQkJPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJPC9zYW1sOlN1YmplY3Q+Cgk8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXplblB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJ1cm46cHVibGljaWQ6Z3YuYXQ6bmFtZXNwYWNlczppZGVudGl0eWxpbms6MS4yIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT48ZHNpZzpSU0FLZXlWYWx1ZT48ZHNpZzpNb2R1bHVzPnMwWmhkR2E4REgwSW1iTlU3aTRxdDRtR25CUEFlTDk5Q0dkZmRCOEhWWE5CNWd3d2VMY1o5WE1TWUJvUHFHdFVqemh6S29zRkN5M0sNCmpsSEVrejB0L3JQemhOVGRsVjJRN0FGWEZlT2g3M3dPajQ3R1B2T2lVNzdwQjE3WnJaOHlObW1JTTEyUVE5MVN0RGFWRkUra0dxUEkNCmNFZHZiZk94blU4aGNpa3lYcWVheFZVV3oxbVdXTnRveUwyWG5wa1U0QkZVQnU1NWg5S2tYVEFQcnBUbEFMZjkvRDFKamZWb05tamwNCnBLWXh6Q3JBSmE4Sno4Ui9sNis0U0U3YXc3dGZuazNZUXkxcFVmNWZmellkeXZQS2ZxVTBUTUVKLzdpOW1ORHFCZlVwcVhBRWowdWUNCkpvRWs0UC9pa2Q5UnZuVUlsU0V1NzFHMyt1VEluSXBaaTd2UG93PT08L2RzaWc6TW9kdWx1cz48ZHNpZzpFeHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PjwvZHNpZzpSU0FLZXlWYWx1ZT48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJPGRzaWc6U2lnbmF0dXJlPgoJCTxkc2lnOlNpZ25lZEluZm8+CgkJCTxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+CgkJCTxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIgLz4KCQkJPGRzaWc6UmVmZXJlbmNlIFVSST0iIj4KCQkJCTxkc2lnOlRyYW5zZm9ybXM+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQk8ZHNpZzpYUGF0aD5ub3QoYW5jZXN0b3Itb3Itc2VsZjo6cHI6SWRlbnRpZmljYXRpb24pPC9kc2lnOlhQYXRoPgoJCQkJCTwvZHNpZzpUcmFuc2Zvcm0+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+CgkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCTxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIiAvPgoJCQkJPGRzaWc6RGlnZXN0VmFsdWU+QmVIdUFyYXUzSFVQcXg5dHV3QTRGaDNOSDB3PTwvZHNpZzpEaWdlc3RWYWx1ZT4KCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPGRzaWc6UmVmZXJlbmNlIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNNYW5pZmVzdCIgVVJJPSIjbWFuaWZlc3QiPgoJCQkJPGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiIC8+CgkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5mVEUrMjRnRHlkUlgvd0p2QlAxOUlucU54Rkk9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQk8L2RzaWc6UmVmZXJlbmNlPgoJCTwvZHNpZzpTaWduZWRJbmZvPgoJCTxkc2lnOlNpZ25hdHVyZVZhbHVlPgogICAgUHpLMWR2N2JFMGhQcGxlc1ZaRFhHSWxhbTlUK0JxWkd4ZWs5RHVuYkhNK21GWWI3a1NaZTN2eEszUmhRZjNBV3djbXFtVWZPRlJObg0KWndxYnovNGRZd2hJRld6VGdMelVmMlZkR0JsN2szbS8wSmJXSkV1bEtobE5vV2ZSTkRrdTRZcmI2THVrWjdaQzJFcWd2UXYxa1BRTg0Kb1BvQ1I5d3hUc1RKWFNCaHdLc0lERG9vZHY3aUVpWGFCM0xmVHQrQWdYdEdvbWRRaktjby9WamJSSzRUUEkvQUVNVU1KWm9zZlJYMg0KdmE2U1BaUnV4QjBlWkwwVGVzYittRjlFaUlOVnNTSU9nbTVSRE95V1ZRZkJnVG9nYjNoWmlLVmh0a1IvaWlSNmhZNlA2b1cwTDh4ag0KMG5ZVldPRHAxSlJML3Z0ZDFhUklVYzNCQTJQaFkrRmdJR1FHTUE9PQogIDwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlGdXpDQ0JLT2dBd0lCQWdJREdTa2VNQTBHQ1NxR1NJYjNEUUVCQlFVQU1JR2ZNUXN3Q1FZRFZRUUdFd0pCDQpWREZJTUVZR0ExVUVDZ3cvUVMxVWNuVnpkQ0JIWlhNdUlHWXVJRk5wWTJobGNtaGxhWFJ6YzNsemRHVnRaU0JwDQpiU0JsYkdWcmRISXVJRVJoZEdWdWRtVnlhMlZvY2lCSGJXSklNU0l3SUFZRFZRUUxEQmxoTFhOcFoyNHRZMjl5DQpjRzl5WVhSbExXeHBaMmgwTFRBeU1TSXdJQVlEVlFRRERCbGhMWE5wWjI0dFkyOXljRzl5WVhSbExXeHBaMmgwDQpMVEF5TUI0WERURTFNRGN5T0RFMU5Ea3dOVm9YRFRJd01EY3lPREV6TkRrd05Wb3dnYll4Q3pBSkJnTlZCQVlUDQpBa0ZVTVI0d0hBWURWUVFLREJWRVlYUmxibk5qYUhWMGVtdHZiVzFwYzNOcGIyNHhJakFnQmdOVkJBc01HVk4wDQpZVzF0ZW1Gb2JISmxaMmx6ZEdWeVltVm9iMlZ5WkdVeExqQXNCZ05WQkFNTUpWTnBaMjVoZEhWeWMyVnlkbWxqDQpaU0JFWVhSbGJuTmphSFYwZW10dmJXMXBjM05wYjI0eEZUQVRCZ05WQkFVVERETXlOVGt5T0RNeU16azVPREVjDQpNQm9HQ1NxR1NJYjNEUUVKQVF3TlpITnJRR1J6YXk1bmRpNWhkRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEDQpnZ0VQQURDQ0FRb0NnZ0VCQU4rZEJTRUJHajJqVVhJSzFNcDNsVnhjL1phK3BKTWl5S3JYM0cxWnhnWC9pa3g3DQpEOXNjc1BZTXQ0NzNMbEFXbDljbUNiSGJKSytQVjJYTk5kVVJMTVVDSVgrNHZVTnMyTUhlRFRRdFg4QlhqSkZwDQp3SllTb2FSSlEzOUZWUy8xcjVzV2NyYTlIaGRtN3c1R3R4LzJ1a3lEWDBrZGt4YXdraFA0RVFFemkvU0krRnVnDQpuK1dxZ1ExbkFkbGJ4Yi9kY0J3NXcxaDliM2xtdXdVZjR6M29vUVdVRDJEZ0Eva0tkMUtlak5SNDNtTFVzbXZTDQp6ZXZQeFQ5enM3OHBPUjFPYWNCN0lzelRWSlBYZU9FYWFOWkhubkIvVWVPM2c4TEVWLzNPa1hjVWdjTWtiSUlpDQphQkhsbGw3MVBxMENPajlrcWpYb2U3T3JSakxZNWkzS3dPcGE2VE1DQXdFQUFhT0NBZVV3Z2dIaE1CRUdBMVVkDQpEZ1FLQkFoTUNBNmVHdlMxdWpBT0JnTlZIUThCQWY4RUJBTUNCTEF3RGdZSEtpZ0FDZ0VIQVFRREFRSC9NQk1HDQpBMVVkSXdRTU1BcUFDRWtjV0RwUDZBMERNQWtHQTFVZEV3UUNNQUF3RkFZSEtpZ0FDZ0VCQVFRSkRBZENVMEl0DQpSRk5MTUg4R0NDc0dBUVVGQndFQkJITXdjVEJHQmdnckJnRUZCUWN3QW9ZNmFIUjBjRG92TDNkM2R5NWhMWFJ5DQpkWE4wTG1GMEwyTmxjblJ6TDJFdGMybG5iaTFqYjNKd2IzSmhkR1V0YkdsbmFIUXRNREpoTG1OeWREQW5CZ2dyDQpCZ0VGQlFjd0FZWWJhSFIwY0RvdkwyOWpjM0F1WVMxMGNuVnpkQzVoZEM5dlkzTndNRlFHQTFVZElBUk5NRXN3DQpTUVlHS2lnQUVRRVNNRDh3UFFZSUt3WUJCUVVIQWdFV01XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrDQpiMk56TDJOd0wyRXRjMmxuYmkxQmJYUnpjMmxuYm1GMGRYSXdnWjRHQTFVZEh3U0JsakNCa3pDQmtLQ0JqYUNCDQppb2FCaDJ4a1lYQTZMeTlzWkdGd0xtRXRkSEoxYzNRdVlYUXZiM1U5WVMxemFXZHVMV052Y25CdmNtRjBaUzFzDQphV2RvZEMwd01peHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wDQpQMkpoYzJVL2IySnFaV04wWTJ4aGMzTTlaV2xrUTJWeWRHbG1hV05oZEdsdmJrRjFkR2h2Y21sMGVUQU5CZ2txDQpoa2lHOXcwQkFRVUZBQU9DQVFFQUhRM1pDTXRBYmF6ZU1IbVdBMnpoWWxIcUhnS1ZvY1ZYRURnbU5tV0xHcUZlDQo4RUFERklzOHVHcmt0Qm1XQ1VJWGJYczdUSGNmeHMySjQ3dkh1Y29wc2RrYWJObFhFanpuZFJmbmMrMVZJbmJvDQp6TXJZZDdqZUROVEsvdElqaU9FWWRyeUlwZWtWOUNmYXc3eXU2bWVmTXpldTFhQXdmN0JuSy9odWl3SlduZW5wDQpCN2lEL1B2WittenVDN1JOZkpmRisrU3RpQlR4aTNWWXhOR01qTTFjVThHdzlWV2MwUjNFdWpPYVhXZ0NDOGk1DQpGR2hWdk9ZaE5YZnN4SlhiTnhld0VDanBBTHZEbEZMTCtpQzQ5RytBRFNvUnYwU2s5MU9QdStjSW1DajNyczNRDQp0YXNJL3A5TFlhY0c2Yy9nSTN0RTBpaHFnOVJic0tIWFFsM1BPdkVSSkE9PTwvZHNpZzpYNTA5Q2VydGlmaWNhdGU+PC9kc2lnOlg1MDlEYXRhPjwvZHNpZzpLZXlJbmZvPgoJCTxkc2lnOk9iamVjdD4KCQkJPGRzaWc6TWFuaWZlc3QgSWQ9Im1hbmlmZXN0Ij4KCQkJCTxkc2lnOlJlZmVyZW5jZSBVUkk9IiI+CgkJCQkJPGRzaWc6VHJhbnNmb3Jtcz4KCQkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQkJPGRzaWc6WFBhdGg+bm90KGFuY2VzdG9yLW9yLXNlbGY6OmRzaWc6U2lnbmF0dXJlKTwvZHNpZzpYUGF0aD4KCQkJCQkJPC9kc2lnOlRyYW5zZm9ybT4KCQkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCQk8ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIgLz4KCQkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5wM1pwS1BvK0ZYT3ZXdEhidFJzR2VLWm9lSTQ9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPC9kc2lnOk1hbmlmZXN0PgoJCTwvZHNpZzpPYmplY3Q+Cgk8L2RzaWc6U2lnbmF0dXJlPgo8L3NhbWw6QXNzZXJ0aW9uPg=="; + + @Test + public void dummyTest() throws Exception { + + + } + + + @Test + public void buildAuthDataWithIDLOnly() throws Exception { + TestRequestImpl pendingReq = new TestRequestImpl(); + DummyOAConfig oaParam = new DummyOAConfig(); + oaParam.setHasBaseIdTransferRestriction(false); + oaParam.setTarget("urn:publicid:gv.at:cdid+ZP-MH"); + oaParam.setForeignbPKSectors(Arrays.asList("wbpk+FN+195738a")); + pendingReq.setSpConfig(oaParam); + + IAuthenticationSession session = new DummyAuthSession(); + session.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL, false))).parseIdentityLink()); + pendingReq.setRawDataToTransaction(session.getKeyValueRepresentationFromAuthSession()); + + + IMOAAuthData authData = (IMOAAuthData) authBuilder.buildAuthenticationData(pendingReq); + + if (!authData.getFamilyName().equals("Mustermann")) + throw new Exception("Familyname wrong"); + + if (!authData.getGivenName().equals("Max")) + throw new Exception("GivenName wrong"); + + if (!authData.getFormatedDateOfBirth().equals("1940-01-01")) + throw new Exception("DateOfBirth wrong"); + + + if (!authData.getIdentificationValue().equals("tqCQEC7+AqGEeeL390V5Jg==")) + throw new Exception("baseId wrong"); + + if (!authData.getIdentificationType().equals("urn:publicid:gv.at:baseid")) + throw new Exception("baseIdType wrong"); + + + if (!authData.getBPK().equals("DJ6nGg2JgcPH768BhqTNXVsGhOY=")) + throw new Exception("bPK wrong"); + + if (!authData.getBPKType().equals("urn:publicid:gv.at:cdid+ZP-MH")) + throw new Exception("bPKType wrong"); + + + List<String> foreignbPKs = authData.getEncbPKList(); + if (foreignbPKs.isEmpty()) + throw new Exception("NO foreign bPK list is null"); + + if (foreignbPKs.size() != 1) + throw new Exception("NO or MORE THAN ONE foreign bPK"); + + if (!foreignbPKs.get(0).startsWith("(wbpk+FN+195738a|") && !(foreignbPKs.get(0).endsWith(")"))) + throw new Exception("foreign bPK has wrong prefix"); + + } + +} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java new file mode 100644 index 000000000..befaa9bd7 --- /dev/null +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java @@ -0,0 +1,460 @@ +package at.gv.egovernment.moa.id.config.auth.data; + +import java.io.IOException; +import java.net.URI; +import java.net.URL; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Properties; + +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; +import at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IStorkConfig; +import at.gv.egovernment.moa.id.commons.api.data.ProtocolAllowed; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.util.config.EgovUtilPropertiesConfiguration; + +public class DummyAuthConfig implements AuthConfiguration { + + @Override + public String getRootConfigFileDir() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDefaultChainingMode() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getTrustedCACertificates() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isTrustmanagerrevoationchecking() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String[] getActiveProfiles() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Properties getGeneralPVP2ProperiesConfig() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Properties getGeneralOAuth20ProperiesConfig() { + // TODO Auto-generated method stub + return null; + } + + @Override + public ProtocolAllowed getAllowedProtocols() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Map<String, String> getConfigurationWithPrefix(String Prefix) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getConfigurationWithKey(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getBasicConfiguration(String key) { + if (UserRestrictionTask.CONFIG_PROPS_CSV_USER_FILE.equals(key)) { + String current; + try { + current = new java.io.File( "." ).getCanonicalPath(); + return "file:" + current + "/src/test/resources/BPK-Whitelist_20180607.csv"; + } catch (IOException e) { + e.printStackTrace(); + } + + } else if (UserRestrictionTask.CONFIG_PROPS_CSV_USER_SECTOR.equals(key)) { + return "urn:publicid:gv.at:cdid+ZP-MH"; + + } + + + return null; + } + + @Override + public String getBasicConfiguration(String key, String defaultValue) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) { + Map<String, String> result = new HashMap<String, String>(); + if (AuthenticationDataBuilder.CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS.equals(prefix)) { + result.put("BMI+T1", "MIICuTCCAaGgAwIBAgIEWQMr6TANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARyb290MB4XDTE3MDQyODExNDgyN1oXDTE4MDQyODExNDgyN1owDzENMAsGA1UEAwwEcm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKavdekY9h6te6UoCvahSKqhlNk+ZMGq1aBvj129J10wJoz3BsO86cK/ounvzrE9g6FOOeEtlb/lRRTwhO601o9/dXhIvSalpKgAF4owTuhxKUEhEUNJr4pUxFSm8OkPHEXqSXsn6W7tg/G0r12z246RAApw5jpzDDdYYY8gEZFXURf1xYnbKFPoNlPIyFj0vN7Afe+Fo8v3Brb05iQkC3wBxMnL2LZ7XLK8uu93VG/mOrUrEtZkFzOWg0c3WBKQgxCD/F5BMouXBSsNu7lzV2qEyX0uIiEQrv75Fk32DjQqx41S31lByFnL8YbYWX4lsCv0O9Smhjrn6+k91JsvcDECAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAb4wDQYJKoZIhvcNAQELBQADggEBAAFQVd6PHrpBDTw+YUYj3yOgjFlKiSTEb4s59O74CZGbgElE2k36bqEJwki8W2ZiK+L3aeA1XCYF9cuI8QBWHJXg3UQFtDMF2zieOy/BBEA0HN6q4IjQKbt9cNR3w7nMp+lJ/BUlX6AIqfmSgJ6bKVlUsu4yuhstDBXy7QOAuQ8q76qkk7j6uiahWCyBRb5R9TDj7mQn0nM/tbeUUZa7Mxje/W4YhdatNYasTnExCyEE4S6lpSiJQdrkFGlRWp6Ia41/r6GZsAZ6pss+xyxDbJySqbVn2ro6WV4kMbrh/gX1HbmrF5UGIO/qvM+5yM6+wUfLtqPCK0PtLkI940E3WfM="); + result.put("wbpk+FN+468924i", "MIIDCzCCAfMCBFr9aB4wDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxEzARBgNVBAsMCnZpZHAuZ3YuYXQxFzAVBgNVBAMMDlNBTUwyIG1ldGFkYXRhMB4XDTE4MDUxNzExMzE0MloXDTE5MDUxNzExMzE0MlowSjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxEzARBgNVBAsMCnZpZHAuZ3YuYXQxFzAVBgNVBAMMDlNBTUwyIG1ldGFkYXRhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi5yyZCJCW2MLQKmupDZTQBNItpIqMlLNAUMF5U8vwJ0uoAWqetOyJ65Q9Wx9TixcIIxXa+0qA/7xVr44LoE4sRXZtZvkS5TGXUgD81FLXU5WJdeJQeUa63TdKjpdcL6wCbMIDs+2fDClIB7gKUV7S56NMhdiQzfW6OLFFQyfu6aXzpLcAOqq+FVo5paPjvGNgmVGwMS/4W0c8FeaPceno98rjslYslKUu3gCMezhYmvson7fEsgRf6s/Ko4pZev4rK7N+ib25g0x0L+gJkq6gb46wH4TBemXr/WTi5II1pxdG0CuLLKewDgMCymeneXPFIewiIPF9ydSPdq2XsHlTwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBbNeQGGDB0RjWRtCoMPQ1tF4pTMOy1QXd362Qx6kbuScEsG/9fGLE3mgpyLx3zyjX/pP0hkVtygDu/5684KEj0aJ65dx6kgFkmvLNq4YUpvQUBjylQHmpO4fsL57q8ZMnoWow8rX4g18sP8lHvW1g+tfWa3r+RRN/NlHm0RYb559xq7NgfPu11gxp9O6RsSkrf0IkWnJ1dit4bx7RR8PY+ZZjPAfg8/eAZ98DSP8FPdlLkKQvRV5NCIjG4tU5tIV4z5yvZ/npdKMdqjiQxmA002U+inOzCcciRRZSdXhYgqvkuMEHYsaoGlLwj+wJbEviobPpWxcEeQoqEwIj6QpwX"); + result.put("wbpk+FN+195738a", "MIIF2TCCA8GgAwIBAgIEL2AV4zANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMC\r\n" + + "QVQxSDBGBgNVBAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUg\r\n" + + "aW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSDEYMBYGA1UECwwPYS1zaWduLWxp\r\n" + + "Z2h0LTA1MRgwFgYDVQQDDA9hLXNpZ24tbGlnaHQtMDUwHhcNMTgwNjA4MTA0MzEy\r\n" + + "WhcNMjMwNjA4MDg0MzEyWjBoMQswCQYDVQQGEwJBVDEbMBkGA1UEAwwSZS1UcmVz\r\n" + + "b3IgRnJlbWQtYlBLMRIwEAYDVQQEDAlGcmVtZC1iUEsxETAPBgNVBCoMCGUtVHJl\r\n" + + "c29yMRUwEwYDVQQFEwwxMTc3MDQwMzU4MjUwggEgMA0GCSqGSIb3DQEBAQUAA4IB\r\n" + + "DQAwggEIAoIBAQC9jQHCrCK4r8bKsist/h53yP7RzqDZhDGy3j6BLiGMGeQ8Qekf\r\n" + + "k+Onmy6k7PfOfBZgiOd/Zs8JXZMISycz5/G9WJp0d1iFjmRDNWmM4MEN8k+mAnW+\r\n" + + "Omn7sTJStaL5hRME/YdJpI/k08MasQuc13M6i6szpKA0eMfLf0nTWgEWt5e/x3Gj\r\n" + + "+Br7dxYtv8RDeHHVhk5EkXwbhuVi9fO/UCNEAEsKCkiTGCwVRek/c+LQ42cnuLKN\r\n" + + "Kg4LKJaIrr9uyMkibYpDZi1nXwQR9Jxsg4lzfpyAvSJIZtqMN0C66cwnzflLt9M8\r\n" + + "GwO08KzvONEo4oiodKx7IcMGGbjukHX2NY7BAgERo4IBZzCCAWMwdAYIKwYBBQUH\r\n" + + "AQEEaDBmMDsGCCsGAQUFBzAChi9odHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMv\r\n" + + "YS1zaWduLWxpZ2h0LTA1LmNydDAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AuYS10\r\n" + + "cnVzdC5hdC9vY3NwMBMGA1UdIwQMMAqACEhCh7VWr5ysMB0GA1UdEQQWMBSBEnRl\r\n" + + "Y2huaWtAYS10cnVzdC5hdDARBgNVHQ4ECgQIRnNIDj8iCQcwDgYDVR0PAQH/BAQD\r\n" + + "AgSwMAkGA1UdEwQCMAAwTQYDVR0gBEYwRDBCBgYqKAARAQkwODA2BggrBgEFBQcC\r\n" + + "ARYqaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3MvY3AvYS1zaWduLWxpZ2h0MDoG\r\n" + + "A1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwuYS10cnVzdC5hdC9jcmwvYS1zaWdu\r\n" + + "LWxpZ2h0LTA1MA0GCSqGSIb3DQEBCwUAA4ICAQAh7plfW9U3hh5brYS0OmWhKJrM\r\n" + + "jBDn9TyKsdetZ3AU3/GJONSq1GrZbTv6dq6vAH0G20cNQaLSNl2/9U3WBqX2T2Ik\r\n" + + "vek8925+9HAFRVZiwnNX5CT0dQGNkqkagVzfd8dj8n+KiQZZZN9WroR9MoRXNlw1\r\n" + + "DERzlXLlYFtK+F4323LtbolSLnN793p/6al4k8RheKG0Jy+pEtpCy6KNohkl34ZE\r\n" + + "xtGrQLrJDtRtbCJcJ1t2fsM8iP9vi+K+0hOolIM7qwELRftwhvLyB+Gtlke2zLod\r\n" + + "SR0AA6fLoNISdKpSEIu1OJ88R70T3q3sEYWLHc8GHPO6WjaF/tq8iI/lPeUc0c2u\r\n" + + "gZOpH6Q3jWZo9UmhAbcyIwQTtVg9lS35EM3xPt+GC9DTsyNkTJObICZXUGsUswCp\r\n" + + "Vj76888biAR/ey9pr6fctj11w4jEwOP5pIcKdv1vX6KZl58O8kIUV3IUbvFY/M1n\r\n" + + "bfCrmm8uT4780NAIv3v8jgB/wK6EjntXoACPyGwB3lbdWJ2lZ4y5QCYEbW/8LLzJ\r\n" + + "6kGERNrFGBn4pK8GhZg8Tq1GigOyUrGteHeYUylKqLRoIvby53tYHnMx5fS/N/OU\r\n" + + "uKuAqGNHDTNkYI2jWhS6gFjUdTiaVVdKo/GSS4eDU5hsKOBRHTKWLT9E1DryCUkD\r\n" + + "u4SwB63SrCEshSczfA==\r\n"); + + } + + return result; + } + + @Override + public int getTransactionTimeOut() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public int getSSOCreatedTimeOut() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public int getSSOUpdatedTimeOut() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public String getAlternativeSourceID() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getLegacyAllowedProtocols() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException { + if (useTestTrustStore) + return "MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten"; + else + return "MOAIDBuergerkarteAuthentisierungsDaten"; + } + + @Override + public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public ConnectionParameterInterface getMoaSpConnectionParameter() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public ConnectionParameterInterface getOnlineMandatesConnectionParameter(IOAAuthParameters oaParameters) + throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore) throws ConfigurationException { + if (useTestTrustStore) + return "MOAIDBuergerkartePersonenbindungMitTestkarten"; + else + return "MOAIDBuergerkartePersonenbindung"; + } + + @Override + public List<String> getTransformsInfos() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getSLRequestTemplates() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSLRequestTemplates(String type) throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getDefaultBKUURLs() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDefaultBKUURL(String type) throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSSOTagetIdentifier() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSSOFriendlyName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSSOSpecialText() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMOASessionEncryptionKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMOAConfigurationEncryptionKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isIdentityLinkResigning() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getIdentityLinkResigningKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isMonitoringActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getMonitoringTestIdentityLinkURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMonitoringMessageSuccess() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isAdvancedLoggingActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List<String> getPublicURLPrefix() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isVirtualIDPsEnabled() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isPVP2AssertionEncryptionActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isCertifiacteQCActive() { + return true; + } + + @Override + public IStorkConfig getStorkConfig() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public EgovUtilPropertiesConfiguration geteGovUtilsConfig() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDocumentServiceUrl() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isStorkFakeIdLActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List<String> getStorkFakeIdLCountries() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getStorkNoSignatureCountries() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getStorkFakeIdLResigningKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isPVPSchemaValidationActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Map<String, String> getConfigurationWithWildCard(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<Integer> getDefaultRevisionsLogEventCodes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isHTTPAuthAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String[] getRevocationMethodOrder() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) { + // TODO Auto-generated method stub + return false; + } + + @Override + public URI getConfigurationFilePath() { + // TODO Auto-generated method stub + return null; + } + + @Override + public URI getConfigurationRootDirectory() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Properties getFullConfigurationProperties() { + // TODO Auto-generated method stub + return null; + } + + @Override + public ISPConfiguration getServiceProviderConfiguration(String arg0) throws EAAFConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public <T> T getServiceProviderConfiguration(String arg0, Class<T> arg1) throws EAAFConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String validateIDPURL(URL arg0) throws EAAFException { + // TODO Auto-generated method stub + return null; + } + +} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java new file mode 100644 index 000000000..ad68e089e --- /dev/null +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java @@ -0,0 +1,296 @@ +package at.gv.egovernment.moa.id.config.auth.data; + +import java.util.Date; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants; +import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; +import iaik.x509.X509Certificate; + +public class DummyAuthSession implements IAuthenticationSession, AuthProzessDataConstants { + + private IIdentityLink idl; + + @Override + public boolean isAuthenticated() { + return true; + } + + @Override + public void setAuthenticated(boolean authenticated) { + // TODO Auto-generated method stub + + } + + @Override + public X509Certificate getSignerCertificate() { + // TODO Auto-generated method stub + return null; + } + + @Override + public byte[] getEncodedSignerCertificate() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setSignerCertificate(X509Certificate signerCertificate) { + // TODO Auto-generated method stub + + } + + @Override + public IIdentityLink getIdentityLink() { + return this.idl; + } + + @Override + public void setIdentityLink(IIdentityLink identityLink) { + this.idl = identityLink; + + } + + @Override + public String getBkuURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setBkuURL(String bkuURL) { + // TODO Auto-generated method stub + + } + + @Override + public String getAuthBlock() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setAuthBlock(String authBlock) { + // TODO Auto-generated method stub + + } + + @Override + public List<ExtendedSAMLAttribute> getExtendedSAMLAttributesAUTH() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setExtendedSAMLAttributesAUTH(List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH) { + // TODO Auto-generated method stub + + } + + @Override + public List<ExtendedSAMLAttribute> getExtendedSAMLAttributesOA() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setExtendedSAMLAttributesOA(List<ExtendedSAMLAttribute> extendedSAMLAttributesOA) { + // TODO Auto-generated method stub + + } + + @Override + public boolean getSAMLAttributeGebeORwbpk() { + // TODO Auto-generated method stub + return false; + } + + @Override + public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) { + // TODO Auto-generated method stub + + } + + @Override + public String getIssueInstant() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setIssueInstant(String issueInstant) { + // TODO Auto-generated method stub + + } + + @Override + public void setUseMandate(String useMandate) { + // TODO Auto-generated method stub + + } + + @Override + public void setUseMandates(boolean useMandates) { + // TODO Auto-generated method stub + + } + + @Override + public boolean isMandateUsed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public void setMISSessionID(String misSessionID) { + // TODO Auto-generated method stub + + } + + @Override + public String getMISSessionID() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMandateReferenceValue() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setMandateReferenceValue(String mandateReferenceValue) { + // TODO Auto-generated method stub + + } + + @Override + public boolean isForeigner() { + // TODO Auto-generated method stub + return false; + } + + @Override + public void setForeigner(boolean isForeigner) { + // TODO Auto-generated method stub + + } + + @Override + public IVerifiyXMLSignatureResponse getXMLVerifySignatureResponse() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse) { + // TODO Auto-generated method stub + + } + + @Override + public IMISMandate getMISMandate() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setMISMandate(IMISMandate mandate) { + // TODO Auto-generated method stub + + } + + @Override + public boolean isOW() { + // TODO Auto-generated method stub + return false; + } + + @Override + public void setOW(boolean isOW) { + // TODO Auto-generated method stub + + } + + @Override + public String getAuthBlockTokken() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setAuthBlockTokken(String authBlockTokken) { + // TODO Auto-generated method stub + + } + + @Override + public String getQAALevel() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setQAALevel(String qAALevel) { + // TODO Auto-generated method stub + + } + + @Override + public Date getSessionCreated() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Map<String, Object> getGenericSessionDataStorage() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Object getGenericDataFromSession(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public <T> T getGenericDataFromSession(String key, Class<T> clazz) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSSOSessionID() { + return "123456789abcd"; + } + + @Override + public void setSSOSessionID(String sessionId) { + // TODO Auto-generated method stub + + } + + @Override + public Map<String, Object> getKeyValueRepresentationFromAuthSession() { + Map<String, Object> result = new HashMap<String, Object>(); + result.put(VALUE_IDENTITYLINK, getIdentityLink()); + return result; + + } + + @Override + public void setGenericDataToSession(String arg0, Object arg1) throws EAAFStorageException { + + } + + +} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java new file mode 100644 index 000000000..846819868 --- /dev/null +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java @@ -0,0 +1,180 @@ +package at.gv.egovernment.moa.id.config.auth.data; + +import java.util.Date; +import java.util.List; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; + +public class DummyAuthStorage implements IAuthenticationSessionStoreage { + + @Override + public AuthenticationSession createInternalSSOSession(IRequest target) throws MOADatabaseException, BuildException { + // TODO Auto-generated method stub + return null; + } + + @Override + public AuthenticationSession getInternalSSOSession(String internalSsoSessionID) throws MOADatabaseException { + // TODO Auto-generated method stub + return null; + } + + @Override + public AuthenticationSessionExtensions getAuthenticationSessionExtensions(String internalSsoSessionID) + throws MOADatabaseException { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setAuthenticationSessionExtensions(String internalSsoSessionID, + AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException { + // TODO Auto-generated method stub + + } + + @Override + public void destroyInternalSSOSession(String internalSsoSessionID) throws MOADatabaseException { + // TODO Auto-generated method stub + + } + + @Override + public void setAuthenticated(String internalSsoSessionID, boolean isAuthenticated) { + // TODO Auto-generated method stub + + } + + @Override + public boolean isSSOSession(String sessionID) throws MOADatabaseException { + // TODO Auto-generated method stub + return false; + } + + @Override + public AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId) { + // TODO Auto-generated method stub + return null; + } + + @Override + public void addSSOInformation(String moaSessionID, String SSOSessionID, SLOInformationInterface SLOInfo, + IRequest protocolRequest) throws AuthenticationException { + // TODO Auto-generated method stub + + } + + @Override + public OASessionStore searchActiveOASSOSession(IAuthenticationSession moaSession, String oaID, + String protocolType) { + // TODO Auto-generated method stub + return null; + } + + @Override + public IAuthenticationSession getSessionWithUserNameID(String nameID) { + // TODO Auto-generated method stub + return null; + } + + @Override + public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID) { + // TODO Auto-generated method stub + return null; + } + + @Override + public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID(String sessionID, + String idpID) { + // TODO Auto-generated method stub + return null; + } + + @Override + public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) + throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException { + // TODO Auto-generated method stub + + } + + @Override + public InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(String moaSessionID) { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean removeInterfederetedSession(String entityID, String pedingRequestID) { + // TODO Auto-generated method stub + return false; + } + + @Override + public void clean(Date now, long authDataTimeOutCreated, long authDataTimeOutUpdated) { + // TODO Auto-generated method stub + + } + + @Override + public void markOAWithAttributeQueryUsedFlag(IAuthenticationSession session, String oaurl, String requestedModule) { + // TODO Auto-generated method stub + + } + + @Override + public void deleteIdpInformation(InterfederationSessionStore nextIDPInformation) { + // TODO Auto-generated method stub + + } + + @Override + public void persistIdpInformation(InterfederationSessionStore nextIDPInformation) { + // TODO Auto-generated method stub + + } + + @Override + public OldSSOSessionIDStore checkSSOTokenAlreadyUsed(String ssoId) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getInternalSSOSessionWithSSOID(String externelSSOId) throws MOADatabaseException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<OASessionStore> getAllActiveOAFromMOASession(String ssoSessionId) { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(String ssoSessionId) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String searchSSOSessionWithNameIDandOAID(String oaID, String userNameID) { + // TODO Auto-generated method stub + return null; + } + +} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java new file mode 100644 index 000000000..61e765f55 --- /dev/null +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java @@ -0,0 +1,350 @@ +package at.gv.egovernment.moa.id.config.auth.data; + +import java.security.PrivateKey; +import java.util.Collection; +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.CPEPS; +import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; + +public class DummyOAConfig implements IOAAuthParameters { + + /** + * + */ + private static final long serialVersionUID = 1L; + private List<String> foreignbPKSectors; + private String target; + private boolean hasBaseIdTransferRestriction; + + @Override + public Map<String, String> getFullConfiguration() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getConfigurationValue(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getFriendlyName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getPublicURLPrefix() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean hasBaseIdInternalProcessingRestriction() { + return false; + } + + @Override + public boolean hasBaseIdTransferRestriction() { + return hasBaseIdTransferRestriction; + } + + @Override + public String getAreaSpecificTargetIdentifier() { + return target; + } + +/////////////////////////////// + + @Override + public boolean containsConfigurationKey(String arg0) { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getConfigurationValue(String arg0, String arg1) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getLoAMatchingMode() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getRequiredLoA() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getTargetsWithNoBaseIdInternalProcessingRestriction() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getTargetsWithNoBaseIdTransferRestriction() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getUniqueIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Boolean isConfigurationValue(String arg0) { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isConfigurationValue(String arg0, boolean arg1) { + // TODO Auto-generated method stub + return false; + } + + ///////////////////////////////// + + @Override + public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isInderfederationIDP() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isSTORKPVPGateway() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isRemovePBKFromAuthBlock() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getKeyBoxIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public SAML1ConfigurationParameters getSAML1Parameter() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getTemplateURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAditionalAuthBlockText() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getBKUURL(String bkutype) { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getBKUURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean useSSO() { + return false; + } + + @Override + public boolean useSSOQuestion() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List<String> getMandateProfiles() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isShowMandateCheckBox() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isOnlyMandateAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isShowStorkLogin() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getQaaLevel() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isRequireConsentForStorkAttributes() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Collection<StorkAttribute> getRequestedSTORKAttributes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public byte[] getBKUSelectionTemplate() { + // TODO Auto-generated method stub + return null; + } + + @Override + public byte[] getSendAssertionTemplate() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Collection<CPEPS> getPepsList() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getIDPAttributQueryServiceURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isInboundSSOInterfederationAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isInterfederationSSOStorageAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isOutboundSSOInterfederationAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isTestCredentialEnabled() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List<String> getTestCredentialOIDs() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isUseIDLTestTrustStore() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isUseAuthBlockTestTestStore() { + // TODO Auto-generated method stub + return false; + } + + @Override + public PrivateKey getBPKDecBpkDecryptionKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isPassivRequestUsedForInterfederation() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isPerformLocalAuthenticationOnInterfederationError() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Collection<StorkAttributeProviderPlugin> getStorkAPs() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<Integer> getReversionsLoggingEventCodes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> foreignbPKSectorsRequested() { + return foreignbPKSectors; + + } + + public void setForeignbPKSectors(List<String> foreignSectors) { + this.foreignbPKSectors = foreignSectors; + + } + + public void setTarget(String target) { + this.target = target; + } + + public void setHasBaseIdTransferRestriction(boolean hasBaseIdTransferRestriction) { + this.hasBaseIdTransferRestriction = hasBaseIdTransferRestriction; + } + +} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java new file mode 100644 index 000000000..3cd9d9476 --- /dev/null +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java @@ -0,0 +1,130 @@ +package at.gv.egovernment.moa.id.config.auth.data; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_basic_user_whitelist.xml") +public class UserRestrictionWhiteListTest { + + @Autowired(required=true) UserWhitelistStore whitelistStore; + + private static String bPK_1 = "/7eNkLgqP71U8dBwa0lSI8/2EFY="; + private static String bPK_2 = "gr88V4oH5KLlurBCcCAbKJNMF18="; + private static String bPK_3 = "0Fq3KqgYTbK8MsxymLe7tbuXhpA="; + private static String bPK_4 = "JWiLzwktCITGg+ztRKEAwWloSNM="; + + private static String bPK_5 = "JWiLzwktCIXXX+ztRKEAwWloSNM="; + private static String bPK_6 = "WtHxBxLqOThNU9YF8fzXXXcZLBs="; + + @Test + public void checkNumberOfEntries() throws Exception { + if (whitelistStore.getNumberOfEntries() != 12) + throw new Exception("Number of entries not valid"); + + } + + + @Test + public void checkEntry_1() throws Exception { + String bPK = bPK_1; + if (!whitelistStore.isUserbPKInWhitelist(bPK)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntryDynamic_1() throws Exception { + String bPK = bPK_1; + if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntry_2() throws Exception { + String bPK = bPK_2; + if (!whitelistStore.isUserbPKInWhitelist(bPK)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntryDynamic_2() throws Exception { + String bPK = bPK_2; + if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + + @Test + public void checkEntry_3() throws Exception { + String bPK = bPK_3; + if (!whitelistStore.isUserbPKInWhitelist(bPK)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntryDynamic_3() throws Exception { + String bPK = bPK_3; + if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntry_4() throws Exception { + String bPK = bPK_4; + if (!whitelistStore.isUserbPKInWhitelist(bPK)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntryDynamic_4() throws Exception { + String bPK = bPK_4; + if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntry_5() throws Exception { + String bPK = bPK_5; + if (whitelistStore.isUserbPKInWhitelist(bPK)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntryDynamic_5() throws Exception { + String bPK = bPK_5; + if (whitelistStore.isUserbPKInWhitelistDynamic(bPK, true)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntry_6() throws Exception { + String bPK = bPK_6; + if (whitelistStore.isUserbPKInWhitelist(bPK)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntryDynamic_6() throws Exception { + String bPK = bPK_6; + if (whitelistStore.isUserbPKInWhitelistDynamic(bPK, true)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + +} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java deleted file mode 100644 index 3ecbb84a2..000000000 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java +++ /dev/null @@ -1,285 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.module.test; - -import java.util.Collection; - -import org.opensaml.saml2.metadata.provider.MetadataProvider; - -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; - -/** - * @author tlenz - * - */ -public class TestRequestImpl implements IRequest { - - private String processInstanceID = null; - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedModule() - */ - @Override - public String requestedModule() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedAction() - */ - @Override - public String requestedAction() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getOAURL() - */ - @Override - public String getOAURL() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#isPassiv() - */ - @Override - public boolean isPassiv() { - // TODO Auto-generated method stub - return false; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#forceAuth() - */ - @Override - public boolean forceAuth() { - // TODO Auto-generated method stub - return false; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getGenericData(java.lang.String) - */ - @Override - public Object getGenericData(String key) { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getGenericData(java.lang.String, java.lang.Class) - */ - @Override - public <T> T getGenericData(String key, Class<T> clazz) { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#setGenericDataToSession(java.lang.String, java.lang.Object) - */ - @Override - public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException { - // TODO Auto-generated method stub - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestID() - */ - @Override - public String getRequestID() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getUniqueTransactionIdentifier() - */ - @Override - public String getUniqueTransactionIdentifier() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getUniqueSessionIdentifier() - */ - @Override - public String getUniqueSessionIdentifier() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getProcessInstanceId() - */ - @Override - public String getProcessInstanceId() { - return processInstanceID; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getAuthURL() - */ - @Override - public String getAuthURL() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getAuthURLWithOutSlash() - */ - @Override - public String getAuthURLWithOutSlash() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#isNeedAuthentication() - */ - @Override - public boolean isNeedAuthentication() { - // TODO Auto-generated method stub - return false; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#needSingleSignOnFunctionality() - */ - @Override - public boolean needSingleSignOnFunctionality() { - // TODO Auto-generated method stub - return false; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#setNeedSingleSignOnFunctionality(boolean) - */ - @Override - public void setNeedSingleSignOnFunctionality(boolean needSSO) { - // TODO Auto-generated method stub - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#isAuthenticated() - */ - @Override - public boolean isAuthenticated() { - // TODO Auto-generated method stub - return false; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#setAuthenticated(boolean) - */ - @Override - public void setAuthenticated(boolean isAuthenticated) { - // TODO Auto-generated method stub - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getOnlineApplicationConfiguration() - */ - @Override - public IOAAuthParameters getOnlineApplicationConfiguration() { - // TODO Auto-generated method stub - return null; - } - - /** - * @param processInstanceID the processInstanceID to set - */ - public void setProcessInstanceID(String processInstanceID) { - this.processInstanceID = processInstanceID; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#isAbortedByUser() - */ - @Override - public boolean isAbortedByUser() { - // TODO Auto-generated method stub - return false; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#setAbortedByUser(boolean) - */ - @Override - public void setAbortedByUser(boolean isAborted) { - // TODO Auto-generated method stub - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedAttributes() - */ - @Override - public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.IRequest#getInternalSSOSessionIdentifier() - */ - @Override - public String getInternalSSOSessionIdentifier() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.IRequest#getMOASession() - */ - @Override - public IAuthenticationSession getMOASession() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.IRequest#populateMOASessionWithSSOInformation(at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession) - */ - @Override - public void populateMOASessionWithSSOInformation(IAuthenticationSession ssoSession) { - // TODO Auto-generated method stub - - } - - - -} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java deleted file mode 100644 index ab08c0f5c..000000000 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java +++ /dev/null @@ -1,147 +0,0 @@ -package at.gv.egovernment.moa.id.process.spring.test; - -import java.util.ArrayList; -import java.util.Date; -import java.util.Iterator; -import java.util.List; - -import javax.sql.DataSource; - -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Dummy DataSource implementation for convenience in test cases where a - * database connection will never actually be acquired. - * - * @see DataSource - * @author Chris Beams - */ -public class DummyTransactionStorage implements ITransactionStorage { - - public class DummyDBEntry{ - public DummyDBEntry(String key, Object value){ - this.obj =value; - this.key = key; - } - public String getKey() { - return key; - } - public void setKey(String key) { - this.key = key; - } - public Object getObj() { - return obj; - } - public void setObj(Object obj) { - this.obj = obj; - } - private String key; - private Object obj; - } - - private ArrayList<DummyDBEntry> ds = new ArrayList<DummyDBEntry>(); - - - - @Override - public boolean containsKey(String key) { - // TODO Auto-generated method stub - Iterator<DummyDBEntry> it = ds.iterator(); - while(it.hasNext()){ - DummyDBEntry t = it.next(); - if(t.getKey().equals(key)) - return true; - } - return false; - } - - @Override - public void put(String key, Object value, int timeout_ms) - throws MOADatabaseException { - // TODO Auto-generated method stub - this.remove(key); - this.ds.add(new DummyDBEntry(key, value)); - - } - - @Override - public Object get(String key) throws MOADatabaseException { - // TODO Auto-generated method stub - Iterator<DummyDBEntry> it = ds.iterator(); - while(it.hasNext()){ - DummyDBEntry t = it.next(); - if(t.getKey().equals(key)) - return t; - } - return null; - } - - @Override - public <T> T get(String key, Class<T> clazz) throws MOADatabaseException { - - DummyDBEntry o = (DummyDBEntry) get(key); - if(o == null) - return null; - try { - @SuppressWarnings("unchecked") - T test = (T) (clazz.cast(o.getObj())); - return test; - - } catch (Exception e) { - Logger.warn("Sessioninformation Cast-Exception by using Artifact=" + key); - throw new MOADatabaseException("Sessioninformation Cast-Exception"); - - } - } - - @Override - public <T> T get(String key, Class<T> clazz, long dataTimeOut) - throws MOADatabaseException, AuthenticationException { - // TODO Auto-generated method stub - return get(key,clazz); - } - - @Override - public void changeKey(String oldKey, String newKey, Object value) - throws MOADatabaseException { - this.remove(oldKey); - this.put(newKey, value, -1); - - } - - @Override - public void remove(String key) { - Iterator<DummyDBEntry> it = ds.iterator(); - while(it.hasNext()){ - DummyDBEntry t = it.next(); - if(t.getKey().equals(key)){ - this.ds.remove(t); - return; - } - } - - } - - @Override - public List<String> clean(Date now, long dataTimeOut) { - // TODO Auto-generated method stub - return null; - } - - @Override - public Object getAssertionStore(String key) throws MOADatabaseException { - // TODO Auto-generated method stub - return null; - } - - @Override - public void putAssertionStore(Object element) throws MOADatabaseException { - // TODO Auto-generated method stub - - } - - -}
\ No newline at end of file diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/ExpressionContextAdapter.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/ExpressionContextAdapter.java deleted file mode 100644 index c26236619..000000000 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/ExpressionContextAdapter.java +++ /dev/null @@ -1,52 +0,0 @@ -package at.gv.egovernment.moa.id.process.spring.test; - - -import java.io.Serializable; -import java.util.Collections; -import java.util.HashMap; -import java.util.Map; - -import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext; - -/** - * Adapter class for {@link ExpressionEvaluationContext}. Intended to be used for testing purposes. - * - * @author tknall - * - */ -public class ExpressionContextAdapter implements ExpressionEvaluationContext { - - private static final long serialVersionUID = 1L; - - private Map<String, Serializable> ctxData = Collections.synchronizedMap(new HashMap<String, Serializable>()); - - /** - * Returns a certain {@link Serializable} object associated with a certain {@code key}. - * - * @param key - * The key. - * @return The object or {@code null} if no object was found stored with that key or if a {@code null} value was - * stored. - */ - Serializable get(String key) { - return ctxData.get(key); - } - - /** - * Stores a {@link Serializable} with a certain {@code key}. - * - * @param key - * The key. - * @param object - * The object. - */ - void put(String key, Serializable object) { - ctxData.put(key, object); - } - - @Override - public Map<String, Serializable> getCtx() { - return Collections.unmodifiableMap(ctxData); - } - -} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SimplePojo.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SimplePojo.java deleted file mode 100644 index 89f3c0383..000000000 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SimplePojo.java +++ /dev/null @@ -1,41 +0,0 @@ -package at.gv.egovernment.moa.id.process.spring.test; - -import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator; - -/** - * A dummy pojo used to test {@link ExpressionEvaluator} with Spring EL referencing Spring beans. - * - * @author tknall - * - */ -public class SimplePojo { - - private Boolean booleanValue; - private String stringValue; - private Integer integerValue; - - public Boolean getBooleanValue() { - return booleanValue; - } - - public void setBooleanValue(Boolean booleanValue) { - this.booleanValue = booleanValue; - } - - public String getStringValue() { - return stringValue; - } - - public void setStringValue(String stringValue) { - this.stringValue = stringValue; - } - - public Integer getIntegerValue() { - return integerValue; - } - - public void setIntegerValue(Integer integerValue) { - this.integerValue = integerValue; - } - -} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java deleted file mode 100644 index c06735f9e..000000000 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java +++ /dev/null @@ -1,154 +0,0 @@ -package at.gv.egovernment.moa.id.process.spring.test; - -import static at.gv.egovernment.moa.id.process.ProcessInstanceState.NOT_STARTED; -import static at.gv.egovernment.moa.id.process.ProcessInstanceState.SUSPENDED; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; - -import java.io.IOException; -import java.io.InputStream; -import java.util.Properties; - -import org.hibernate.cfg.Configuration; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; -import at.gv.egovernment.moa.id.module.test.TestRequestImpl; -import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException; -import at.gv.egovernment.moa.id.process.ProcessEngine; -import at.gv.egovernment.moa.id.process.ProcessEngineImpl; -import at.gv.egovernment.moa.id.process.ProcessExecutionException; -import at.gv.egovernment.moa.id.process.ProcessInstance; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.process.spring.SpringExpressionEvaluator; - -/** - * Tests the process engine using processes based on Spring EL referencing the process context and further Spring beans. - * - * @author tknall - * - */ -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration("/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml") -public class SpringExpressionAwareProcessEngineTest { - - @Autowired private static ProcessEngine pe; - @Autowired private ApplicationContext applicationContext; - - private boolean isInitialized = false; - - @Before - public void init() throws IOException, ProcessDefinitionParserException { - - if (!isInitialized) { - - if (pe == null) { - pe = applicationContext.getBean("processEngine", ProcessEngine.class); - - } - - ((ProcessEngineImpl) pe).setTransitionConditionExpressionEvaluator(new SpringExpressionEvaluator()); - try (InputStream in = SpringExpressionAwareProcessEngineTest.class.getResourceAsStream("SampleProcessDefinitionWithExpression1.xml")) { - ((ProcessEngineImpl) pe).registerProcessDefinition(in); - } - try (InputStream in = SpringExpressionAwareProcessEngineTest.class.getResourceAsStream("SampleProcessDefinitionForSAML1Authentication.xml")) { - ((ProcessEngineImpl) pe).registerProcessDefinition(in); - } - - initHibernateForTesting(); - } - } - - private static void initHibernateForTesting() throws IOException{ - - InputStream in = SpringExpressionAwareProcessEngineTest.class.getResourceAsStream("/at/gv/egovernment/moa/id/process/hibernate.configuration.test.properties"); - Properties props = new Properties(); - props.load(in); - - try { - //ConfigurationDBUtils.initHibernate(props); - Configuration config = new Configuration(); - config.addProperties(props); - //config.addAnnotatedClass(ProcessInstanceStore.class); - config.addAnnotatedClass(AssertionStore.class); - //MOASessionDBUtils.initHibernate(config, props); - } catch (Exception e) { - e.printStackTrace(); - } - } - - - @Test - public void testSampleProcessDefinitionWithExpression1() throws IOException, ProcessDefinitionParserException, ProcessExecutionException { - - TestRequestImpl req = new TestRequestImpl(); - - String piId = pe.createProcessInstance("SampleProcessWithExpression1"); - ProcessInstance pi = pe.getProcessInstance(piId); - assertEquals(NOT_STARTED, pi.getState()); - - - // start process - req.setProcessInstanceID(piId); - pe.start(req); - - //processInstance should be removed when it ends - try { - pi = pe.getProcessInstance(piId); - throw new ProcessExecutionException("ProcessInstance should be removed already, but it was found."); - //assertEquals(ENDED, pi.getState()); - - } catch (IllegalArgumentException e) { - // do nothing because processInstance should be already removed - - } - } - - @Test - public void testSampleProcessDefinitionForSAML1Authentication() throws IOException, ProcessDefinitionParserException, ProcessExecutionException { - - TestRequestImpl req = new TestRequestImpl(); - - String piId = pe.createProcessInstance("SampleProcessDefinitionForSAML1Authentication"); - ProcessInstance pi = pe.getProcessInstance(piId); - assertEquals(NOT_STARTED, pi.getState()); - - // start process - req.setProcessInstanceID(piId); - pe.start(req); - pi = pe.getProcessInstance(piId); - assertEquals(SUSPENDED, pi.getState()); - - ExecutionContext ec = pi.getExecutionContext(); - assertNotNull(ec); - System.out.println(ec.keySet()); - - assertNotNull(ec.get("bkuURL")); - assertNotNull(ec.get("IdentityLink")); - assertNotNull(ec.get("isIdentityLinkValidated")); - assertNotNull(ec.get("SignedAuthBlock")); - assertNotNull(ec.get("isSignedAuthBlockValidated")); - assertNotNull(ec.get("SAML1Assertion")); - - pe.signal(req); - try { - pi = pe.getProcessInstance(piId); - throw new ProcessExecutionException("ProcessInstance should be removed already, but it was found."); - //assertEquals(ENDED, pi.getState()); - - } catch (IllegalArgumentException e) { - // do nothing because processInstance should be already removed - - } - - - - } - -} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest.java deleted file mode 100644 index bc9d1d399..000000000 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest.java +++ /dev/null @@ -1,54 +0,0 @@ -package at.gv.egovernment.moa.id.process.spring.test; - -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator; - -/** - * Tests the {@link ExpressionEvaluator} using a Spring EL based implementation capable of dereferencing Spring beans. - * - * @author tknall - * - */ -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration -public class SpringExpressionEvaluatorTest { - - private ExpressionContextAdapter ctx; - - @Autowired - private ExpressionEvaluator expressionEvaluator; - - @Before - public void prepareTest() { - ctx = new ExpressionContextAdapter(); - } - - @Test - public void testEvaluateSimpleExpression() { - assertTrue(expressionEvaluator.evaluate(ctx, "'true'")); - } - - @Test - public void testEvaluateExpressionWithCtx() { - ctx.put("myProperty", false); - assertFalse(expressionEvaluator.evaluate(ctx, "ctx['myProperty']")); - } - - @Test - public void testEvaluateExpressionWithBeanReference() { - assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.booleanValue")); - assertTrue(expressionEvaluator.evaluate(ctx, "'HelloWorld'.equals(@simplePojo.stringValue)")); - assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.integerValue == 42")); - assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.stringValue.length() == 10")); - } - -} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java deleted file mode 100644 index 54515ab8e..000000000 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java +++ /dev/null @@ -1,63 +0,0 @@ -package at.gv.egovernment.moa.id.process.spring.test.task; - -import java.io.IOException; -import java.io.InputStream; -import java.nio.charset.Charset; -import java.util.Objects; - -import org.apache.commons.io.IOUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.stereotype.Service; - -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.process.api.Task; - -/** - * A dummy task simulating the creation of a SAML1 assertion. - * <p> - * Requires context data: - * <ul> - * <li>{@code IdentityLink}</li> - * <li>{@code isIdentityLinkValidated}</li> - * <li>{@code SignedAuthBlock}</li> - * <li>{@code isSignedAuthBlockValidated}</li> - * </ul> - * </p> - * <p> - * Enriches context data with: - * <ul> - * <li>{@code SAML1Assertion}</li> - * </ul> - * </p> - * - * @author tknall - * - */ -@Service("CreateSAML1AssertionTask") -public class CreateSAML1AssertionTask implements Task { - - private Logger log = LoggerFactory.getLogger(getClass()); - - @Override - public IRequest execute(IRequest penReq, ExecutionContext executionContext) throws TaskExecutionException { - Objects.requireNonNull(executionContext.get("IdentityLink")); - assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated")))); - Objects.requireNonNull(executionContext.get("SignedAuthBlock")); - assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isSignedAuthBlockValidated")))); - - log.debug("Using IdentityLink and signed auth block in order to create SAML1 assertion."); - - try (InputStream in = getClass().getResourceAsStream("SAML1Assertion.xml")) { - executionContext.put("SAML1Assertion", IOUtils.toString(in, Charset.forName("UTF-8"))); - - } catch (IOException e) { - throw new TaskExecutionException(null, "", e); - } - - return null; - } - -} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java deleted file mode 100644 index 266878d7e..000000000 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java +++ /dev/null @@ -1,59 +0,0 @@ -package at.gv.egovernment.moa.id.process.spring.test.task; - -import java.io.IOException; -import java.io.InputStream; -import java.nio.charset.Charset; -import java.util.Objects; - -import org.apache.commons.io.IOUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.stereotype.Service; - -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.process.api.Task; - -/** - * A dummy task simulating the retrieval of an IdentityLink. - * <p/> - * Asynchonous - * <p> - * Requires context data: - * <ul> - * <li>{@code bkuURL}</li> - * </ul> - * </p> - * <p> - * Enriches context data with: - * <ul> - * <li>{@code IdentityLink}</li> - * </ul> - * </p> - * - * @author tknall - * - */ -@Service("GetIdentityLinkTask") -public class GetIdentityLinkTask implements Task { - - private Logger log = LoggerFactory.getLogger(getClass()); - - @Override - public IRequest execute(IRequest penReq, ExecutionContext executionContext) throws TaskExecutionException { - Objects.requireNonNull(executionContext.get("bkuURL")); - - log.debug("Using bkuURL in order to retrieve IdentityLink."); - - try (InputStream in = getClass().getResourceAsStream("IdentityLink_Max_Mustermann.xml")) { - executionContext.put("IdentityLink", IOUtils.toString(in, Charset.forName("UTF-8"))); - - } catch (IOException e) { - throw new TaskExecutionException(null, "", e); - } - - return null; - } - -} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java deleted file mode 100644 index 915cb3b1e..000000000 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java +++ /dev/null @@ -1,37 +0,0 @@ -package at.gv.egovernment.moa.id.process.spring.test.task; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.stereotype.Service; - -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.process.api.Task; - -/** - * A dummy task simulating a bku selection. - * <p/> - * Asynchonous - * <p> - * Enriches context data with: - * <ul> - * <li>{@code bkuURL}</li> - * </ul> - * </p> - * - * @author tknall - * - */ -@Service("SelectBKUTask") -public class SelectBKUTask implements Task { - - private Logger log = LoggerFactory.getLogger(getClass()); - - @Override - public IRequest execute(IRequest penReq, ExecutionContext executionContext) { - log.debug("Providing BKU selection."); - executionContext.put("bkuURL", "https://127.0.0.1:3496/https-security-layer-request"); - return null; - } - -} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java deleted file mode 100644 index 41ccb4451..000000000 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java +++ /dev/null @@ -1,61 +0,0 @@ -package at.gv.egovernment.moa.id.process.spring.test.task; - -import java.io.IOException; -import java.io.InputStream; -import java.nio.charset.Charset; -import java.util.Objects; - -import org.apache.commons.io.IOUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.stereotype.Service; - -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.process.api.Task; - -/** - * A dummy task simulating the signature of an auth block. - * <p/> - * Asynchonous - * <p> - * Requires context data: - * <ul> - * <li>{@code IdentityLink}</li> - * <li>{@code isIdentityLinkValidated}</li> - * <li>{@code bkuURL}</li> - * </ul> - * </p> - * <p> - * Enriches context data with: - * <ul> - * <li>{@code SignedAuthBlock}</li> - * </ul> - * </p> - * - * @author tknall - * - */ -@Service("SignAuthBlockTask") -public class SignAuthBlockTask implements Task { - - private Logger log = LoggerFactory.getLogger(getClass()); - - @Override - public IRequest execute(IRequest penReq, ExecutionContext executionContext) throws TaskExecutionException { - Objects.requireNonNull(executionContext.get("IdentityLink")); - assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated")))); - Objects.requireNonNull(executionContext.get("bkuURL")); - - log.debug("Using validated IdentityLink and bkuURL in order to sign auth block."); - try (InputStream in = getClass().getResourceAsStream("SignedAuthBlock.xml")) { - executionContext.put("SignedAuthBlock", IOUtils.toString(in, Charset.forName("UTF-8"))); - } catch (IOException e) { - throw new TaskExecutionException(null, "", e); - - } - return null; - } - -} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java deleted file mode 100644 index 818e8b479..000000000 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java +++ /dev/null @@ -1,46 +0,0 @@ -package at.gv.egovernment.moa.id.process.spring.test.task; - -import java.util.Objects; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.stereotype.Service; - -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.process.api.Task; - -/** - * Dummy task simulating the validation of an IdentityLink. - * <p> - * Requires context data: - * <ul> - * <li>{@code IdentityLink}</li> - * </ul> - * </p> - * <p> - * Enriches context data with: - * <ul> - * <li>{@code isIdentityLinkValidated}</li> - * </ul> - * </p> - * - * @author tknall - * - */ -@Service("ValidateIdentityLinkTask") -public class ValidateIdentityLinkTask implements Task { - - private Logger log = LoggerFactory.getLogger(getClass()); - - @Override - public IRequest execute(IRequest penReq, ExecutionContext executionContext) { - Objects.requireNonNull(executionContext.get("IdentityLink")); - - log.debug("Validating IdentityLink."); - - executionContext.put("isIdentityLinkValidated", true); - return null; - } - -} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java deleted file mode 100644 index 2ee67ec27..000000000 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java +++ /dev/null @@ -1,51 +0,0 @@ -package at.gv.egovernment.moa.id.process.spring.test.task; - -import java.util.Objects; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.stereotype.Service; - -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.process.api.Task; - -/** - * A dummy task simulating the validation of an auth block. - * <p> - * Requires context data: - * <ul> - * <li>{@code IdentityLink}</li> - * <li>{@code isIdentityLinkValidated}</li> - * <li>{@code SignedAuthBlock}</li> - * </ul> - * </p> - * <p> - * Enriches context data with: - * <ul> - * <li>{@code isSignedAuthBlockValidated}</li> - * </ul> - * </p> - * - * @author tknall - * - */ -@Service("ValidateSignedAuthBlockTask") -public class ValidateSignedAuthBlockTask implements Task { - - private Logger log = LoggerFactory.getLogger(getClass()); - - @Override - public IRequest execute(IRequest penReq, ExecutionContext executionContext) throws TaskExecutionException { - Objects.requireNonNull(executionContext.get("IdentityLink")); - assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated")))); - Objects.requireNonNull(executionContext.get("SignedAuthBlock")); - - log.debug("Using validated IdentityLink and signed auth block in order to validate signed auth block."); - - executionContext.put("isSignedAuthBlockValidated", true); - return null; - } - -} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/BooleanStringExpressionEvaluator.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/BooleanStringExpressionEvaluator.java deleted file mode 100644 index 20dfc50ef..000000000 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/BooleanStringExpressionEvaluator.java +++ /dev/null @@ -1,24 +0,0 @@ -package at.gv.egovernment.moa.id.process.test; - -import java.util.Objects; - -import org.apache.commons.lang3.BooleanUtils; - -import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext; -import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator; - -/** - * Expression evaluator that guesses the boolean value from a String. Refer to {@link BooleanUtils#toBoolean(String)} - * for further information. - * - * @author tknall - * - */ -public class BooleanStringExpressionEvaluator implements ExpressionEvaluator { - - @Override - public boolean evaluate(ExpressionEvaluationContext expressionContext, String expression) { - return BooleanUtils.toBoolean(Objects.requireNonNull(expression, "Expression must not be null.")); - } - -} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java deleted file mode 100644 index 1f77eadbc..000000000 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java +++ /dev/null @@ -1,24 +0,0 @@ -package at.gv.egovernment.moa.id.process.test; - -import org.springframework.stereotype.Service; - -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.process.api.Task; - -/** - * Simple task that just outputs a "Hallo World" text to the console. - * - * @author tknall - * - */ -@Service("HalloWeltTask") -public class HalloWeltTask implements Task { - - @Override - public IRequest execute(IRequest pendingReq, ExecutionContext executionContext) { - System.out.println("Hallo Welt"); - return null; - } - -} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java deleted file mode 100644 index bc640e97a..000000000 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java +++ /dev/null @@ -1,24 +0,0 @@ -package at.gv.egovernment.moa.id.process.test; - -import org.springframework.stereotype.Service; - -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.process.api.Task; - -/** - * Simple task that just outputs a "Hello World" text to the console. - * - * @author tknall - * - */ -@Service("HelloWorldTask") -public class HelloWorldTask implements Task { - - @Override - public IRequest execute(IRequest pendingReq, ExecutionContext executionContext) { - System.out.println("Hello World"); - return null; - } - -} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessDefinitionParserTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessDefinitionParserTest.java deleted file mode 100644 index df13f064b..000000000 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessDefinitionParserTest.java +++ /dev/null @@ -1,137 +0,0 @@ -package at.gv.egovernment.moa.id.process.test; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertTrue; - -import java.io.IOException; -import java.io.InputStream; - -import org.junit.Test; - -import at.gv.egovernment.moa.id.process.ProcessDefinitionParser; -import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException; -import at.gv.egovernment.moa.id.process.model.EndEvent; -import at.gv.egovernment.moa.id.process.model.ProcessDefinition; -import at.gv.egovernment.moa.id.process.model.ProcessNode; -import at.gv.egovernment.moa.id.process.model.StartEvent; -import at.gv.egovernment.moa.id.process.model.TaskInfo; -import at.gv.egovernment.moa.id.process.model.Transition; - -public class ProcessDefinitionParserTest { - - @Test(expected = ProcessDefinitionParserException.class) - public void testParseInvalidProcessDefinition_MultipleStartEvents() throws IOException, ProcessDefinitionParserException { - try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_MultipleStartEvents.xml")) { - new ProcessDefinitionParser().parse(in); - } - } - - @Test(expected = ProcessDefinitionParserException.class) - public void testParseInvalidProcessDefinition_TransitionLoop() throws IOException, ProcessDefinitionParserException { - try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_TransitionLoop.xml")) { - new ProcessDefinitionParser().parse(in); - } - } - - @Test(expected = ProcessDefinitionParserException.class) - public void testParseInvalidProcessDefinition_TransitionStartsFromEndEvent() throws IOException, ProcessDefinitionParserException { - try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_TransitionStartsFromEndEvent.xml")) { - new ProcessDefinitionParser().parse(in); - } - } - - @Test(expected = ProcessDefinitionParserException.class) - public void testParseInvalidProcessDefinition_TransitionRefsTransition() throws IOException, ProcessDefinitionParserException { - try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_TransitionRefsTransition.xml")) { - new ProcessDefinitionParser().parse(in); - } - } - - @Test(expected = ProcessDefinitionParserException.class) - public void testParseInvalidProcessDefinition_NoStartEvents() throws IOException, ProcessDefinitionParserException { - try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_NoStartEvents.xml")) { - new ProcessDefinitionParser().parse(in); - } - } - - @Test - public void testParseSampleProcessDefinition() throws IOException, ProcessDefinitionParserException { - try (InputStream in = getClass().getResourceAsStream("SampleProcessDefinition1.xml")) { - - ProcessDefinitionParser parser = new ProcessDefinitionParser(); - ProcessDefinition pd = parser.parse(in); - - assertNotNull(pd); - assertEquals("SampleProcess1", pd.getId()); - - // first assert tasks then transitions - // start event - StartEvent startEvent = pd.getStartEvent(); - assertNotNull(startEvent); - assertEquals("start", startEvent.getId()); - assertEquals(startEvent, pd.getProcessNode("start")); - // task1 - ProcessNode processNode = pd.getProcessNode("task1"); - assertNotNull(processNode); - assertTrue(processNode instanceof TaskInfo); - TaskInfo task1 = (TaskInfo) processNode; - assertEquals("task1", task1.getId()); - assertFalse(task1.isAsync()); - // task2 - processNode = pd.getProcessNode("task2"); - assertNotNull(processNode); - assertTrue(processNode instanceof TaskInfo); - TaskInfo task2 = (TaskInfo) processNode; - assertEquals("task2", task2.getId()); - assertTrue(task2.isAsync()); - // end event - processNode = pd.getProcessNode("end"); - assertNotNull(processNode); - assertTrue(processNode instanceof EndEvent); - EndEvent endEvent = (EndEvent) processNode; - assertEquals("end", endEvent.getId()); - - // assert transitions - // start event - assertNotNull(startEvent.getIncomingTransitions()); - assertTrue(startEvent.getIncomingTransitions().isEmpty()); - assertNotNull(startEvent.getOutgoingTransitions()); - assertEquals(1, startEvent.getOutgoingTransitions().size()); - // transition from start to task1 - Transition startToTask1 = startEvent.getOutgoingTransitions().get(0); - assertEquals("fromStart", startToTask1.getId()); - assertEquals(startEvent, startToTask1.getFrom()); - assertEquals(task1, startToTask1.getTo()); - assertEquals("true", startToTask1.getConditionExpression()); - // task1 - assertNotNull(task1.getIncomingTransitions()); - assertEquals(1, task1.getIncomingTransitions().size()); - assertEquals(startToTask1, task1.getIncomingTransitions().get(0)); - assertNotNull(task1.getOutgoingTransitions()); - assertEquals(1, task1.getOutgoingTransitions().size()); - // transition from task1 to task2 - Transition task1ToTask2 = task1.getOutgoingTransitions().get(0); - assertNull(task1ToTask2.getId()); - assertEquals(task1, task1ToTask2.getFrom()); - assertEquals(task2, task1ToTask2.getTo()); - assertNull(task1ToTask2.getConditionExpression()); - // task2 - assertNotNull(task2.getIncomingTransitions()); - assertEquals(1, task2.getIncomingTransitions().size()); - assertEquals(task1ToTask2, task2.getIncomingTransitions().get(0)); - assertNotNull(task2.getOutgoingTransitions()); - assertEquals(1, task2.getOutgoingTransitions().size()); - // transition from task2 to end - Transition task2ToEnd = task2.getOutgoingTransitions().get(0); - assertNull(task2ToEnd.getId()); - assertEquals(task2, task2ToEnd.getFrom()); - assertEquals(endEvent, task2ToEnd.getTo()); - assertNull(task2ToEnd.getConditionExpression()); - - } - } - -} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java deleted file mode 100644 index 6744c0403..000000000 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java +++ /dev/null @@ -1,146 +0,0 @@ -package at.gv.egovernment.moa.id.process.test; - -import static at.gv.egovernment.moa.id.process.ProcessInstanceState.NOT_STARTED; -import static at.gv.egovernment.moa.id.process.ProcessInstanceState.SUSPENDED; -import static org.junit.Assert.assertEquals; - -import java.io.IOException; -import java.io.InputStream; -import java.util.Properties; - -import org.hibernate.cfg.Configuration; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; -import at.gv.egovernment.moa.id.module.test.TestRequestImpl; -import at.gv.egovernment.moa.id.process.ProcessDefinitionParser; -import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException; -import at.gv.egovernment.moa.id.process.ProcessEngine; -import at.gv.egovernment.moa.id.process.ProcessEngineImpl; -import at.gv.egovernment.moa.id.process.ProcessExecutionException; -import at.gv.egovernment.moa.id.process.ProcessInstance; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration("/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml") -public class ProcessEngineTest { - - @Autowired private static ProcessEngine pe; - - @Autowired private ApplicationContext applicationContext; - - private boolean isInitialized = false; - - @Before - public void init() throws IOException, ProcessDefinitionParserException { - - if (!isInitialized) { - ProcessDefinitionParser pdp = new ProcessDefinitionParser(); - - if (pe == null) { - pe = applicationContext.getBean("processEngine", ProcessEngine.class); - - } - - ((ProcessEngineImpl) pe).setTransitionConditionExpressionEvaluator(new BooleanStringExpressionEvaluator()); - try (InputStream in = ProcessEngineTest.class.getResourceAsStream("SampleProcessDefinition1.xml")) { - ((ProcessEngineImpl) pe).registerProcessDefinition(pdp.parse(in)); - } - try (InputStream in = ProcessEngineTest.class.getResourceAsStream("SampleProcessDefinition2.xml")) { - ((ProcessEngineImpl) pe).registerProcessDefinition(pdp.parse(in)); - } - - initHibernateForTesting(); - isInitialized = true; - } - } - - private static void initHibernateForTesting() throws IOException{ - - InputStream in = ProcessEngineTest.class.getResourceAsStream("/at/gv/egovernment/moa/id/process/hibernate.configuration.test.properties"); - Properties props = new Properties(); - props.load(in); - - try { - //ConfigurationDBUtils.initHibernate(props); - Configuration config = new Configuration(); - config.addProperties(props); - //config.addAnnotatedClass(ProcessInstanceStore.class); - config.addAnnotatedClass(AssertionStore.class); - //MOASessionDBUtils.initHibernate(config, props); - } catch (Exception e) { - e.printStackTrace(); - } - } - - @Test - public void testSampleProcess1() throws IOException, ProcessDefinitionParserException, ProcessExecutionException { - - TestRequestImpl testReq = new TestRequestImpl(); - - String piId = pe.createProcessInstance("SampleProcess1"); - ProcessInstance pi = pe.getProcessInstance(piId); - assertEquals(NOT_STARTED, pi.getState()); - - // start process - testReq.setProcessInstanceID(piId); - pe.start(testReq); - pi = pe.getProcessInstance(piId); - assertEquals(SUSPENDED, pi.getState()); - - System.out.println("Do something asynchronously"); - testReq.setProcessInstanceID(piId); - pe.signal(testReq); - try { - pi = pe.getProcessInstance(piId); - throw new ProcessExecutionException("ProcessInstance should be removed already, but it was found."); - //assertEquals(ENDED, pi.getState()); - - } catch (IllegalArgumentException e) { - // do nothing because processInstance should be already removed - - } - } - - @Test - public void testSampleProcess2() throws IOException, ProcessDefinitionParserException, ProcessExecutionException { - - TestRequestImpl testReq = new TestRequestImpl(); - - String piId = pe.createProcessInstance("SampleProcess2"); - ProcessInstance pi = pe.getProcessInstance(piId); - assertEquals(NOT_STARTED, pi.getState()); - - // start process - testReq.setProcessInstanceID(piId); - pe.start(testReq); - pi = pe.getProcessInstance(piId); - assertEquals(SUSPENDED, pi.getState()); - - System.out.println("Do something asynchronously"); - testReq.setProcessInstanceID(piId); - pe.signal(testReq); - try { - pi = pe.getProcessInstance(piId); - throw new ProcessExecutionException("ProcessInstance should be removed already, but it was found."); - //assertEquals(ENDED, pi.getState()); - - } catch (IllegalArgumentException e) { - // do nothing because processInstance should be already removed - - } - - - } - - @Test(expected = IllegalArgumentException.class) - public void testProcessInstanceDoesNotExist() { - pe.getProcessInstance("does not exist"); - } - -} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java index 4b7f61ef5..0c410e966 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java @@ -11,15 +11,15 @@ import org.springframework.context.support.FileSystemXmlApplicationContext; import org.w3c.dom.Element; import org.xml.sax.SAXException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egovernment.moa.id.storage.DBTransactionStorage; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.util.Constants; import at.gv.util.DOMUtils; public class DBTransactionStorageTest { - public static void main (String[] args) throws SAXException, IOException, ParserConfigurationException, MOADatabaseException{ + public static void main (String[] args) throws SAXException, IOException, ParserConfigurationException, EAAFException{ DBTransactionStorageTest t = new DBTransactionStorageTest(); t.test(); } @@ -32,7 +32,7 @@ public class DBTransactionStorageTest { } - public void test() throws SAXException, IOException, ParserConfigurationException, MOADatabaseException{ + public void test() throws SAXException, IOException, ParserConfigurationException, EAAFException{ ApplicationContext context = new FileSystemXmlApplicationContext("src/test/java/testBeans.xml"); diff --git a/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java b/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java index b3a9d367f..b1f8fe593 100644 --- a/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java +++ b/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java @@ -54,10 +54,10 @@ import javax.xml.transform.TransformerException; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.StreamUtils; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.StreamUtils; -import at.gv.egovernment.moa.util.XPathUtils; import iaik.ixsil.algorithms.Transform; import iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXML; import iaik.ixsil.exceptions.AlgorithmException; diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java index 1cd54d61b..299bbee23 100644 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java +++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java @@ -50,8 +50,8 @@ import java.security.KeyStore; import java.util.Enumeration; import test.at.gv.egovernment.moa.id.UnitTestCase; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.util.KeyStoreUtils; /** * @author Paul Ivancsics diff --git a/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java index 05cd74ed2..caf672d05 100644 --- a/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java +++ b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java @@ -1,12 +1,20 @@ package test.tlenz; +import java.io.ByteArrayInputStream; +import java.io.File; import java.io.FileInputStream; +import java.io.InputStream; +import java.net.URI; +import java.net.URL; import java.util.HashMap; import java.util.List; import org.apache.commons.io.IOUtils; +import org.springframework.util.Base64Utils; +import org.springframework.util.StreamUtils; import org.w3c.dom.NodeList; +import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.SignatureVerificationService; import at.gv.egovernment.moa.spss.api.common.Content; @@ -18,6 +26,9 @@ import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo; import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; +import iaik.asn1.ASN1; +import iaik.asn1.ASN1Object; +import iaik.utils.ASN1InputStream; /******************************************************************************* * Copyright 2014 Federal Chancellery Austria @@ -64,6 +75,40 @@ public class simpletest { public static void main(String[] args) { try { + try { + String test = "3082065406092A864886F70D010702A082064530820641020101310B300906052B240302010500300B06092A864886F70D010701A08204B3308204AF30820397A00302010202030E6CBE300D06092A864886F70D0101050500308197310B300906035504061302415431483046060355040A0C3F412D5472757374204765732E20662E20536963686572686569747373797374656D6520696D20656C656B74722E20446174656E7665726B65687220476D6248311E301C060355040B0C15612D7369676E2D5072656D69756D2D5369672D3032311E301C06035504030C15612D7369676E2D5072656D69756D2D5369672D3032301E170D3133303431303130343633335A170D3138303431303038343633335A305E310B30090603550406130241543116301406035504030C0D41726D696E20466973636865723110300E06035504040C0746697363686572310E300C060355042A0C0541726D696E311530130603550405130C3933373131343838363833343059301306072A8648CE3D020106082A8648CE3D03010703420004BF7ADE98B7CD89A0559F2BA9463454E08DBE3516A86BB7B8F4FDBB42FF24A03991AF5BD63D72197F63AB03C88260C31E4A9C17DB5E8681FCAE1D7CF90EB1ACD1A38202053082020130110603551D0E040A0408433A176E9B70B5CD300E0603551D0F0101FF0404030206C030130603551D23040C300A80084DDFE1FF4BD9C9DF301E0603551D1104173015811361726D696E40666973636865722E6F722E617430090603551D1304023000307B06082B06010505070101046F306D304206082B060105050730028636687474703A2F2F7777772E612D74727573742E61742F63657274732F612D7369676E2D5072656D69756D2D5369672D3032612E637274302706082B06010505073001861B687474703A2F2F6F6373702E612D74727573742E61742F6F63737030590603551D2004523050304406062A280011010B303A303806082B06010505070201162C687474703A2F2F7777772E612D74727573742E61742F646F63732F63702F612D7369676E2D5072656D69756D3008060604008B300101302706082B060105050701030101FF041830163008060604008E460101300A06082B06010505070B0130819A0603551D1F04819230818F30818CA08189A081868681836C6461703A2F2F6C6461702E612D74727573742E61742F6F753D612D7369676E2D5072656D69756D2D5369672D30322C6F3D412D54727573742C633D41543F63657274696669636174657265766F636174696F6E6C6973743F626173653F6F626A656374636C6173733D65696443657274696669636174696F6E417574686F72697479300D06092A864886F70D01010505000382010100352830958A68A260CFEFB1DA157C1452E22735A2BBC40F51A19D22481766537630C8E0C99CCE50F614E437ABFF943C7D6A69CCB0F79ED6A9B5356182DFBA095F3534671073D586F70B002CEF846E6D4447031AFBFE5D727D2A893688294D494C37454C187F15611EFDFA84D64D0C9D4E3EC9FF8A126A842EDB70D1F9AD497A1A11CC1363AAFD76D7412F21248B855363D3AB771C538D5610BC7F0FCEA359F33F5FA6A228E0539C16AF12A1B2DE608719CBE39C41AFE5BD0CDDC781F00C6A86B21BA252DD23DAEBB3B91CADE8278B330945CA11D4A77188197E744BA9B5288E9D4A4C7502D706D7CEA569D258E116E6ACE42F4C24449803076C30A7BABE26CAE7318201693082016502010130819F308197310B300906035504061302415431483046060355040A0C3F412D5472757374204765732E20662E20536963686572686569747373797374656D6520696D20656C656B74722E20446174656E7665726B65687220476D6248311E301C060355040B0C15612D7369676E2D5072656D69756D2D5369672D3032311E301C06035504030C15612D7369676E2D5072656D69756D2D5369672D303202030E6CBE300906052B240302010500A05F301806092A864886F70D010903310B06092A864886F70D010701301E06092A864886F70D0109053111180F32303137303631393130303130305A302306092A864886F70D010904311604149D0A3FDC7F8CED863952B468C927AC87CE227B68300E060A04007F0007010104010605000440002B459189C71E69CC13E111ED1F493D89681E0A815CCEA297AC3D76A48A75E7D11081F08D7A0FAA4210205D2B8A0A7A83E0F5211AD51BDE2581D4C4E400C06AA1000000000000000000000"; + byte[] bytes = new byte[test.length()/2]; + for (int i=0; i<test.length()/2; i++) { + bytes[i] = (byte) Integer.parseInt(test.substring(i*2, i*2+2), 16); + } + Base64Utils.encodeToString(bytes); + + ASN1 asn1 = new ASN1(bytes); + + + System.out.println(asn1.toString()); + System.out.println(bytes); + + + URL fileUrl = GUIFormBuilderImpl.class.getResource("/templates/css_template.css"); + File file = new File(fileUrl.toExternalForm()); + + URI uri = new URI("file:/F:/repository/m2/MOA/id/server/moa-id-frontend-resources/3.3.3-Snapshot/moa-id-frontend-resources-3.3.3-Snapshot.jar"); + //File test = new File(uri); + + InputStream is = GUIFormBuilderImpl.class.getResourceAsStream("/templates/css_template.css"); + + + //FileInputStream is = new FileInputStream(file); + System.out.println(new String(StreamUtils.copyToByteArray(is))); + + } catch (Throwable e) { + e.printStackTrace(); + System.exit(-1); + + } + + FileInputStream sigDocFIS = null; sigDocFIS = new FileInputStream("D:/idl_test/identity_link.xml"); diff --git a/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv b/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv new file mode 100644 index 000000000..c33de9970 --- /dev/null +++ b/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv @@ -0,0 +1,12 @@ +/7eNkLgqP71U8dBwa0lSI8/2EFY=,ZP-MH:xm1zT43aGLfTRLnDsxYoFk3XwDU=,ZP-MH:gr88V4oH5KLlurBCcCAbKJNMF18=,
+ZP-MH:LvrdIGoL4MXTjy7EJgPhoz3koL4=,
+ZP-MH:EcILNYQIZ4qfhLlZFzHivCu0Hfc=,
+ZP-MH:WtHxBxLqOThNU9YF8fzyvXcZLBs=,
+ZP-MH:0Fq3KqgYTbK8MsxymLe7tbuXhpA=,
+ZP-MH:DJ6nGg2JgcPH768BhqTNXVsGhOY=,
+JWiLzwktCITGg+ztRKEAwWloSNM=,
+ZP-MH:+cyQbhr1fQ8hLhazL62tFRq47iY=,
+ZP-MH:AFmfywfYPHcl2Lxp138upielmrs=,
+ZP-MH:yPAOTsc9LY5/jnbkWn2MWY6hjg0=,
+ZP-MH:yPAOTsc9LY5/jnbkWn2MWY6hjg0=:asdfadsfasdf,
+ZP-AT:yPAOTsc9LY5/jnbkWn2MWY6hjg0=
diff --git a/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml b/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml new file mode 100644 index 000000000..be2c6d068 --- /dev/null +++ b/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml @@ -0,0 +1,31 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <!-- Prod. classes from MOA-ID lib --> + + <bean id="UserWhiteList_Store" + class="at.gv.egovernment.moa.id.config.auth.data.UserWhitelistStore"/> + + <bean id="AuthenticationDataBuilder" + class="at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder"/> + + <bean id="MOAIDLoALevelMapper" + class="at.gv.egovernment.moa.id.util.LoALevelMapper"/> + + + <!-- Dummy test classes --> + + <bean id="DummyAuthConfig" + class="at.gv.egovernment.moa.id.config.auth.data.DummyAuthConfig"/> + + <bean id="DummyAuthStorage" + class="at.gv.egovernment.moa.id.config.auth.data.DummyAuthStorage"/> +</beans> diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml index 7d9db0ab7..2f4648de3 100644 --- a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml +++ b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml @@ -9,40 +9,40 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> - <bean id="springElAwareExpressionEvaluator" class="at.gv.egovernment.moa.id.process.spring.SpringExpressionEvaluator" /> + <bean id="springElAwareExpressionEvaluator" class="at.gv.egiz.eaaf.core.impl.idp.process.spring.SpringExpressionEvaluator" /> - <bean id="processEngine" class="at.gv.egovernment.moa.id.process.ProcessEngineImpl"> + <bean id="processEngine" class="at.gv.egiz.eaaf.core.impl.idp.process.ProcessEngineImpl"> <property name="transitionConditionExpressionEvaluator" ref="springElAwareExpressionEvaluator" /> </bean> <bean id="TransactionStorage" - class="at.gv.egovernment.moa.id.process.spring.test.DummyTransactionStorage"/> + class="at.gv.egiz.eaaf.core.impl.idp.process.spring.test.DummyTransactionStorage"/> <bean id="ProcessInstanceStoreage" - class="at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl"/> + class="at.gv.egiz.eaaf.core.impl.idp.process.dao.ProcessInstanceStoreDAOImpl"/> <bean id="HelloWorldTask" - class="at.gv.egovernment.moa.id.process.test.HelloWorldTask"/> + class="at.gv.egiz.eaaf.core.impl.idp.process.test.HelloWorldTask"/> <bean id="HalloWeltTask" - class="at.gv.egovernment.moa.id.process.test.HalloWeltTask"/> + class="at.gv.egiz.eaaf.core.impl.idp.process.test.HalloWeltTask"/> <bean id="SelectBKUTask" - class="at.gv.egovernment.moa.id.process.spring.test.task.SelectBKUTask"/> + class="at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task.SelectBKUTask"/> <bean id="CreateSAML1AssertionTask" - class="at.gv.egovernment.moa.id.process.spring.test.task.CreateSAML1AssertionTask"/> + class="at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task.CreateSAML1AssertionTask"/> <bean id="GetIdentityLinkTask" - class="at.gv.egovernment.moa.id.process.spring.test.task.GetIdentityLinkTask"/> + class="at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task.GetIdentityLinkTask"/> <bean id="SignAuthBlockTask" - class="at.gv.egovernment.moa.id.process.spring.test.task.SignAuthBlockTask"/> + class="at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task.SignAuthBlockTask"/> <bean id="ValidateIdentityLinkTask" - class="at.gv.egovernment.moa.id.process.spring.test.task.ValidateIdentityLinkTask"/> + class="at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task.ValidateIdentityLinkTask"/> <bean id="ValidateSignedAuthBlockTask" - class="at.gv.egovernment.moa.id.process.spring.test.task.ValidateSignedAuthBlockTask"/> + class="at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task.ValidateSignedAuthBlockTask"/> </beans> diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 31fe6af26..55a7e7be9 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -56,6 +56,10 @@ <dependencies> <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf-core</artifactId> + </dependency> + <dependency> <groupId>MOA.id.server</groupId> <artifactId>moa-id-jaxb_classes</artifactId> </dependency> @@ -108,6 +112,11 @@ <version>0.2</version> </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf-core</artifactId> + </dependency> + <dependency> <groupId>iaik.prod</groupId> <artifactId>iaik_jce_full</artifactId> @@ -273,7 +282,6 @@ <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> - <version>${junit.version}</version> <scope>test</scope> </dependency> @@ -301,8 +309,7 @@ <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-dbcp2</artifactId> - <version>${org.apache.commons.commons.dbcp2}</version> - </dependency> + </dependency> <dependency> <groupId>org.apache.commons</groupId> diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java index 6f6735d48..663f712ef 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java @@ -35,8 +35,8 @@ public class MOAIDAuthConstants extends MOAIDConstants{ public static final String PARAM_ACTION = "ACTION"; public static final String PARAM_SSO = "SSO"; public static final String INTERFEDERATION_IDP = "interIDP"; - public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid"; + public static final String PARAM_SLOSTATUS = "status"; public static final String PARAM_SLORESTART = "restart"; public static final String SLOSTATUS_SUCCESS = "success"; @@ -171,25 +171,20 @@ public class MOAIDAuthConstants extends MOAIDConstants{ public static final String COUNTRYCODE_AUSTRIA = "AT"; public static final String REGEX_PATTERN_TARGET = "^[A-Za-z]{2}(-.*)?$"; - - //MDC variables for logging - public static final String MDC_TRANSACTION_ID = "transactionId"; - public static final String MDC_SESSION_ID = "sessionId"; - public static final String MDC_SERVICEPROVIDER_ID = "oaId"; - + //AuthnRequest IssueInstant validation public static final int TIME_JITTER = 5; //all 5 minutes time jitter //General MOASession data-store keys - public static final String MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE = "holderofkey_cert"; + //public static final String MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE = "holderofkey_cert"; //Process context keys public static final String PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH = "interfederationAuthentication"; public static final String PROCESSCONTEXT_REQUIRELOCALAUTHENTICATION = "requireLocalAuthentication"; public static final String PROCESSCONTEXT_PERFORM_BKUSELECTION = "performBKUSelection"; public static final String PROCESSCONTEXT_ISLEGACYREQUEST = "isLegacyRequest"; - public static final String PROCESSCONTEXT_UNIQUE_OA_IDENTFIER = "uniqueSPId"; - public static final String PROCESSCONTEXT_SSL_CLIENT_CERTIFICATE = MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE; + //public static final String PROCESSCONTEXT_UNIQUE_OA_IDENTFIER = "uniqueSPId"; + //public static final String PROCESSCONTEXT_SSL_CLIENT_CERTIFICATE = MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE; //General protocol-request data-store keys public static final String AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE = "authProces_SecurityLayerTemplate"; @@ -199,5 +194,9 @@ public class MOAIDAuthConstants extends MOAIDConstants{ @Deprecated public static final String AUTHPROCESS_DATA_TARGETFRIENDLYNAME = "authProces_TargetFriendlyName"; + public static final String DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP = "useMinimalFrontChannelResponse"; + public static final String DATAID_INTERFEDERATION_NAMEID = "federatedNameID"; + public static final String DATAID_INTERFEDERATION_QAALEVEL = "federatedQAALevel"; + public static final String DATAID_INTERFEDERATION_REQUESTID = "authnReqID"; } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java index 436dcc91d..c56116255 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java @@ -28,6 +28,7 @@ import java.util.Hashtable; import java.util.List; import java.util.Map; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egovernment.moa.util.Constants; /** @@ -38,18 +39,18 @@ public class MOAIDConstants { //general configuration constants - public static final String DEFAULT_CONTENT_TYPE_HTML_UTF8 = "text/html; charset=UTF-8"; + public static final String DEFAULT_CONTENT_TYPE_HTML_UTF8 = EAAFConstants.CONTENTTYPE_HTML_UTF8; public static final String FILE_URI_PREFIX = "file:/"; - public static final String PREFIX_BASEID = Constants.URN_PREFIX_BASEID; - public static final String PREFIX_PBK = Constants.URN_PREFIX_BPK; + public static final String PREFIX_BASEID = EAAFConstants.URN_PREFIX_BASEID; + public static final String PREFIX_PBK = EAAFConstants.URN_PREFIX_BPK; public static final String PREFIX_HPI = Constants.URN_PREFIX_HPI; - public static final String PREFIX_CDID = Constants.URN_PREFIX_CDID + "+"; - public static final String PREFIX_WPBK = Constants.URN_PREFIX_WBPK + "+"; + public static final String PREFIX_CDID = EAAFConstants.URN_PREFIX_CDID; + public static final String PREFIX_WPBK = EAAFConstants.URN_PREFIX_WBPK; public static final String PREFIX_STORK = Constants.URN_PREFIX_STORK + "+"; - public static final String PREFIX_EIDAS = Constants.URN_PREFIX_EIDAS + "+"; + public static final String PREFIX_EIDAS = EAAFConstants.URN_PREFIX_EIDAS; public static final String IDENIFICATIONTYPE_FN = "FN"; @@ -76,8 +77,6 @@ public class MOAIDConstants { public static final List<String> ALLOWED_eIDAS_LOA; public static final List<String> JDBC_DRIVER_NEEDS_WORKAROUND; - public static final String UNIQUESESSIONIDENTIFIER = "uniqueSessionIdentifier"; - public static final String eIDAS_LOA_LOW = "http://eidas.europa.eu/LoA/low"; public static final String eIDAS_LOA_SUBSTANTIAL = "http://eidas.europa.eu/LoA/substantial"; public static final String eIDAS_LOA_HIGH = "http://eidas.europa.eu/LoA/high"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java index 4dda4c736..a787cea00 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java @@ -29,35 +29,7 @@ public interface AuthConfiguration extends ConfigurationProvider{ public Map<String, String> getConfigurationWithPrefix(final String Prefix); public String getConfigurationWithKey(final String key); - - /** - * Get a configuration value from basic file based MOA-ID configuration - * - * @param key configuration key - * @return configuration value or null if it is not found - */ - public String getBasicMOAIDConfiguration(final String key); - - - /** - * Get a configuration value from basic file based MOA-ID configuration - * - * @param key configuration key - * @param defaultValue Default value if no value with this key is found - * @return configuration value - */ - public String getBasicMOAIDConfiguration(final String key, final String defaultValue); - - /** - * Get a set of configuration values from basic file based MOA-ID configuration that starts with this prefix - * <br><br> - * <b>Important:</b> The configuration values must be of type String! - * - * @param prefix Prefix of the configuration key - * @return Map<String, String> without prefix, but never null - */ - public Map<String, String> getBasicMOAIDConfigurationWithPrefix(final String prefix); - + public int getTransactionTimeOut(); public int getSSOCreatedTimeOut(); public int getSSOUpdatedTimeOut(); @@ -66,15 +38,13 @@ public interface AuthConfiguration extends ConfigurationProvider{ public List<String> getLegacyAllowedProtocols(); - public IOAAuthParameters getOnlineApplicationParameter(String oaURL); - public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException; public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException; public ConnectionParameterInterface getMoaSpConnectionParameter() throws ConfigurationException; - public ConnectionParameterInterface getForeignIDConnectionParameter(IOAAuthParameters oaParameters) throws ConfigurationException; +// public ConnectionParameterInterface getForeignIDConnectionParameter(IOAAuthParameters oaParameters) throws ConfigurationException; /** * Get parameters to connect the Online Mandate-Service (MIS) @@ -205,12 +175,4 @@ public interface AuthConfiguration extends ConfigurationProvider{ */ public String[] getRevocationMethodOrder(); - /** - * Get a boolean value from basic MOA-ID configuration file - * - * @param key Configuration key - * @param defaultValue Default result - * @return returns the value of the configuration key, or the default value if the key is not set - */ - public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue); } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java index e14f9c9ce..12b9517a6 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java @@ -22,11 +22,14 @@ */ package at.gv.egovernment.moa.id.commons.api; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; + /** * @author tlenz * */ -public interface ConfigurationProvider { +public interface ConfigurationProvider extends IConfiguration{ /** * The name of the system property which contains the file name of the @@ -54,14 +57,15 @@ public interface ConfigurationProvider { public static final String TRUST_MANAGER_REVOCATION_CHECKING = "TrustManager.RevocationChecking"; - public String getRootConfigFileDir(); - public String getDefaultChainingMode(); public String getTrustedCACertificates(); public boolean isTrustmanagerrevoationchecking(); + + public String getRootConfigFileDir() throws ConfigurationException; + /** * Get active Spring profiles from file based configuration * diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java index 1e1bfa94b..5df4a4163 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java @@ -22,11 +22,12 @@ */ package at.gv.egovernment.moa.id.commons.api; +import java.io.Serializable; import java.security.PrivateKey; import java.util.Collection; import java.util.List; -import java.util.Map; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egovernment.moa.id.commons.api.data.CPEPS; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; @@ -37,10 +38,7 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; * @author tlenz * */ -public interface IOAAuthParameters { - - public static final String CONFIG_KEY_RESTRICTIONS_BASEID_INTERNAL = "configuration.restrictions.baseID.idpProcessing"; - public static final String CONFIG_KEY_RESTRICTIONS_BASEID_TRANSMISSION = "configuration.restrictions.baseID.spTransmission"; +public interface IOAAuthParameters extends ISPConfiguration{ public static final String THIRDBKU = "thirdBKU"; public static final String HANDYBKU = "handy"; @@ -53,20 +51,6 @@ public interface IOAAuthParameters { public static final String EIDAS = "eIDAS"; public static final String AUTHTYPE_OTHERS = "others"; - /** - * Get the full key/value configuration for this online application - * - * @return an unmodifiable map of key/value pairs - */ - public Map<String, String> getFullConfiguration(); - - /** - * Get a configuration value from online application key/value configuration - * - * @param key: The key identifier of a configuration value * - * @return The configuration value {String} or null if the key does not exist - */ - public String getConfigurationValue(String key); public String getFriendlyName(); @@ -80,9 +64,9 @@ public interface IOAAuthParameters { * 'urn:publicid:gv.at:cdid+' is allowed to receive baseIDs * * @return true if there is a restriction, otherwise false - * @throws ConfigurationException In case of online-application configuration has public and private identifies */ - public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException; + @Override + public boolean hasBaseIdInternalProcessingRestriction(); /** @@ -93,21 +77,11 @@ public interface IOAAuthParameters { * 'urn:publicid:gv.at:cdid+' is allowed to receive baseIDs * * @return true if there is a restriction, otherwise false - * @throws ConfigurationException In case of online-application configuration has public and private identifies */ - public boolean hasBaseIdTransferRestriction() throws ConfigurationException; - - - /** - * Get the full area-identifier for this online application to calculate the - * area-specific unique person identifier (bPK, wbPK, eIDAS unique identifier, ...). - * This identifier always contains the full prefix - * - * @return area identifier with prefix - * @throws ConfigurationException In case of online-application configuration has public and private identifies - */ - public String getAreaSpecificTargetIdentifier() throws ConfigurationException; + @Override + public boolean hasBaseIdTransferRestriction(); + /** * Get a friendly name for the specific area-identifier of this online application * @@ -254,4 +228,11 @@ public interface IOAAuthParameters { public List<Integer> getReversionsLoggingEventCodes(); + /** + * Get a List of sectors for that this service provider requires foreign bPKs + * + * @return list of sectors, or null if no sectors are defined + */ + public List<String> foreignbPKSectorsRequested(); + }
\ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java deleted file mode 100644 index 88cd89319..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java +++ /dev/null @@ -1,221 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.commons.api; - -import java.util.Collection; - -import org.opensaml.saml2.metadata.provider.MetadataProvider; - -import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; - -public interface IRequest { - - /** - * Indicates the module, which implements this authentication protocol. - * The class, which is referenced, had to implement the 'IModulInfo' interface. - * - * @return Full-qualified name of the class which implements this protocol - */ - public String requestedModule(); - - /** - * Indicates the protocol specific action, which should executed if the request is processed. - * The class, which is referenced, had to implement the 'IAction' interface. - * - * @return Full-qualified name of the class which implements the action - */ - public String requestedAction(); - - /** - * Unique identifier, which indicates the service provider. - * In case of SAML1 protocol, it is the OA http-GET parameter - * - * @return Unique identifier for the service provider - */ - public String getOAURL(); - - /** - * Indicates the passive flag in authentication requests. - * If the passive flag is set, the identification and authentication process - * failed if no active SSO session is found. - * - * @return true, if the is passive flag is set in authentication request, otherwise false - */ - public boolean isPassiv(); - - /** - * Indicates the force authentication flag in authentication request - * If this flag is set, a new identification and authentication process - * is carried out in any case. - * - * @return true, if the force authentication flag is set, otherwise false - */ - public boolean forceAuth(); - - - /** - * Returns a generic request-data object with is stored with a specific identifier - * - * @param key The specific identifier of the request-data object - * @return The request-data object or null if no data is found with this key - */ - public Object getGenericData(String key); - - /** - * Returns a generic request-data object with is stored with a specific identifier - * - * @param key The specific identifier of the request-data object - * @param clazz The class type which is stored with this key - * @return The request-data object or null if no data is found with this key - */ - public <T> T getGenericData(String key, final Class<T> clazz); - - /** - * Store a generic data-object to request with a specific identifier - * - * @param key Identifier for this data-object - * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface - * @throws SessionDataStorageException Error message if the data-object can not stored to generic request-data storage - */ - public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException; - - /** - * Hold the identifier of this request object. - * This identifier can be used to load the request from request storage - * - * @return Request identifier - */ - public String getRequestID(); - - - /** - * Hold the identifier of the SSO MOASession which is associated with this request - * - * @return SSO MOASession identifier if a associated session exists, otherwise null - */ - public String getInternalSSOSessionIdentifier(); - - - /** - * Hold the MOASession object of a pending request - * This MOASession object is NOT stored to AuthenticationSession database, because it is only part of the pending request - * - * @return {@link IAuthenticationSession} AuthenticationSession data object of this pending request - */ - public IAuthenticationSession getMOASession(); - - - /** - * Populate the MOASession object of a pending request with information from an SSO session database - * - * @param ssoSession - */ - public void populateMOASessionWithSSOInformation(IAuthenticationSession ssoSession); - - /** - * Holds a unique transaction identifier, which could be used for looging - * This transaction identifier is unique for a single identification and authentication process - * - * @return Unique transaction identifier. - */ - public String getUniqueTransactionIdentifier(); - - /** - * Holds a unique session identifier, which could be used for logging - * This session identifier is unique for the full Single Sign-On session time - * - * @return Unique session identifier - */ - public String getUniqueSessionIdentifier(); - - - /** - * Hold the identifier if the process instance, which is associated with this request - * - * @return ProcessInstanceID if this request is associated with a authentication process, otherwise null - */ - public String getProcessInstanceId(); - - - /** - * get the IDP URL PreFix, which was used for authentication request - * - * @return IDP URL PreFix <String>. The URL prefix always ends without / - */ - public String getAuthURL(); - public String getAuthURLWithOutSlash(); - - /** - * Indicates if this pending request needs authentication - * - * @return true if this request needs authentication, otherwise false - */ - public boolean isNeedAuthentication(); - - /** - * Indicates, if this pending request needs Single Sign-On (SSO) functionality - * - * @return true if this request needs SSO, otherwise false - */ - public boolean needSingleSignOnFunctionality(); - public void setNeedSingleSignOnFunctionality(boolean needSSO); - - /** - * Indicates, if this pending request is already authenticated - * - * @return true if this request is already authenticated, otherwise false - */ - public boolean isAuthenticated(); - public void setAuthenticated(boolean isAuthenticated); - - /** - * Get get Service-Provider configuration which is associated with this request. - * - * @return Service-Provider configuration - */ - public IOAAuthParameters getOnlineApplicationConfiguration(); - - /** - * Indicates, if this pending-request is aborted by the user - * - * @return true, if it is aborted, otherwise false - */ - public boolean isAbortedByUser(); - - /** - * Set the 'isAboredByUser' flag of this pending-request - * - * @param b true, if the user has abort the authentication process, otherwise false - */ - public void setAbortedByUser(boolean isAborted); - - /** - * This method get a Set of PVP 2.1 attribute, which are request by this pending-request. - * @param metadataProvider SAML2 Metadata Provider, or null if no metadata provider is required - * - * @return A set of PVP attribute names or null if no attributes are requested - * or the Service Provider, which sends this request needs no attributes - */ - public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider); -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java index db413b0f5..31a0573b6 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java @@ -22,40 +22,25 @@ */ package at.gv.egovernment.moa.id.commons.api.data; +import at.gv.egiz.eaaf.core.api.idp.EAAFAuthProcessDataConstants; + /** * @author tlenz * */ -public interface AuthProzessDataConstants { - - public static final String GENERIC_PREFIX = "generic_"; +public interface AuthProzessDataConstants extends EAAFAuthProcessDataConstants { - - public static final String FLAG_IS_FOREIGNER = "direct_flagIsForeigner"; - public static final String FLAG_USE_MANDATE = "direct_flagUseMandate"; - public static final String FLAG_IS_ORGANWALTER = "direct_flagOrganwalter"; - public static final String FLAG_IS_AUTHENTICATED = "direct_flagIsAuth"; public static final String FLAG_SAMLATTRIBUTEGEBEORWBPK = "direct_SAMLAttributeGebeORwbpk"; - - public static final String VALUE_CREATED = "direct_created"; - public static final String VALUE_ISSUEINSTANT = "direct_issueInstant"; - public static final String VALUE_SESSIONID = "direct_sessionId"; public static final String VALUE_SIGNER_CERT = "direct_signerCert"; public static final String VALUE_IDENTITYLINK = "direct_idl"; public static final String VALUE_BKUURL = "direct_bkuUrl"; public static final String VALUE_AUTHBLOCK = "direct_authBlock"; public static final String VALUE_AUTNBLOCKTOKKEN = "direct_authblocktokken"; - public static final String VALUE_QAALEVEL = "direct_qaaLevel"; - public static final String VALUE_VERIFYSIGRESP = "direct_verifySigResp"; - + public static final String VALUE_VERIFYSIGRESP = "direct_verifySigResp"; public static final String VALUE_MISSESSIONID = "direct_MIS_SessionId"; public static final String VALUE_MISREFVALUE = "direct_MIS_RefValue"; - public static final String VALUE_MISMANDATE = "direct_MIS_Mandate"; - - - @Deprecated public static final String VALUE_EXTENTEDSAMLATTRAUTH = "direct_extSamlAttrAuth"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java index cb81fe79e..5fec08053 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java @@ -34,8 +34,8 @@ import java.security.UnrecoverableKeyException; import org.apache.commons.lang3.SerializationUtils; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.KeyStoreUtils; /** diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java index 8bffceaed..1d54af7c8 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java @@ -22,22 +22,17 @@ */ package at.gv.egovernment.moa.id.commons.api.data; -import java.util.Date; import java.util.List; import java.util.Map; -import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; import iaik.x509.X509Certificate; /** * @author tlenz * */ -public interface IAuthenticationSession { - - boolean isAuthenticated(); - - void setAuthenticated(boolean authenticated); +public interface IAuthenticationSession extends IAuthProcessDataContainer { X509Certificate getSignerCertificate(); @@ -46,34 +41,20 @@ public interface IAuthenticationSession { void setSignerCertificate(X509Certificate signerCertificate); /** - * Returns the identityLink. - * - * @return IdentityLink - */ - IIdentityLink getIdentityLink(); - - /** * Returns the sessionID. * * @return String */ - String getSessionID(); - - /** - * Sets the identityLink. - * - * @param identityLink - * The identityLink to set - */ - void setIdentityLink(IIdentityLink identityLink); + String getSSOSessionID(); + /** * Sets the sessionID. * * @param sessionId * The sessionID to set */ - void setSessionID(String sessionId); + void setSSOSessionID(String sessionId); /** * Returns the BKU URL. @@ -158,20 +139,6 @@ public interface IAuthenticationSession { */ void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk); - /** - * Returns the issuing time of the AUTH-Block SAML assertion. - * - * @return The issuing time of the AUTH-Block SAML assertion. - */ - String getIssueInstant(); - - /** - * Sets the issuing time of the AUTH-Block SAML assertion. - * - * @param issueInstant - * The issueInstant to set. - */ - void setIssueInstant(String issueInstant); /** * @@ -180,13 +147,6 @@ public interface IAuthenticationSession { */ void setUseMandate(String useMandate); - void setUseMandates(boolean useMandates); - - /** - * @return - */ - boolean isMandateUsed(); - /** * * @param misSessionID @@ -212,9 +172,6 @@ public interface IAuthenticationSession { */ void setMandateReferenceValue(String mandateReferenceValue); - boolean isForeigner(); - - void setForeigner(boolean isForeigner); IVerifiyXMLSignatureResponse getXMLVerifySignatureResponse(); @@ -225,17 +182,6 @@ public interface IAuthenticationSession { void setMISMandate(IMISMandate mandate); /** - * @return the isOW - */ - boolean isOW(); - - /** - * @param isOW - * the isOW to set - */ - void setOW(boolean isOW); - - /** * @return the authBlockTokken */ String getAuthBlockTokken(); @@ -246,51 +192,12 @@ public interface IAuthenticationSession { */ void setAuthBlockTokken(String authBlockTokken); + /** - * eIDAS QAA level + * Generates a Key / Value representation from Authenticated session * - * @return the qAALevel + * @return A read-only version of all session information */ - String getQAALevel(); - - /** - * set QAA level in eIDAS form - * - * @param qAALevel the qAALevel to set - */ - void setQAALevel(String qAALevel); - - /** - * @return the sessionCreated - */ - Date getSessionCreated(); - - Map<String, Object> getGenericSessionDataStorage(); - - /** - * Returns a generic session-data object with is stored with a specific identifier - * - * @param key The specific identifier of the session-data object - * @return The session-data object or null if no data is found with this key - */ - Object getGenericDataFromSession(String key); - - /** - * Returns a generic session-data object with is stored with a specific identifier - * - * @param key The specific identifier of the session-data object - * @param clazz The class type which is stored with this key - * @return The session-data object or null if no data is found with this key - */ - <T> T getGenericDataFromSession(String key, Class<T> clazz); - - /** - * Store a generic data-object to session with a specific identifier - * - * @param key Identifier for this data-object - * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface - * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage - */ - void setGenericDataToSession(String key, Object object) throws SessionDataStorageException; - + public Map<String, Object> getKeyValueRepresentationFromAuthSession(); + }
\ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java deleted file mode 100644 index 3a0ccd7c9..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java +++ /dev/null @@ -1,175 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.commons.api.data; - -import java.io.IOException; -import java.security.PublicKey; - -import javax.xml.transform.TransformerException; - -import org.w3c.dom.Element; - -/** - * @author tlenz - * - */ -public interface IIdentityLink { - - /** - * Returns the dateOfBirth. - * @return Calendar - */ - String getDateOfBirth(); - - /** - * Returns the familyName. - * @return String - */ - String getFamilyName(); - - /** - * Returns the givenName. - * @return String - */ - String getGivenName(); - - /** - * Returns the name. - * @return The name. - */ - String getName(); - - /** - * Returns the identificationValue. - * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>. - * @return String - */ - String getIdentificationValue(); - - /** - * Returns the identificationType. - * <code>"identificationType"</code> type of the identificationValue in the IdentityLink. - * @return String - */ - String getIdentificationType(); - - /** - * Sets the dateOfBirth. - * @param dateOfBirth The dateOfBirth to set - */ - void setDateOfBirth(String dateOfBirth); - - /** - * Sets the familyName. - * @param familyName The familyName to set - */ - void setFamilyName(String familyName); - - /** - * Sets the givenName. - * @param givenName The givenName to set - */ - void setGivenName(String givenName); - - /** - * Sets the identificationValue. - * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>. - * @param identificationValue The identificationValue to set - */ - void setIdentificationValue(String identificationValue); - - /** - * Sets the Type of the identificationValue. - * @param identificationType The type of identificationValue to set - */ - void setIdentificationType(String identificationType); - - /** - * Returns the samlAssertion. - * @return Element - */ - Element getSamlAssertion(); - - /** - * Returns the samlAssertion. - * @return Element - */ - String getSerializedSamlAssertion(); - - /** - * Sets the samlAssertion and the serializedSamlAssertion. - * @param samlAssertion The samlAssertion to set - */ - void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException; - - /** - * Returns the dsigReferenceTransforms. - * @return Element[] - */ - Element[] getDsigReferenceTransforms(); - - /** - * Sets the dsigReferenceTransforms. - * @param dsigReferenceTransforms The dsigReferenceTransforms to set - */ - void setDsigReferenceTransforms(Element[] dsigReferenceTransforms); - - /** - * Returns the publicKey. - * @return PublicKey[] - */ - PublicKey[] getPublicKey(); - - /** - * Sets the publicKey. - * @param publicKey The publicKey to set - */ - void setPublicKey(PublicKey[] publicKey); - - /** - * Returns the prPerson. - * @return Element - */ - Element getPrPerson(); - - /** - * Sets the prPerson. - * @param prPerson The prPerson to set - */ - void setPrPerson(Element prPerson); - - /** - * Returns the issuing time of the identity link SAML assertion. - * - * @return The issuing time of the identity link SAML assertion. - */ - String getIssueInstant(); - - /** - * Sets the issuing time of the identity link SAML assertion. - * - * @param issueInstant The issueInstant to set. - */ - void setIssueInstant(String issueInstant); - -}
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/BKUException.java index ffbb6a19e..73617fb35 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/BKUException.java @@ -20,9 +20,7 @@ * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. ******************************************************************************/ -package at.gv.egovernment.moa.id.auth.exception; - -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +package at.gv.egovernment.moa.id.commons.api.exceptions; public class BKUException extends MOAIDException { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MISSimpleClientException.java index ab3d2cae2..b8c78ab5c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MISSimpleClientException.java @@ -1,3 +1,4 @@ +package at.gv.egovernment.moa.id.commons.api.exceptions;
/*******************************************************************************
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -43,11 +44,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file.
*/
-
-package at.gv.egovernment.moa.id.auth.exception;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
public class MISSimpleClientException extends MOAIDException {
private static final long serialVersionUID = 1L;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java index 6841be92b..b5ae04c4e 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java @@ -49,7 +49,7 @@ package at.gv.egovernment.moa.id.commons.api.exceptions; import java.io.PrintStream; import java.io.PrintWriter; -import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; /** * Base class of technical MOA exceptions. @@ -60,17 +60,17 @@ import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; * @author Patrick Peck, Ivancsics Paul * @version $Id$ */ -public class MOAIDException extends Exception { +public class MOAIDException extends EAAFException { /** * */ private static final long serialVersionUID = -1507246171708083912L; -/** message ID */ - private String messageId; - /** wrapped exception */ - private Throwable wrapped; + /** message ID */ + private String messageId; + /** wrapped exception */ + private Throwable wrapped; - private Object[] parameters; + private Object[] parameters; /** * Create a new <code>MOAIDException</code>. @@ -80,7 +80,7 @@ public class MOAIDException extends Exception { * @param parameters Additional message parameters. */ public MOAIDException(String messageId, Object[] parameters) { - super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); + super(messageId, parameters); this.messageId = messageId; this.parameters = parameters; } @@ -99,7 +99,7 @@ public class MOAIDException extends Exception { Object[] parameters, Throwable wrapped) { - super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); + super(messageId, parameters, wrapped); this.messageId = messageId; this.wrapped = wrapped; this.parameters = parameters; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java index 93f26051c..4555f61d2 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java @@ -32,6 +32,9 @@ import java.util.Iterator; import java.util.List; import java.util.Map; +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral; @@ -82,7 +85,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TimeOuts; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoType; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.validation.TargetValidator; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -174,13 +176,32 @@ public class ConfigurationMigrationUtils { } } + if (MiscUtil.isNotEmpty(oa.getForeignbPKTargetList())) + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, oa.getForeignbPKTargetList()); + else + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, StringUtils.EMPTY); + + //convert selected SZR-GW service if (MiscUtil.isNotEmpty(oa.getSelectedSZRGWServiceURL())) - result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL, oa.getSelectedSZRGWServiceURL()); + result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL, oa.getSelectedSZRGWServiceURL()); AuthComponentOA oaauth = oa.getAuthComponentOA(); if (oaauth != null) { + //convert SL20 infos + if (oaauth.isSl20Active() != null) + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED, oaauth.isSl20Active().toString()); + else + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED, Boolean.FALSE.toString()); + + if (MiscUtil.isNotEmpty(oaauth.getSl20EndPoints())) + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, oaauth.getSl20EndPoints()); + else + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, StringUtils.EMPTY); + + + //convert business identifier IdentificationNumber idnumber = oaauth.getIdentificationNumber(); if (idnumber != null) { @@ -770,7 +791,17 @@ public class ConfigurationMigrationUtils { } - dbOA.setSelectedSZRGWServiceURL(oa.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL)); + //set SL20 things + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED))) + authoa.setSl20Active(Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED))); + else + authoa.setSl20Active(false); + + authoa.setSl20EndPoints(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS)); + + + + dbOA.setSelectedSZRGWServiceURL(oa.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL)); dbOA.setMandateServiceSelectionTemplateURL(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL)); dbOA.setSaml2PostBindingTemplateURL(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL)); @@ -826,6 +857,9 @@ public class ConfigurationMigrationUtils { } } + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN))) + dbOA.setForeignbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN)); + //store BKU-URLs BKUURLS bkuruls = new BKUURLS(); authoa.setBKUURLS(bkuruls); @@ -1220,7 +1254,7 @@ public class ConfigurationMigrationUtils { if (foreign != null) { ConnectionParameterClientAuthType connect_foreign = foreign.getConnectionParameter(); if (connect_foreign != null) { - result.put(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL, + result.put(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL, connect_foreign.getURL()); } } @@ -1738,13 +1772,13 @@ public class ConfigurationMigrationUtils { dbauth.setForeignIdentities(dbforeign); } - if (MiscUtil.isNotEmpty(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL))) { + if (MiscUtil.isNotEmpty(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL))) { ConnectionParameterClientAuthType forcon = dbforeign.getConnectionParameter(); if (forcon == null) { forcon = new ConnectionParameterClientAuthType(); dbforeign.setConnectionParameter(forcon); } - forcon.setURL(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL)); + forcon.setURL(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL)); } ForeignIdentities foreign = dbauth.getForeignIdentities(); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java index 695df3123..a6315fe2c 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java @@ -1,5 +1,6 @@ package at.gv.egovernment.moa.id.commons.config; +import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants; import at.gv.egovernment.moa.id.commons.MOAIDConstants; /** @@ -33,7 +34,8 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String PREFIX_MOAID_SERVICES_GATEWAY = PREFIX_MOAID_SERVICES + "." + PREFIX_GATEWAY; //Namespaces for online applications - public static final String SERVICE_UNIQUEIDENTIFIER = "uniqueID"; //publicURLPrefix + public static final String SERVICE_UNIQUEIDENTIFIER + = EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER; //publicURLPrefix public static final String SERVICE_FRIENDLYNAME = "friendlyName"; //friendlyName public static final String SERVICE_BUSINESSSERVICE = "businessservice"; //type public static final String SERVICE_ISACTIVE = "isActive"; //isActive @@ -61,6 +63,8 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { private static final String SERVICE_AUTH_TARGET_BUSINESS = SERVICE_AUTH_TARGET + ".business"; public static final String SERVICE_AUTH_TARGET_BUSINESS_TYPE = SERVICE_AUTH_TARGET_BUSINESS + ".type"; public static final String SERVICE_AUTH_TARGET_BUSINESS_VALUE = SERVICE_AUTH_TARGET_BUSINESS + ".value"; + public static final String SERVICE_AUTH_TARGET_FOREIGN = SERVICE_AUTH_TARGET + ".foreign"; + public static final String SERVICE_AUTH_TARGET_PUBLIC_TARGET = SERVICE_AUTH_TARGET_PUBLIC + ".target"; public static final String SERVICE_AUTH_TARGET_PUBLIC_TARGET_SUB = SERVICE_AUTH_TARGET_PUBLIC + ".target.sub"; @@ -82,6 +86,9 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String SERVICE_AUTH_BKU_AUTHBLOCKTEXT = AUTH + ".authblock.additionaltext"; public static final String SERVICE_AUTH_BKU_AUTHBLOCK_REMOVEBPK = AUTH + ".authblock.removebPK"; + public static final String SERVICE_AUTH_SL20_ENABLED = AUTH + ".sl20.enabled"; + public static final String SERVICE_AUTH_SL20_ENDPOINTS = AUTH + ".sl20.endpoints"; + private static final String SERVICE_AUTH_TEMPLATES = AUTH + "." + TEMPLATES; public static final String SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA = SERVICE_AUTH_TEMPLATES + ".bkuselection.data"; public static final String SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW = SERVICE_AUTH_TEMPLATES + ".bkuselection.preview"; @@ -188,7 +195,7 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String SERVICE_EXTERNAL_ELGA_MANDATE_SERVICE_URL = ELGA_MANDATE_SERVICE_URL; public static final String SERVICE_EXTERNAL_MIS_SERVICE_URL = "modules.mis.service.url"; - public static final String SERVICE_EXTERNAL_SZRGW_SERVICE_URL = "modules.szrgw.service.url"; + public static final String SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL = "modules.szrgw.service.url"; //Namespaces for general MOA-ID config public static final String GENERAL_PUBLICURLPREFIX = PREFIX_MOAID_GENERAL + ".publicURLPrefix"; @@ -222,7 +229,7 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String GENERAL_AUTH_MOASP_URL = GENERAL_AUTH + ".moasp.url"; public static final String GENERAL_AUTH_SERVICES_OVS_URL = GENERAL_AUTH + ".services.ovs.url"; - public static final String GENERAL_AUTH_SERVICES_SZRGW_URL = GENERAL_AUTH + ".services.szrgw.url"; + public static final String GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL = GENERAL_AUTH + ".services.szrgw.url"; public static final String GENERAL_AUTH_SERVICES_HVB_URL = GENERAL_AUTH + ".services.hvb.url"; public static final String GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL = PREFIX_MOAID_GENERAL + "." + ELGA_MANDATE_SERVICE_URL; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java index 4944813ad..6ef7a00cd 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java @@ -14,11 +14,11 @@ import org.springframework.transaction.annotation.Transactional; import at.gv.egiz.components.configuration.api.Configuration; import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.AbstractConfigProperty; //import at.gv.egovernment.moa.id.commons.db.dao.config.ConfigProperty; import at.gv.egovernment.moa.id.commons.db.dao.config.DatabaseConfigPropertyImpl; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java index 3928cf8c0..cada51b9a 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java @@ -9,11 +9,11 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.transaction.annotation.Transactional; import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.logging.Logger; /** @@ -84,13 +84,13 @@ public class NewConfigurationDBRead { String hjID = KeyValueUtils.getFirstChildAfterPrefix(oaKeyId, KeyValueUtils.getParentKey(oaKeyId)); //TODO: work-around for old configTool and new key/value configuration //see BasicOAAction.java line 493 - if (serviceType.equals(MOAIDConfigurationConstants.PREFIX_GATEWAY)) - jaxBOA.setHjid(Long.valueOf(hjID) + 1000000); - else if (serviceType.equals(MOAIDConfigurationConstants.PREFIX_IIDP)) - jaxBOA.setHjid(Long.valueOf(hjID) + 2000000); - else if (serviceType.equals(MOAIDConfigurationConstants.PREFIX_VIDP)) - jaxBOA.setHjid(Long.valueOf(hjID) + 3000000); - else +// if (serviceType.equals(MOAIDConfigurationConstants.PREFIX_GATEWAY)) +// jaxBOA.setHjid(Long.valueOf(hjID) + 1000000); +// else if (serviceType.equals(MOAIDConfigurationConstants.PREFIX_IIDP)) +// jaxBOA.setHjid(Long.valueOf(hjID) + 2000000); +// else if (serviceType.equals(MOAIDConfigurationConstants.PREFIX_VIDP)) +// jaxBOA.setHjid(Long.valueOf(hjID) + 3000000); +// else jaxBOA.setHjid(Long.valueOf(hjID)); Logger.debug("Transformation finished with JaxB hjID: " + hjID); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java index 04efb0afe..852df16e6 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java @@ -11,23 +11,17 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; import java.util.ArrayList; import java.util.List; + import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.JoinColumn; import javax.persistence.ManyToOne; import javax.persistence.OneToMany; -import javax.persistence.Table; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlTransient; import javax.xml.bind.annotation.XmlType; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -162,6 +156,13 @@ public class AuthComponentOA @XmlAttribute(name = "Hjid") protected Long hjid; + + @XmlTransient + protected Boolean sl20Active; + @XmlTransient + protected String sl20EndPoints; + + /** * Gets the value of the bkuurls property. * @@ -522,11 +523,28 @@ public class AuthComponentOA + public Long getHjid() { return hjid; } - /** + public Boolean isSl20Active() { + return sl20Active; + } + + public void setSl20Active(Boolean sl20Active) { + this.sl20Active = sl20Active; + } + + public String getSl20EndPoints() { + return sl20EndPoints; + } + + public void setSl20EndPoints(String sl20EndPoints) { + this.sl20EndPoints = sl20EndPoints; + } + + /** * Sets the value of the hjid property. * * @param value diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java index 196923ce6..e37873a72 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java @@ -115,10 +115,20 @@ public class OnlineApplication @XmlTransient protected String mandateServiceSelectionTemplateURL = null; + @XmlTransient + protected String foreignbPKTargetList = null; + - - /** + public String getForeignbPKTargetList() { + return foreignbPKTargetList; + } + + public void setForeignbPKTargetList(String foreignbPKTargetList) { + this.foreignbPKTargetList = foreignbPKTargetList; + } + + /** * @return the saml2PostBindingTemplateURL */ public String getSaml2PostBindingTemplateURL() { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java index b13f0ba5b..93db98cf9 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java @@ -103,6 +103,7 @@ public class AuthenticatedSessionStore implements Serializable{ private String additionalInformation; @Column(name = "additionalInformationBytes", nullable=true) + @Lob private byte[] additionalInformationBytes; @Column(name = "created", updatable=false, nullable=false) @@ -349,19 +350,56 @@ public class AuthenticatedSessionStore implements Serializable{ this.isInterfederatedSSOSession = isInterfederatedSSOSession; } - /** - * @return the additionalInformation - */ - public byte[] getAdditionalInformation() { + @Deprecated + public String getAdditionalInformation() { + return additionalInformation; + } + + @Deprecated + public void setAdditionalInformation(String additionalInformation) { + this.additionalInformation = additionalInformation; + } + + public byte[] getAdditionalInformationBytes() { return additionalInformationBytes; } - /** - * @param additionalInformation the additionalInformation to set - */ - public void setAdditionalInformation(byte[] additionalInformation) { - this.additionalInformationBytes = additionalInformation; + public void setAdditionalInformationBytes(byte[] additionalInformationBytes) { + this.additionalInformationBytes = additionalInformationBytes; } + +// /** +// * @return the additionalInformation +// */ +// @Deprecated +// public String getAdditionalInformation() { +// try { +// if (this.additionalInformationBytes != null) +// return new String(this.additionalInformationBytes, "UTF-8"); +// else +// return null; +// +// } catch (UnsupportedEncodingException e) { +// throw new RuntimeException("Something is very strange, because UTF-8 encoding IS NOT supported", e); +// +// } +// } + +// @Deprecated +// public void setAdditionalInformation(String additionalInformation) { +// try { +// if (StringUtils.isNotEmpty(additionalInformation)) +// this.additionalInformationBytes = additionalInformation.getBytes("UTF-8"); +// +// } catch (UnsupportedEncodingException e) { +// throw new RuntimeException("Something is very strange, because UTF-8 encoding IS NOT supported", e); +// +// } +// } + + + + diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ex/MOADatabaseException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ex/MOADatabaseException.java index 46484879d..d2d411074 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ex/MOADatabaseException.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ex/MOADatabaseException.java @@ -22,13 +22,12 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.commons.db.ex; -public class MOADatabaseException extends Exception { +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; + +public class MOADatabaseException extends EAAFStorageException { private static final long serialVersionUID = 1L; - public MOADatabaseException() { - super(); - } public MOADatabaseException(String message, Throwable cause) { super(message, cause); @@ -38,7 +37,4 @@ public class MOADatabaseException extends Exception { super(message); } - public MOADatabaseException(Throwable cause) { - super(cause); - } } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java deleted file mode 100644 index 40ef5a23a..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java +++ /dev/null @@ -1,341 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.commons.utils; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; -import java.util.Properties; -import java.util.Set; - -import org.apache.commons.lang3.StringUtils; - -import at.gv.egovernment.moa.util.MiscUtil; - -/** - * @author tlenz - * - */ -public class KeyValueUtils { - - public static final String KEY_DELIMITER = "."; - public static final String CSV_DELIMITER = ","; - - /** - * Convert Java properties into a Map<String, String> - * <br><br> - * <b>Important:</b> The key/values from properties must be of type String! - * - * @param properties - * @return - */ - public static Map<String, String> concertPropertiesToMap(Properties properties) { - return new HashMap<String, String>((Map) properties); - - //INFO Java8 solution ;) - // return properties.entrySet().stream().collect( -// Collectors.toMap( -// e -> e.getKey().toString(), -// e -> e.getValue().toString() -// ) -// ); - - } - - /** - * Extract the first child of an input key after a the prefix - * - * @param key Full input key - * @param prefix Prefix - * @return Child key {String} if it exists or null - */ - public static String getFirstChildAfterPrefix(String key, String prefix) { - String idAfterPrefix = removePrefixFromKey(key, prefix); - if (idAfterPrefix != null) { - int index = idAfterPrefix.indexOf(KEY_DELIMITER); - if (index > 0) { - String adding = idAfterPrefix.substring(0, index); - if (!(adding.isEmpty())) { - return adding; - - } - } else if (!(idAfterPrefix.isEmpty())) { - return idAfterPrefix; - - } - - } - return null; - } - - /** - * Extract the prefix from an input key - * - * @param key Full input key - * @param suffix Suffix of this key - * @return Prefix {String} of the key or null if input key does not ends with postfix string - */ - public static String getPrefixFromKey(String key, String suffix) { - if (key != null && key.endsWith(suffix)) { - String idPreforeSuffix = key.substring(0, key.length()-suffix.length()); - if (idPreforeSuffix.endsWith(KEY_DELIMITER)) - return idPreforeSuffix.substring(0, idPreforeSuffix.length()-1); - else - return idPreforeSuffix; - } - return null; - - } - - /** - * Remove a prefix string from a key - * - * @param key Full input key - * @param prefix Prefix, which should be removed - * @return The suffix of the input key or null if the input does not starts with the prefix - */ - public static String removePrefixFromKey(String key, String prefix) { - if (prefix == null) - prefix = new String(); - - if (key!=null && key.startsWith(prefix)) { - String afterPrefix = key.substring(prefix.length()); - int index = afterPrefix.indexOf(KEY_DELIMITER); - - if (index == 0) { - afterPrefix = afterPrefix.substring(1); - - } - return afterPrefix; - - } - return null; - } - - /** - * Remove a prefix string from all keys in {Map<String, String>} of key/value pairs - * - * @param keys Input data of key/value pairs - * @param prefix Prefix which should be removed - * @return {Map<String, String>} of key/value pairs without prefix in key, but never null - */ - public static Map<String, String> removePrefixFromKeys(Map<String, String> keys, String prefix) { - Map<String, String> result = new HashMap<String, String>(); - Iterator<Entry<String, String>> interator = keys.entrySet().iterator(); - while(interator.hasNext()) { - Entry<String, String> el = interator.next(); - String newKey = removePrefixFromKey(el.getKey(), prefix); - if (MiscUtil.isNotEmpty(newKey)) { - result.put(newKey, el.getValue()); - } - } - - return result; - } - - /** - * Get a subset of key/value pairs which starts with a prefix string - * The Prefix is removed from the key - * - * @param keys Input data of key/value pairs - * @param prefix Prefix string - * @return {Map<String, String>} of key/value pairs without prefix in key, but never null - */ - public static Map<String, String> getSubSetWithPrefix(Map<String, String> keys, String prefix) { - return removePrefixFromKeys(keys, prefix); - } - - - /** - * Add a prefix to key/value pairs to make the key absolute according to key namespace convention - * - * @param input Input key/value pairs which should be updated - * @param prefix Key prefix, which should be added if the key is not absolute - * @param absolutIdentifier Key identifier, which indicates an absolute key - * @return {Map<String, String>} of key/value pairs in which all keys are absolute but never null - */ - public static Map<String, String> makeKeysAbsolut(Map<String, String> input, String prefix, String absolutIdentifier) { - Map<String, String> result = new HashMap<String, String>(); - Iterator<Entry<String, String>> interator = input.entrySet().iterator(); - while(interator.hasNext()) { - Entry<String, String> el = interator.next(); - if (!el.getKey().startsWith(absolutIdentifier)) { - //key is not absolute -> add prefix - result.put(prefix - + KEY_DELIMITER - + el.getKey(), - el.getValue()); - - } else { - //key is absolute - result.put(el.getKey(), el.getValue()); - } - } - return result; - } - - /** - * Get the parent key string from an input key - * - * @param key input key - * @return parent key or the empty String if no parent exists - */ - public static String getParentKey(String key) { - if (MiscUtil.isNotEmpty(key)) { - int index = key.lastIndexOf(KEY_DELIMITER); - if (index > 0) { - return key.substring(0, index); - - } - } - - return new String(); - } - - /** - * Find the highest free list counter - * - * @param input Array of list keys - * @param listPrefix {String} prefix of the list - * @return {int} highest free list counter - */ - public static int findNextFreeListCounter(String[] input, - String listPrefix) { - List<Integer> counters = new ArrayList<Integer>(); - if (input == null || input.length == 0) - return 0; - - else { - for (String key : input) { - String listIndex = getFirstChildAfterPrefix(key, listPrefix); - counters.add(Integer.parseInt(listIndex)); - - } - Collections.sort(counters); - return counters.get(counters.size()-1) + 1; - } - } - - /** - * Find the highest free list counter - * - * @param keySet {Set<String>} of list keys - * @param listPrefix {String} prefix of the list - * @return {int} highest free list counter - */ - public static int findNextFreeListCounter(Set<String> keySet, - String listPrefix) { - if (keySet.isEmpty()) - return 0; - - String[] array = new String[keySet.size()]; - keySet.toArray(array); - return findNextFreeListCounter(array, listPrefix); - } - - - /** - * Normalize a CSV encoded list of value of an key/value pair - * - * This method removes all whitespace at the begin or the - * end of CSV values and remove newLine signs at the end of value. - * The ',' is used as list delimiter - * - * @param value CSV encoded input data - * @return normalized CSV encoded data or null if {value} is null or empty - */ - public static String normalizeCSVValueString(String value) { - String normalizedCodes = null; - if (MiscUtil.isNotEmpty(value)) { - String[] codes = value.split(CSV_DELIMITER); - for (String el: codes) { - if (normalizedCodes == null) - normalizedCodes = StringUtils.chomp(el.trim()); - else - normalizedCodes += "," + StringUtils.chomp(el.trim()); - - } - } - return normalizedCodes; - } - - - /** - * Check a String if it is a comma separated list of values - * - * This method uses the ',' as list delimiter. - * - * @param value CSV encoded input data - * @return true if the input data contains a ',' and has more then 1 list element, otherwise false - */ - public static boolean isCSVValueString(String value) { - if (MiscUtil.isNotEmpty(value)) { - String[] codes = value.split(CSV_DELIMITER); - if (codes.length >= 2) { - if (MiscUtil.isNotEmpty(codes[1].trim())) - return true; - - } - } - - return false; - } - - /** - * Convert a CSV list to a List of CSV values - * <br><br> - * This method removes all whitespace at the begin or the - * end of CSV values and remove newLine signs at the end of value. - * The ',' is used as list delimiter - * - * @param csv CSV encoded input data - * @return List of CSV normalized values, but never null - */ - public static List<String> getListOfCSVValues(String csv) { - List<String> list = new ArrayList<String>(); - if (MiscUtil.isNotEmpty(csv)) { - String[] values = csv.split(CSV_DELIMITER); - for (String el: values) - list.add(el.trim()); - - } - - return list; - } - - /** - * This method remove all newline delimiter (\n or \r\n) from input data - * - * @param value Input String - * @return Input String without newline characters - */ - public static String removeAllNewlineFromString(String value) { - return value.replaceAll("(\\t|\\r?\\n)+", ""); - - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java index 4d8a07a55..f4143e434 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java @@ -48,47 +48,46 @@ package at.gv.egovernment.moa.id.commons.utils; import java.util.Locale; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.IStatusMessenger; +import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException; +import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MISSimpleClientException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.util.Messages; +import at.gv.egovernment.moa.util.MiscUtil; -/** - * A singleton wrapper around a <code>Message</code> object, providing the messages used in MOA-ID. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class MOAIDMessageProvider { + +@Service("MOAIDMessageProvider") +public class MOAIDMessageProvider implements IStatusMessenger { - /** DEFAULT_MESSAGE_RESOURCES are resources/properties/id_messages */ - private static final String[] DEFAULT_MESSAGE_RESOURCES = - { "resources/properties/id_messages" }; - /** DEFAULT_MESSAGE_LOCALES are "de", "AT" */ - private static final Locale[] DEFAULT_MESSAGE_LOCALES = - new Locale[] { new Locale("de", "AT") }; - /** The instance for our singleton */ - private static MOAIDMessageProvider instance; - /** The Messages */ + //internal messanges + private static final String[] DEFAULT_MESSAGE_RESOURCES = { "resources/properties/id_messages" }; + private static final Locale[] DEFAULT_MESSAGE_LOCALES = new Locale[] { new Locale("de", "AT") }; private Messages messages; - /** - * Returns the single instance of <code>MOAIDMessageProvider</code>. - * - * @return the single instance of <code>MOAIDMessageProvider</code> - */ + //external error codes + private static final String[] DEFAULT_EXTERNALERROR_RESOURCES = { "resources/properties/protocol_response_statuscodes" }; + private static final Locale[] DEFAULT_EXTERNALERROR_LOCALES = new Locale[] { new Locale("de", "AT") }; + private Messages externalError = null; + + + private static MOAIDMessageProvider instance = null; + public static MOAIDMessageProvider getInstance() { - if (instance == null) - instance = new MOAIDMessageProvider(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES); - return instance; - } + if (instance == null) + instance = new MOAIDMessageProvider(); + + return instance; + + } - /** - * Create a <code>MOAIDMessageProvider</code>. - * - * @param resourceNames The names of the resources containing the messages. - * @param locales The corresponding locales. - */ - protected MOAIDMessageProvider(String[] resourceNames, Locale[] locales) { - this.messages = new Messages(resourceNames, locales); - } + public MOAIDMessageProvider() { + this.messages = new Messages(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES); + this.externalError = new Messages(DEFAULT_EXTERNALERROR_RESOURCES, DEFAULT_EXTERNALERROR_LOCALES); + + } /** * Get the message corresponding to a given message ID. @@ -97,8 +96,54 @@ public class MOAIDMessageProvider { * @param parameters The parameters to fill in into the message arguments. * @return The formatted message. */ + @Override public String getMessage(String messageId, Object[] parameters) { return messages.getMessage(messageId, parameters); } + +@Override +public String getResponseErrorCode(Throwable throwable) { + String errorCode = null; + + if (throwable instanceof BKUException) { + BKUException error = (BKUException) throwable; + errorCode = mapInternalErrorToExternalError(error.getMessageId()) + + error.getBkuErrorCode(); + + } else if (throwable instanceof MISSimpleClientException) { + MISSimpleClientException error = (MISSimpleClientException) throwable; + + if (MiscUtil.isNotEmpty(error.getMISErrorCode())) + errorCode = mapInternalErrorToExternalError(error.getMessageId()) + + error.getMISErrorCode(); + else + errorCode = mapInternalErrorToExternalError(error.getMessageId()); + + } else if (throwable instanceof MOAIDException) { + MOAIDException error = (MOAIDException) throwable; + errorCode = mapInternalErrorToExternalError(error.getMessageId()); + + } else if (throwable instanceof ProcessExecutionException) { + errorCode = IStatusMessenger.CODES_EXTERNAL_ERROR_PROCESSENGINE; + + } else { + errorCode = IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; + + } + + return errorCode; +} + + +@Override +public String mapInternalErrorToExternalError(String intErrorCode) { + String extErrorCode = externalError.getMessage(intErrorCode, null); + + if (MiscUtil.isEmpty(extErrorCode)) + extErrorCode = IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; + + return extErrorCode; +} + } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/X509Utils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/X509Utils.java new file mode 100644 index 000000000..026b1a5fb --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/X509Utils.java @@ -0,0 +1,62 @@ +package at.gv.egovernment.moa.id.commons.utils; + +import java.security.cert.X509Certificate; +import java.util.List; + +import javax.security.auth.x500.X500Principal; + +public class X509Utils { + + /** + * Sorts the Certificate Chain by IssuerDN and SubjectDN. The [0]-Element should be the Hostname, + * the last Element should be the Root Certificate. + * + * @param certs + * The first element must be the correct one. + * @return sorted Certificate Chain + */ + public static List<X509Certificate> sortCertificates( + List<X509Certificate> certs) + { + int length = certs.size(); + if (certs.size() <= 1) + { + return certs; + } + + for (X509Certificate cert : certs) + { + if (cert == null) + { + throw new NullPointerException(); + } + } + + for (int i = 0; i < length; i++) + { + boolean found = false; + X500Principal issuer = certs.get(i).getIssuerX500Principal(); + for (int j = i + 1; j < length; j++) + { + X500Principal subject = certs.get(j).getSubjectX500Principal(); + if (issuer.equals(subject)) + { + // sorting necessary? + if (i + 1 != j) + { + X509Certificate tmp = certs.get(i + 1); + certs.set(i + 1, certs.get(j)); + certs.set(j, tmp); + } + found = true; + } + } + if (!found) + { + break; + } + } + + return certs; + } +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java index abf2d211c..e6efca4ea 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java @@ -58,8 +58,8 @@ import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.KeyStoreUtils; import at.gv.egovernment.moaspss.logging.LoggingContext; import at.gv.egovernment.moaspss.logging.LoggingContextManager; import iaik.pki.DefaultPKIConfiguration; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/IPKIXValidator.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/IPKIXValidator.java new file mode 100644 index 000000000..ce32cbd0d --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/IPKIXValidator.java @@ -0,0 +1,6 @@ +package at.gv.egovernment.moa.id.commons.validation; + +public interface IPKIXValidator { + + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASPPKIXCertValidator.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASPPKIXCertValidator.java new file mode 100644 index 000000000..fda567452 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASPPKIXCertValidator.java @@ -0,0 +1,9 @@ +package at.gv.egovernment.moa.id.commons.validation; + +import org.springframework.stereotype.Service; + +@Service +public class MOASPPKIXCertValidator implements IPKIXValidator { + + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/PKIXValidatorConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/PKIXValidatorConfiguration.java new file mode 100644 index 000000000..20235c4b6 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/PKIXValidatorConfiguration.java @@ -0,0 +1,21 @@ +package at.gv.egovernment.moa.id.commons.validation; + +public class PKIXValidatorConfiguration { + + public enum CHAININGMODE { + pkix, chaining + } + + public enum REVOCATIONCHECKMETHODES { + crl, ocsp + } + + private String trustStorePath = null; + private String certStorePath = null; + private boolean revocationChecking = true; + private REVOCATIONCHECKMETHODES[] revocationCheckMode = {REVOCATIONCHECKMETHODES.ocsp, REVOCATIONCHECKMETHODES.crl}; + private CHAININGMODE chaining = CHAININGMODE.pkix; + + + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java index c94222ea0..47abbf29a 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java @@ -281,7 +281,7 @@ public interface Constants { /** Local location of the XAdES v1.1.1 schema definition */ public static final String XADES_1_3_2_SCHEMA_LOCATION = - SCHEMA_ROOT + "XAdES-1.3.2.xsd"; + SCHEMA_ROOT + "XAdES01903v132-201601.xsd"; /** URI of the XAdES v1.3.2 namespace */ public static final String XADES_1_3_2_NS_URI = "http://uri.etsi.org/01903/v1.3.2#"; @@ -290,7 +290,7 @@ public interface Constants { /** Local location of the XAdES v1.4.1 schema definition */ public static final String XADES_1_4_1_SCHEMA_LOCATION = - SCHEMA_ROOT + "XAdES-1.4.1.xsd"; + SCHEMA_ROOT + "XAdES01903v141-201601.xsd"; /** URI of the XAdES v1.4.1 namespace */ public static final String XADES_1_4_1_NS_URI = "http://uri.etsi.org/01903/v1.4.1#"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java deleted file mode 100644 index 62a168ac8..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java +++ /dev/null @@ -1,1263 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.util; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.util.Collections; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; -import java.util.Set; -import java.util.Vector; - -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.transform.OutputKeys; -import javax.xml.transform.Result; -import javax.xml.transform.Source; -import javax.xml.transform.Transformer; -import javax.xml.transform.TransformerException; -import javax.xml.transform.TransformerFactory; -import javax.xml.transform.dom.DOMSource; -import javax.xml.transform.stream.StreamResult; - -import org.apache.commons.io.IOUtils; -import org.apache.xerces.parsers.DOMParser; -import org.apache.xerces.parsers.SAXParser; -import org.apache.xerces.parsers.XMLGrammarPreparser; -import org.apache.xerces.util.SymbolTable; -import org.apache.xerces.util.XMLGrammarPoolImpl; -import org.apache.xerces.xni.grammars.XMLGrammarDescription; -import org.apache.xerces.xni.grammars.XMLGrammarPool; -import org.apache.xerces.xni.parser.XMLInputSource; -import org.w3c.dom.Attr; -import org.w3c.dom.Document; -import org.w3c.dom.DocumentFragment; -import org.w3c.dom.Element; -import org.w3c.dom.NamedNodeMap; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; -import org.xml.sax.EntityResolver; -import org.xml.sax.ErrorHandler; -import org.xml.sax.InputSource; -import org.xml.sax.SAXException; - -import at.gv.egovernment.moa.logging.Logger; - -/** - * Various utility functions for handling XML DOM trees. - * - * The parsing methods in this class make use of some features internal to the - * Xerces DOM parser, mainly for performance reasons. As soon as JAXP - * (currently at version 1.2) is better at schema handling, it should be used as - * the parser interface. - * - * @author Patrick Peck - * @version $Id$ - */ -public class DOMUtils { - - /** Feature URI for namespace aware parsing. */ - private static final String NAMESPACES_FEATURE = - "http://xml.org/sax/features/namespaces"; - /** Feature URI for validating parsing. */ - private static final String VALIDATION_FEATURE = - "http://xml.org/sax/features/validation"; - /** Feature URI for schema validating parsing. */ - private static final String SCHEMA_VALIDATION_FEATURE = - "http://apache.org/xml/features/validation/schema"; - /** Feature URI for normalization of element/attribute values. */ - private static final String NORMALIZED_VALUE_FEATURE = - "http://apache.org/xml/features/validation/schema/normalized-value"; - /** Feature URI for parsing ignorable whitespace. */ - private static final String INCLUDE_IGNORABLE_WHITESPACE_FEATURE = - "http://apache.org/xml/features/dom/include-ignorable-whitespace"; - /** Feature URI for creating EntityReference nodes in the DOM tree. */ - private static final String CREATE_ENTITY_REF_NODES_FEATURE = - "http://apache.org/xml/features/dom/create-entity-ref-nodes"; - /** Property URI for providing external schema locations. */ - private static final String EXTERNAL_SCHEMA_LOCATION_PROPERTY = - "http://apache.org/xml/properties/schema/external-schemaLocation"; - /** Property URI for providing the external schema location for elements - * without a namespace. */ - private static final String EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY = - "http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation"; - - private static final String EXTERNAL_GENERAL_ENTITIES_FEATURE = - "http://xml.org/sax/features/external-general-entities"; - - private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE = - "http://xml.org/sax/features/external-parameter-entities"; - - public static final String DISALLOW_DOCTYPE_FEATURE = - "http://apache.org/xml/features/disallow-doctype-decl"; - - - - /** Property URI for the Xerces grammar pool. */ - private static final String GRAMMAR_POOL = - org.apache.xerces.impl.Constants.XERCES_PROPERTY_PREFIX - + org.apache.xerces.impl.Constants.XMLGRAMMAR_POOL_PROPERTY; - /** A prime number for initializing the symbol table. */ - private static final int BIG_PRIME = 2039; - /** Symbol table for the grammar pool. */ - private static SymbolTable symbolTable = new SymbolTable(BIG_PRIME); - /** Xerces schema grammar pool. */ - private static XMLGrammarPool grammarPool = new XMLGrammarPoolImpl(); - /** Set holding the NamespaceURIs of the grammarPool, to prevent multiple - * entries of same grammars to the pool */ - private static Set grammarNamespaces; - - static { - grammarPool.lockPool(); - grammarNamespaces = new HashSet(); - } - - /** - * Preparse a schema and add it to the schema pool. - * The method only adds the schema to the pool if a schema having the same - * <code>systemId</code> (namespace URI) is not already present in the pool. - * - * @param inputStream An <code>InputStream</code> providing the contents of - * the schema. - * @param systemId The systemId (namespace URI) to use for the schema. - * @throws IOException An error occurred reading the schema. - */ - public static void addSchemaToPool(InputStream inputStream, String systemId) - throws IOException { - XMLGrammarPreparser preparser; - - if (!grammarNamespaces.contains(systemId)) { - - grammarNamespaces.add(systemId); - - // unlock the pool so that we can add another grammar - grammarPool.unlockPool(); - - // prepare the preparser - preparser = new XMLGrammarPreparser(symbolTable); - preparser.registerPreparser(XMLGrammarDescription.XML_SCHEMA, null); - preparser.setProperty(GRAMMAR_POOL, grammarPool); - preparser.setFeature(NAMESPACES_FEATURE, true); - preparser.setFeature(VALIDATION_FEATURE, true); - - // add the grammar to the pool - preparser.preparseGrammar( - XMLGrammarDescription.XML_SCHEMA, - new XMLInputSource(null, systemId, null, inputStream, null)); - - // lock the pool again so that schemas are not added automatically - grammarPool.lockPool(); - } - } - - /** - * Parse an XML document from an <code>InputStream</code>. - * - * @param inputStream The <code>InputStream</code> containing the XML - * document. - * @param validating If <code>true</code>, parse validating. - * @param externalSchemaLocations A <code>String</code> containing namespace - * URI to schema location pairs, the same way it is accepted by the <code>xsi: - * schemaLocation</code> attribute. - * @param externalNoNamespaceSchemaLocation The schema location of the - * schema for elements without a namespace, the same way it is accepted by the - * <code>xsi:noNamespaceSchemaLocation</code> attribute. - * @param entityResolver An <code>EntityResolver</code> to resolve external - * entities (schemas and DTDs). If <code>null</code>, it will not be set. - * @param errorHandler An <code>ErrorHandler</code> to decide what to do - * with parsing errors. If <code>null</code>, it will not be set. - * @return The parsed XML document as a DOM tree. - * @throws SAXException An error occurred parsing the document. - * @throws IOException An error occurred reading the document. - * @throws ParserConfigurationException An error occurred configuring the XML - * parser. - */ - public static Document parseDocument( - InputStream inputStream, - boolean validating, - String externalSchemaLocations, - String externalNoNamespaceSchemaLocation, - EntityResolver entityResolver, - ErrorHandler errorHandler, - Map<String, Object> parserFeatures) - throws SAXException, IOException, ParserConfigurationException { - - DOMParser parser; - -// class MyEntityResolver implements EntityResolver { -// -// public InputSource resolveEntity(String publicId, String systemId) -// throws SAXException, IOException { -// return new InputSource(new ByteArrayInputStream(new byte[0])); -// } -// } - - - //if Debug is enabled make a copy of inputStream to enable debug output in case of SAXException - byte buffer [] = null; - ByteArrayInputStream baStream = null; - if(true == Logger.isDebugEnabled()) { - buffer = IOUtils.toByteArray(inputStream); - baStream = new ByteArrayInputStream(buffer); - - } - - - - // create the DOM parser - if (symbolTable != null) { - parser = new DOMParser(symbolTable, grammarPool); - } else { - parser = new DOMParser(); - } - - // set parser features and properties - try { - parser.setFeature(NAMESPACES_FEATURE, true); - parser.setFeature(VALIDATION_FEATURE, validating); - parser.setFeature(SCHEMA_VALIDATION_FEATURE, validating); - parser.setFeature(NORMALIZED_VALUE_FEATURE, false); - parser.setFeature(INCLUDE_IGNORABLE_WHITESPACE_FEATURE, true); - parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false); - parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false); - parser.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, false); - - //set external added parser features - if (parserFeatures != null) { - for (Entry<String, Object> el : parserFeatures.entrySet()) { - String key = el.getKey(); - if (MiscUtil.isNotEmpty(key)) { - Object value = el.getValue(); - if (value != null && value instanceof Boolean) - parser.setFeature(key, (boolean)value); - - else - Logger.warn("This XML parser only allows features with 'boolean' values"); - - } else - Logger.warn("Can not set 'null' feature to XML parser"); - } - } - - //fix XXE problem - //parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); - - - if (validating) { - if (externalSchemaLocations != null) { - parser.setProperty( - EXTERNAL_SCHEMA_LOCATION_PROPERTY, - externalSchemaLocations); - } - if (externalNoNamespaceSchemaLocation != null) { - parser.setProperty( - EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY, - externalNoNamespaceSchemaLocation); - } - } - - // set entity resolver and error handler - if (entityResolver != null) { - parser.setEntityResolver(entityResolver); - } - if (errorHandler != null) { - parser.setErrorHandler(errorHandler); - } - - // parse the document and return it - // if debug is enabled: use copy of strem (baStream) else use orig stream - if(null != baStream) - parser.parse(new InputSource(baStream)); - else - parser.parse(new InputSource(inputStream)); - } catch(SAXException e) { - if(true == Logger.isDebugEnabled() && null != buffer) { - String xmlContent = new String(buffer); - Logger.debug("SAXException in:\n" + xmlContent); - } - throw(e); - } - - return parser.getDocument(); - } - - /** - * Parse an XML document from an <code>InputStream</code>. - * - * @param inputStream The <code>InputStream</code> containing the XML - * document. - * @param validating If <code>true</code>, parse validating. - * @param externalSchemaLocations A <code>String</code> containing namespace - * URI to schema location pairs, the same way it is accepted by the <code>xsi: - * schemaLocation</code> attribute. - * @param externalNoNamespaceSchemaLocation The schema location of the - * schema for elements without a namespace, the same way it is accepted by the - * <code>xsi:noNamespaceSchemaLocation</code> attribute. - * @param entityResolver An <code>EntityResolver</code> to resolve external - * entities (schemas and DTDs). If <code>null</code>, it will not be set. - * @param errorHandler An <code>ErrorHandler</code> to decide what to do - * with parsing errors. If <code>null</code>, it will not be set. - * @return The parsed XML document as a DOM tree. - * @throws SAXException An error occurred parsing the document. - * @throws IOException An error occurred reading the document. - * @throws ParserConfigurationException An error occurred configuring the XML - * parser. - */ - public static Document parseDocumentSimple(InputStream inputStream) - throws SAXException, IOException, ParserConfigurationException { - - DOMParser parser; - - parser = new DOMParser(); - // set parser features and properties - parser.setFeature(NAMESPACES_FEATURE, true); - parser.setFeature(VALIDATION_FEATURE, false); - parser.setFeature(SCHEMA_VALIDATION_FEATURE, false); - parser.setFeature(NORMALIZED_VALUE_FEATURE, false); - parser.setFeature(INCLUDE_IGNORABLE_WHITESPACE_FEATURE, true); - parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false); - - parser.parse(new InputSource(inputStream)); - - return parser.getDocument(); - } - - - /** - * Parse an XML document from an <code>InputStream</code>. - * - * It uses a <code>MOAEntityResolver</code> as the <code>EntityResolver</code> - * and a <code>MOAErrorHandler</code> as the <code>ErrorHandler</code>. - * - * @param inputStream The <code>InputStream</code> containing the XML - * document. - * @param validating If <code>true</code>, parse validating. - * @param externalSchemaLocations A <code>String</code> containing namespace - * URI to schema location pairs, the same way it is accepted by the <code>xsi: - * schemaLocation</code> attribute. - * @param externalNoNamespaceSchemaLocation The schema location of the - * schema for elements without a namespace, the same way it is accepted by the - * <code>xsi:noNamespaceSchemaLocation</code> attribute. - * @param parserFeatures - * @return The parsed XML document as a DOM tree. - * @throws SAXException An error occurred parsing the document. - * @throws IOException An error occurred reading the document. - * @throws ParserConfigurationException An error occurred configuring the XML - * parser. - */ - public static Document parseDocument( - InputStream inputStream, - boolean validating, - String externalSchemaLocations, - String externalNoNamespaceSchemaLocation, Map<String, Object> parserFeatures) - throws SAXException, IOException, ParserConfigurationException { - - - - return parseDocument( - inputStream, - validating, - externalSchemaLocations, - externalNoNamespaceSchemaLocation, - new MOAEntityResolver(), - new MOAErrorHandler(), - parserFeatures); - } - - /** - * Parse an XML document from a <code>String</code>. - * - * It uses a <code>MOAEntityResolver</code> as the <code>EntityResolver</code> - * and a <code>MOAErrorHandler</code> as the <code>ErrorHandler</code>. - * - * @param xmlString The <code>String</code> containing the XML document. - * @param encoding The encoding of the XML document. - * @param validating If <code>true</code>, parse validating. - * @param externalSchemaLocations A <code>String</code> containing namespace - * URI to schema location pairs, the same way it is accepted by the <code>xsi: - * schemaLocation</code> attribute. - * @param externalNoNamespaceSchemaLocation The schema location of the - * schema for elements without a namespace, the same way it is accepted by the - * <code>xsi:noNamespaceSchemaLocation</code> attribute. - * @return The parsed XML document as a DOM tree. - * @throws SAXException An error occurred parsing the document. - * @throws IOException An error occurred reading the document. - * @throws ParserConfigurationException An error occurred configuring the XML - * parser. - */ - public static Document parseDocument( - String xmlString, - String encoding, - boolean validating, - String externalSchemaLocations, - String externalNoNamespaceSchemaLocation, - Map<String, Object> parserFeatures) - throws SAXException, IOException, ParserConfigurationException { - - InputStream in = new ByteArrayInputStream(xmlString.getBytes(encoding)); - return parseDocument( - in, - validating, - externalSchemaLocations, - externalNoNamespaceSchemaLocation, - parserFeatures); - } - - - /** - * Parse an XML document from a <code>String</code>. - * - * It uses a <code>MOAEntityResolver</code> as the <code>EntityResolver</code> - * and a <code>MOAErrorHandler</code> as the <code>ErrorHandler</code>. - * - * @param xmlString The <code>String</code> containing the XML document. - * @param encoding The encoding of the XML document. - * @param validating If <code>true</code>, parse validating. - * @param externalSchemaLocations A <code>String</code> containing namespace - * URI to schema location pairs, the same way it is accepted by the <code>xsi: - * schemaLocation</code> attribute. - * @param externalNoNamespaceSchemaLocation The schema location of the - * schema for elements without a namespace, the same way it is accepted by the - * <code>xsi:noNamespaceSchemaLocation</code> attribute. - * @return The parsed XML document as a DOM tree. - * @throws SAXException An error occurred parsing the document. - * @throws IOException An error occurred reading the document. - * @throws ParserConfigurationException An error occurred configuring the XML - * parser. - */ - public static Document parseDocument( - String xmlString, - String encoding, - boolean validating, - String externalSchemaLocations, - String externalNoNamespaceSchemaLocation) - throws SAXException, IOException, ParserConfigurationException { - - InputStream in = new ByteArrayInputStream(xmlString.getBytes(encoding)); - return parseDocument( - in, - validating, - externalSchemaLocations, - externalNoNamespaceSchemaLocation, - null); - } - - /** - * Parse an UTF-8 encoded XML document from a <code>String</code>. - * - * @param xmlString The <code>String</code> containing the XML document. - * @param validating If <code>true</code>, parse validating. - * @param externalSchemaLocations A <code>String</code> containing namespace - * URI to schema location pairs, the same way it is accepted by the <code>xsi: - * schemaLocation</code> attribute. - * @param externalNoNamespaceSchemaLocation The schema location of the - * schema for elements without a namespace, the same way it is accepted by the - * <code>xsi:noNamespaceSchemaLocation</code> attribute. - * @return The parsed XML document as a DOM tree. - * @throws SAXException An error occurred parsing the document. - * @throws IOException An error occurred reading the document. - * @throws ParserConfigurationException An error occurred configuring the XML - * parser. - */ - public static Document parseDocument( - String xmlString, - boolean validating, - String externalSchemaLocations, - String externalNoNamespaceSchemaLocation) - throws SAXException, IOException, ParserConfigurationException { - - return parseDocument( - xmlString, - "UTF-8", - validating, - externalSchemaLocations, - externalNoNamespaceSchemaLocation); - } - - /** - * A convenience method to parse an XML document validating. - * - * @param inputStream The <code>InputStream</code> containing the XML - * document. - * @return The root element of the parsed XML document. - * @throws SAXException An error occurred parsing the document. - * @throws IOException An error occurred reading the document. - * @throws ParserConfigurationException An error occurred configuring the XML - * parser. - */ - public static Element parseXmlValidating(InputStream inputStream) - throws ParserConfigurationException, SAXException, IOException { - return DOMUtils - .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, null) - .getDocumentElement(); - } - - /** - * A convenience method to parse an XML document validating. - * - * @param inputStream The <code>InputStream</code> containing the XML - * document. - * @param parserFeatures Set additional features to XML parser - * @return The root element of the parsed XML document. - * @throws SAXException An error occurred parsing the document. - * @throws IOException An error occurred reading the document. - * @throws ParserConfigurationException An error occurred configuring the XML - * parser. - */ - public static Element parseXmlValidating(InputStream inputStream, Map<String, Object> parserFeatures) - throws ParserConfigurationException, SAXException, IOException { - return DOMUtils - .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, parserFeatures) - .getDocumentElement(); - } - - /** - * A convenience method to parse an XML document non validating. - * This method disallow DocType declarations - * - * @param inputStream The <code>InputStream</code> containing the XML - * document. - * @return The root element of the parsed XML document. - * @throws SAXException An error occurred parsing the document. - * @throws IOException An error occurred reading the document. - * @throws ParserConfigurationException An error occurred configuring the XML - * parser. - */ - public static Element parseXmlNonValidating(InputStream inputStream) - throws ParserConfigurationException, SAXException, IOException { - return DOMUtils - .parseDocument(inputStream, false, Constants.ALL_SCHEMA_LOCATIONS, null, - Collections.unmodifiableMap(new HashMap<String, Object>() { - private static final long serialVersionUID = 1L; - { - put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true); - - } - })).getDocumentElement(); - } - - /** - * Schema validate a given DOM element. - * - * @param element The element to validate. - * @param externalSchemaLocations A <code>String</code> containing namespace - * URI to schema location pairs, the same way it is accepted by the <code>xsi: - * schemaLocation</code> attribute. - * @param externalNoNamespaceSchemaLocation The schema location of the - * schema for elements without a namespace, the same way it is accepted by the - * <code>xsi:noNamespaceSchemaLocation</code> attribute. - * @return <code>true</code>, if the <code>element</code> validates against - * the schemas declared in it. - * @throws SAXException An error occurred parsing the document. - * @throws IOException An error occurred reading the document from its - * serialized representation. - * @throws ParserConfigurationException An error occurred configuring the XML - * @throws TransformerException An error occurred serializing the element. - */ - public static boolean validateElement( - Element element, - String externalSchemaLocations, - String externalNoNamespaceSchemaLocation) - throws - ParserConfigurationException, - IOException, - SAXException, - TransformerException { - - byte[] docBytes; - SAXParser parser; - - // create the SAX parser - if (symbolTable != null) { - parser = new SAXParser(symbolTable, grammarPool); - } else { - parser = new SAXParser(); - } - - // serialize the document - docBytes = serializeNode(element, "UTF-8"); - - // set up parser features and attributes - parser.setFeature(NAMESPACES_FEATURE, true); - parser.setFeature(VALIDATION_FEATURE, true); - parser.setFeature(SCHEMA_VALIDATION_FEATURE, true); - parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false); - parser.setFeature(DISALLOW_DOCTYPE_FEATURE, true); - - - if (externalSchemaLocations != null) { - parser.setProperty( - EXTERNAL_SCHEMA_LOCATION_PROPERTY, - externalSchemaLocations); - } - if (externalNoNamespaceSchemaLocation != null) { - parser.setProperty( - EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY, - "externalNoNamespaceSchemaLocation"); - } - - // set up entity resolver and error handler - parser.setEntityResolver(new MOAEntityResolver()); - parser.setErrorHandler(new MOAErrorHandler()); - - // parse validating - parser.parse(new InputSource(new ByteArrayInputStream(docBytes))); - return true; - } - - - /** - * Schema validate a given DOM element. - * - * @param element The element to validate. - * @param externalSchemaLocations A <code>String</code> containing namespace - * URI to schema location pairs, the same way it is accepted by the <code>xsi: - * schemaLocation</code> attribute. - * @param externalNoNamespaceSchemaLocation The schema location of the - * schema for elements without a namespace, the same way it is accepted by the - * <code>xsi:noNamespaceSchemaLocation</code> attribute. - * @return <code>true</code>, if the <code>element</code> validates against - * the schemas declared in it. - * @throws SAXException An error occurred parsing the document. - * @throws IOException An error occurred reading the document from its - * serialized representation. - * @throws ParserConfigurationException An error occurred configuring the XML - * @throws TransformerException An error occurred serializing the element. - */ - public static boolean validateElement( - Element element, - String externalSchemaLocations, - String externalNoNamespaceSchemaLocation, - EntityResolver entityResolver) - throws - ParserConfigurationException, - IOException, - SAXException, - TransformerException { - - byte[] docBytes; - SAXParser parser; - - // create the SAX parser - if (symbolTable != null) { - parser = new SAXParser(symbolTable, grammarPool); - } else { - parser = new SAXParser(); - } - - // serialize the document - docBytes = serializeNode(element, "UTF-8"); - - // set up parser features and attributes - parser.setFeature(NAMESPACES_FEATURE, true); - parser.setFeature(VALIDATION_FEATURE, true); - parser.setFeature(SCHEMA_VALIDATION_FEATURE, true); - - if (externalSchemaLocations != null) { - parser.setProperty( - EXTERNAL_SCHEMA_LOCATION_PROPERTY, - externalSchemaLocations); - } - if (externalNoNamespaceSchemaLocation != null) { - parser.setProperty( - EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY, - "externalNoNamespaceSchemaLocation"); - } - - // set up entity resolver and error handler - parser.setEntityResolver(entityResolver); - parser.setErrorHandler(new MOAErrorHandler()); - - // parse validating - parser.parse(new InputSource(new ByteArrayInputStream(docBytes))); - return true; - } - - /** - * Serialize the given DOM node. - * - * The node will be serialized using the UTF-8 encoding. - * - * @param node The node to serialize. - * @return String The <code>String</code> representation of the given DOM - * node. - * @throws TransformerException An error occurred transforming the - * node to a <code>String</code>. - * @throws IOException An IO error occurred writing the node to a byte array. - */ - public static String serializeNode(Node node) - throws TransformerException, IOException { - return new String(serializeNode(node, "UTF-8", false), "UTF-8"); - } - - - /** - * Serialize the given DOM node. - * - * The node will be serialized using the UTF-8 encoding. - * - * @param node The node to serialize. - * @param omitXmlDeclaration The boolean value for omitting the XML Declaration. - * @return String The <code>String</code> representation of the given DOM - * node. - * @throws TransformerException An error occurred transforming the - * node to a <code>String</code>. - * @throws IOException An IO error occurred writing the node to a byte array. - */ - public static String serializeNode(Node node, boolean omitXmlDeclaration) - throws TransformerException, IOException { - return new String(serializeNode(node, "UTF-8", omitXmlDeclaration), "UTF-8"); - } - - /** - * Serialize the given DOM node. - * - * The node will be serialized using the UTF-8 encoding. - * - * @param node The node to serialize. - * @param omitXmlDeclaration The boolean value for omitting the XML Declaration. - * @param lineSeperator Sets the line seperator String of the parser - * @return String The <code>String</code> representation of the given DOM - * node. - * @throws TransformerException An error occurred transforming the - * node to a <code>String</code>. - * @throws IOException An IO error occurred writing the node to a byte array. - */ - public static String serializeNode(Node node, boolean omitXmlDeclaration, String lineSeperator) - throws TransformerException, IOException { - return new String(serializeNode(node, "UTF-8", omitXmlDeclaration, lineSeperator), "UTF-8"); - } - - /** - * Serialize the given DOM node to a byte array. - * - * @param node The node to serialize. - * @param xmlEncoding The XML encoding to use. - * @return The serialized node, as a byte array. Using a compatible encoding - * this can easily be converted into a <code>String</code>. - * @throws TransformerException An error occurred transforming the node to a - * byte array. - * @throws IOException An IO error occurred writing the node to a byte array. - */ - public static byte[] serializeNode(Node node, String xmlEncoding) - throws TransformerException, IOException { - return serializeNode(node, xmlEncoding, false); - } - - /** - * Serialize the given DOM node to a byte array. - * - * @param node The node to serialize. - * @param xmlEncoding The XML encoding to use. - * @param omitDeclaration The boolean value for omitting the XML Declaration. - * @return The serialized node, as a byte array. Using a compatible encoding - * this can easily be converted into a <code>String</code>. - * @throws TransformerException An error occurred transforming the node to a - * byte array. - * @throws IOException An IO error occurred writing the node to a byte array. - */ - public static byte[] serializeNode(Node node, String xmlEncoding, boolean omitDeclaration) - throws TransformerException, IOException { - return serializeNode(node, xmlEncoding, omitDeclaration, null); - } - - - /** - * Serialize the given DOM node to a byte array. - * - * @param node The node to serialize. - * @param xmlEncoding The XML encoding to use. - * @param omitDeclaration The boolean value for omitting the XML Declaration. - * @param lineSeperator Sets the line seperator String of the parser - * @return The serialized node, as a byte array. Using a compatible encoding - * this can easily be converted into a <code>String</code>. - * @throws TransformerException An error occurred transforming the node to a - * byte array. - * @throws IOException An IO error occurred writing the node to a byte array. - */ - public static byte[] serializeNode(Node node, String xmlEncoding, boolean omitDeclaration, String lineSeperator) - throws TransformerException, IOException { - - TransformerFactory transformerFactory = TransformerFactory.newInstance(); - Transformer transformer = transformerFactory.newTransformer(); - ByteArrayOutputStream bos = new ByteArrayOutputStream(16384); - - transformer.setOutputProperty(OutputKeys.METHOD, "xml"); - transformer.setOutputProperty(OutputKeys.ENCODING, xmlEncoding); - String omit = omitDeclaration ? "yes" : "no"; - transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, omit); - if (null!=lineSeperator) { - transformer.setOutputProperty("{http://xml.apache.org/xalan}line-separator", lineSeperator);//does not work for xalan <= 2.5.1 - } - transformer.transform(new DOMSource(node), new StreamResult(bos)); - - bos.flush(); - bos.close(); - - return bos.toByteArray(); - } - - /** - * Return the text that a node contains. - * - * This routine: - * <ul> - * <li>Ignores comments and processing instructions.</li> - * <li>Concatenates TEXT nodes, CDATA nodes, and the results recursively - * processing EntityRef nodes.</li> - * <li>Ignores any element nodes in the sublist. (Other possible options are - * to recurse into element sublists or throw an exception.)</li> - * </ul> - * - * @param node A DOM node from which to extract text. - * @return A String representing its contents. - */ - public static String getText(Node node) { - if (!node.hasChildNodes()) { - return ""; - } - - StringBuffer result = new StringBuffer(); - NodeList list = node.getChildNodes(); - - for (int i = 0; i < list.getLength(); i++) { - Node subnode = list.item(i); - if (subnode.getNodeType() == Node.TEXT_NODE) { - result.append(subnode.getNodeValue()); - } else if (subnode.getNodeType() == Node.CDATA_SECTION_NODE) { - result.append(subnode.getNodeValue()); - } else if (subnode.getNodeType() == Node.ENTITY_REFERENCE_NODE) { - // Recurse into the subtree for text - // (and ignore comments) - result.append(getText(subnode)); - } - } - return result.toString(); - } - - /** - * Build the namespace prefix to namespace URL mapping in effect for a given - * node. - * - * @param node The context node for which build the map. - * @return The namespace prefix to namespace URL mapping ( - * a <code>String</code> value to <code>String</code> value mapping). - */ - public static Map getNamespaceDeclarations(Node node) { - Map nsDecls = new HashMap(); - int i; - - do { - if (node.hasAttributes()) { - NamedNodeMap attrs = node.getAttributes(); - - for (i = 0; i < attrs.getLength(); i++) { - Attr attr = (Attr) attrs.item(i); - - // add prefix mapping if none exists - if ("xmlns".equals(attr.getPrefix()) - || "xmlns".equals(attr.getName())) { - - String nsPrefix = - attr.getPrefix() != null ? attr.getLocalName() : ""; - - if (nsDecls.get(nsPrefix) == null) { - nsDecls.put(nsPrefix, attr.getValue()); - } - } - } - } - } while ((node = node.getParentNode()) != null); - - return nsDecls; - } - - /** - * Add all namespace declarations declared in the parent(s) of a given - * element and used in the subtree of the given element to the given element. - * - * @param context The element to which to add the namespaces. - */ - public static void localizeNamespaceDeclarations(Element context) { - Node parent = context.getParentNode(); - - if (parent != null) { - Map namespaces = getNamespaceDeclarations(context.getParentNode()); - Set nsUris = collectNamespaceURIs(context); - Iterator iter; - - for (iter = namespaces.entrySet().iterator(); iter.hasNext();) { - Map.Entry e = (Map.Entry) iter.next(); - - if (nsUris.contains(e.getValue())) { - String prefix = (String) e.getKey(); - String nsUri = (String) e.getValue(); - String nsAttrName = "".equals(prefix) ? "xmlns" : "xmlns:" + prefix; - - context.setAttributeNS(Constants.XMLNS_NS_URI, nsAttrName, nsUri); - } - } - } - } - - /** - * Collect all the namespace URIs used in the subtree of a given element. - * - * @param context The element that should be searched for namespace URIs. - * @return All namespace URIs used in the subtree of <code>context</code>, - * including the ones used in <code>context</code> itself. - */ - public static Set collectNamespaceURIs(Element context) { - Set result = new HashSet(); - - collectNamespaceURIsImpl(context, result); - return result; - } - - /** - * A recursive method to do the work of <code>collectNamespaceURIs</code>. - * - * @param context The context element to evaluate. - * @param result The result, passed as a parameter to avoid unnecessary - * instantiations of <code>Set</code>. - */ - private static void collectNamespaceURIsImpl(Element context, Set result) { - NamedNodeMap attrs = context.getAttributes(); - NodeList childNodes = context.getChildNodes(); - String nsUri; - int i; - - // add the namespace of the context element - nsUri = context.getNamespaceURI(); - if (nsUri != null && nsUri != Constants.XMLNS_NS_URI) { - result.add(nsUri); - } - - // add all namespace URIs from attributes - for (i = 0; i < attrs.getLength(); i++) { - nsUri = attrs.item(i).getNamespaceURI(); - if (nsUri != null && nsUri != Constants.XMLNS_NS_URI) { - result.add(nsUri); - } - } - - // add all namespaces from subelements - for (i = 0; i < childNodes.getLength(); i++) { - Node node = childNodes.item(i); - - if (node.getNodeType() == Node.ELEMENT_NODE) { - collectNamespaceURIsImpl((Element) node, result); - } - } - } - - /** - * Check, that each attribute node in the given <code>NodeList</code> has its - * parent in the <code>NodeList</code> as well. - * - * @param nodes The <code>NodeList</code> to check. - * @return <code>true</code>, if each attribute node in <code>nodes</code> - * has its parent in <code>nodes</code> as well. - */ - public static boolean checkAttributeParentsInNodeList(NodeList nodes) { - Set nodeSet = new HashSet(); - int i; - - // put the nodes into the nodeSet - for (i = 0; i < nodes.getLength(); i++) { - nodeSet.add(nodes.item(i)); - } - - // check that each attribute node's parent is in the node list - for (i = 0; i < nodes.getLength(); i++) { - Node n = nodes.item(i); - - if (n.getNodeType() == Node.ATTRIBUTE_NODE) { - Attr attr = (Attr) n; - Element owner = attr.getOwnerElement(); - - if (owner == null) { - if (!isNamespaceDeclaration(attr)) { - return false; - } - } - - if (!nodeSet.contains(owner) && !isNamespaceDeclaration(attr)) { - return false; - } - } - } - - return true; - } - - /** - * Convert an unstructured <code>NodeList</code> into a - * <code>DocumentFragment</code>. - * - * @param nodeList Contains the node list to be converted into a DOM - * DocumentFragment. - * @return the resulting DocumentFragment. The DocumentFragment will be - * backed by a new DOM Document, i.e. all noded of the node list will be - * cloned. - * @throws ParserConfigurationException An error occurred creating the - * DocumentFragment. - * @precondition The nodes in the node list appear in document order - * @precondition for each Attr node in the node list, the owning Element is - * in the node list as well. - * @precondition each Element or Attr node in the node list is namespace - * aware. - */ - public static DocumentFragment nodeList2DocumentFragment(NodeList nodeList) - throws ParserConfigurationException { - - DocumentBuilder builder = - DocumentBuilderFactory.newInstance().newDocumentBuilder(); - Document doc = builder.newDocument(); - DocumentFragment result = doc.createDocumentFragment(); - - if (null == nodeList || nodeList.getLength() == 0) { - return result; - } - - int currPos = 0; - currPos = - nodeList2DocumentFragment(nodeList, currPos, result, null, null) + 1; - - while (currPos < nodeList.getLength()) { - currPos = - nodeList2DocumentFragment(nodeList, currPos, result, null, null) + 1; - } - return result; - } - - /** - * Helper method for the <code>nodeList2DocumentFragment</code>. - * - * @param nodeList The <code>NodeList</code> to convert. - * @param currPos The current position in the <code>nodeList</code>. - * @param result The resulting <code>DocumentFragment</code>. - * @param currOrgElem The current original element. - * @param currClonedElem The current cloned element. - * @return The current position. - */ - private static int nodeList2DocumentFragment( - NodeList nodeList, - int currPos, - DocumentFragment result, - Element currOrgElem, - Element currClonedElem) { - - while (currPos < nodeList.getLength()) { - Node currentNode = nodeList.item(currPos); - switch (currentNode.getNodeType()) { - case Node.COMMENT_NODE : - case Node.PROCESSING_INSTRUCTION_NODE : - case Node.TEXT_NODE : - { - // Append current node either to resulting DocumentFragment or to - // current cloned Element - if (null == currClonedElem) { - result.appendChild( - result.getOwnerDocument().importNode(currentNode, false)); - } else { - // Stop processing if current Node is not a descendant of - // current Element - if (!isAncestor(currOrgElem, currentNode)) { - return --currPos; - } - - currClonedElem.appendChild( - result.getOwnerDocument().importNode(currentNode, false)); - } - break; - } - - case Node.ELEMENT_NODE : - { - Element nextCurrOrgElem = (Element) currentNode; - Element nextCurrClonedElem = - result.getOwnerDocument().createElementNS( - nextCurrOrgElem.getNamespaceURI(), - nextCurrOrgElem.getNodeName()); - - // Append current Node either to resulting DocumentFragment or to - // current cloned Element - if (null == currClonedElem) { - result.appendChild(nextCurrClonedElem); - currOrgElem = nextCurrOrgElem; - currClonedElem = nextCurrClonedElem; - } else { - // Stop processing if current Node is not a descendant of - // current Element - if (!isAncestor(currOrgElem, currentNode)) { - return --currPos; - } - - currClonedElem.appendChild(nextCurrClonedElem); - } - - // Process current Node (of type Element) recursively - currPos = - nodeList2DocumentFragment( - nodeList, - ++currPos, - result, - nextCurrOrgElem, - nextCurrClonedElem); - - break; - } - - case Node.ATTRIBUTE_NODE : - { - Attr currAttr = (Attr) currentNode; - - // GK 20030411: Hack to overcome problems with IAIK IXSIL - if (currAttr.getOwnerElement() == null) - break; - if (currClonedElem == null) - break; - - // currClonedElem must be the owner Element of currAttr if - // preconditions are met - currClonedElem.setAttributeNS( - currAttr.getNamespaceURI(), - currAttr.getNodeName(), - currAttr.getValue()); - break; - } - - default : - { - // All other nodes will be ignored - } - } - - currPos++; - } - - return currPos; - } - - /** - * Check, if the given attribute is a namespace declaration. - * - * @param attr The attribute to check. - * @return <code>true</code>, if the attribute is a namespace declaration, - * <code>false</code> otherwise. - */ - private static boolean isNamespaceDeclaration(Attr attr) { - return Constants.XMLNS_NS_URI.equals(attr.getNamespaceURI()); - } - - /** - * Check, if a given DOM element is an ancestor of a given node. - * - * @param candAnc The DOM element to check for being the ancestor. - * @param cand The node to check for being the child. - * @return <code>true</code>, if <code>candAnc</code> is an (indirect) - * ancestor of <code>cand</code>; <code>false</code> otherwise. - */ - public static boolean isAncestor(Element candAnc, Node cand) { - Node currPar = cand.getParentNode(); - - while (currPar != null) { - if (candAnc == currPar) - return true; - currPar = currPar.getParentNode(); - } - return false; - } - - /** - * Selects the (first) element from a node list and returns it. - * - * @param nl The NodeList to get the element from. - * @return The (first) element included in the node list or <code>null</code> - * if the node list is <code>null</code> or empty or no element is - * included in the list. - */ - public static Element getElementFromNodeList (NodeList nl) { - if ((nl == null) || (nl.getLength() == 0)) { - return null; - } - for (int i=0; i<nl.getLength(); i++) { - Node node = nl.item(i); - if (node.getNodeType() == Node.ELEMENT_NODE) { - return (Element)node; - } - } - return null; - } - - /** - * Returns all child elements of the given element. - * - * @param parent The element to get the child elements from. - * - * @return A list including all child elements of the given element. - * Maybe empty if the parent element has no child elements. - */ - public static List getChildElements (Element parent) { - Vector v = new Vector(); - NodeList nl = parent.getChildNodes(); - int length = nl.getLength(); - for (int i=0; i < length; i++) { - Node node = nl.item(i); - if (node.getNodeType() == Node.ELEMENT_NODE) { - v.add((Element)node); - } - } - return v; - } - - /** - * Returns a byte array from given node. - * @param node - * @return - * @throws TransformerException - */ - public static byte[] nodeToByteArray(Node node) throws TransformerException { - Source source = new DOMSource(node); - ByteArrayOutputStream out = new ByteArrayOutputStream(); - //StringWriter stringWriter = new StringWriter(); - Result result = new StreamResult(out); - TransformerFactory factory = TransformerFactory.newInstance(); - Transformer transformer = factory.newTransformer(); - transformer.transform(source, result); - return out.toByteArray(); - } - - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java deleted file mode 100644 index 8d6aea164..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java +++ /dev/null @@ -1,146 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.util; - -import java.io.BufferedInputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.net.URL; - -/** - * Utility for accessing files on the file system, and for reading from input streams. - * @author Paul Ivancsics - * @version $Id$ - */ -public class FileUtils { - - /** - * Reads a file, given by URL, into a byte array. - * @param urlString file URL - * @return file content - * @throws IOException on any exception thrown - */ - public static byte[] readURL(String urlString) throws IOException { - URL url = new URL(urlString); - InputStream in = new BufferedInputStream(url.openStream()); - byte[] content = StreamUtils.readStream(in); - in.close(); - return content; - } - - /** - * Reads a file from a resource. - * @param name resource name - * @return file content as a byte array - * @throws IOException on any exception thrown - */ - public static byte[] readResource(String name) throws IOException { - ClassLoader cl = FileUtils.class.getClassLoader(); - BufferedInputStream in = new BufferedInputStream(cl.getResourceAsStream(name)); - byte[] content = StreamUtils.readStream(in); - in.close(); - return content; - } - /** - * Reads a file from a resource. - * @param name filename - * @param encoding character encoding - * @return file content - * @throws IOException on any exception thrown - */ - public static String readResource(String name, String encoding) throws IOException { - byte[] content = readResource(name); - return new String(content, encoding); - } - - /** - * Returns the absolute URL of a given url which is relative to the parameter root - * @param url - * @param root - * @return String - */ - public static String makeAbsoluteURL(String url, String root) { - //if url is relative to rootConfigFileDirName make it absolute - - File keyFile; - String newURL = url; - - if(null == url) return null; - - if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("file:/") || url.startsWith("ftp:/")) { - return url; - } else { - // check if absolute - if not make it absolute - keyFile = new File(url); - if (!keyFile.isAbsolute()) { - keyFile = new File(root, url); - - if (keyFile.toString().startsWith("file:")) - newURL = keyFile.toString(); - - else - newURL = keyFile.toURI().toString(); - - } - return newURL; - } - } - - - private static void copy( InputStream fis, OutputStream fos ) - { - try - { - byte[] buffer = new byte[ 0xFFFF ]; - for ( int len; (len = fis.read(buffer)) != -1; ) - fos.write( buffer, 0, len ); - } - catch( IOException e ) { - System.err.println( e ); - } - finally { - if ( fis != null ) - try { fis.close(); } catch ( IOException e ) { e.printStackTrace(); } - if ( fos != null ) - try { fos.close(); } catch ( IOException e ) { e.printStackTrace(); } - } - } - - public static void copyFile(File src, File dest) - { - try - { - copy( new FileInputStream( src ), new FileOutputStream( dest ) ); - } - catch( IOException e ) { - e.printStackTrace(); - } - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java deleted file mode 100644 index 38dcafcc0..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java +++ /dev/null @@ -1,223 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.util; - -import iaik.x509.X509Certificate; - -import java.io.BufferedInputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.io.InputStream; -import java.net.URL; -import java.security.GeneralSecurityException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.cert.Certificate; - -/** - * Utility for creating and loading key stores. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class KeyStoreUtils { - - /** - * JAVA KeyStore - */ - private static final String KEYSTORE_TYPE_JKS = "JKS"; - - /** - * PKCS12 KeyStore - */ - private static final String KEYSTORE_TYPE_PKCS12 = "PKCS12"; - - - - /** - * Loads a key store from file. - * - * @param keystoreType key store type - * @param urlString URL of key store - * @param password password protecting the key store - * @return key store loaded - * @throws IOException thrown while reading the key store from file - * @throws GeneralSecurityException thrown while creating the key store - */ - public static KeyStore loadKeyStore( - String keystoreType, - String urlString, - String password) - throws IOException, GeneralSecurityException { - - URL keystoreURL = new URL(urlString); - InputStream in = keystoreURL.openStream(); - return loadKeyStore(keystoreType, in, password); - } - /** - * Loads a key store from an <code>InputStream</code>, and - * closes the <code>InputStream</code>. - * - * @param keystoreType key store type - * @param in input stream - * @param password password protecting the key store - * @return key store loaded - * @throws IOException thrown while reading the key store from the stream - * @throws GeneralSecurityException thrown while creating the key store - */ - public static KeyStore loadKeyStore( - String keystoreType, - InputStream in, - String password) - throws IOException, GeneralSecurityException { - - char[] chPassword = null; - if (password != null) - chPassword = password.toCharArray(); - KeyStore ks = KeyStore.getInstance(keystoreType); - ks.load(in, chPassword); - in.close(); - return ks; - } - /** - * Creates a key store from X509 certificate files, aliasing them with - * the index in the <code>String[]</code>, starting with <code>"0"</code>. - * - * @param keyStoreType key store type - * @param certFilenames certificate filenames - * @return key store created - * @throws IOException thrown while reading the certificates from file - * @throws GeneralSecurityException thrown while creating the key store - */ - public static KeyStore createKeyStore( - String keyStoreType, - String[] certFilenames) - throws IOException, GeneralSecurityException { - - KeyStore ks = KeyStore.getInstance(keyStoreType); - ks.load(null, null); - for (int i = 0; i < certFilenames.length; i++) { - Certificate cert = loadCertificate(certFilenames[i]); - ks.setCertificateEntry("" + i, cert); - } - return ks; - } -// /** -// * Creates a key store from a directory containg X509 certificate files, -// * aliasing them with the index in the <code>String[]</code>, starting with <code>"0"</code>. -// * All the files in the directory are considered to be certificates. -// * -// * @param keyStoreType key store type -// * @param certDirURLString file URL of directory containing certificate filenames -// * @return key store created -// * @throws IOException thrown while reading the certificates from file -// * @throws GeneralSecurityException thrown while creating the key store -// */ -// public static KeyStore createKeyStoreFromCertificateDirectory( -// String keyStoreType, -// String certDirURLString) -// throws IOException, GeneralSecurityException { -// -// URL certDirURL = new URL(certDirURLString); -// String certDirname = certDirURL.getFile(); -// File certDir = new File(certDirname); -// String[] certFilenames = certDir.list(); -// String separator = -// (certDirname.endsWith(File.separator) ? "" : File.separator); -// for (int i = 0; i < certFilenames.length; i++) { -// certFilenames[i] = certDirname + separator + certFilenames[i]; -// } -// return createKeyStore(keyStoreType, certFilenames); -// } - - /** - * Loads an X509 certificate from file. - * @param certFilename filename - * @return the certificate loaded - * @throws IOException thrown while reading the certificate from file - * @throws GeneralSecurityException thrown while creating the certificate - */ - private static Certificate loadCertificate(String certFilename) - throws IOException, GeneralSecurityException { - - FileInputStream in = new FileInputStream(certFilename); - Certificate cert = new X509Certificate(in); - in.close(); - return cert; - } - - - /** - * Loads a keyStore without knowing the keyStore type - * @param keyStorePath URL to the keyStore - * @param password Password protecting the keyStore - * @return keyStore loaded - * @throws KeyStoreException thrown if keyStore cannot be loaded - * @throws FileNotFoundException - * @throws IOException - */ - public static KeyStore loadKeyStore(String keyStorePath, String password) throws KeyStoreException, IOException{ - - //InputStream is = new FileInputStream(keyStorePath); - URL keystoreURL = new URL(keyStorePath); - InputStream in = keystoreURL.openStream(); - InputStream isBuffered = new BufferedInputStream(in); - return loadKeyStore(isBuffered, password); - - } - - /** - * Loads a keyStore without knowing the keyStore type - * @param in input stream - * @param password Password protecting the keyStore - * @return keyStore loaded - * @throws KeyStoreException thrown if keyStore cannot be loaded - * @throws FileNotFoundException - * @throws IOException - */ -public static KeyStore loadKeyStore(InputStream is, String password) throws KeyStoreException, IOException{ - is.mark(1024*1024); - KeyStore ks = null; - try { - try { - ks = loadKeyStore(KEYSTORE_TYPE_PKCS12, is, password); - } catch (IOException e2) { - is.reset(); - ks = loadKeyStore(KEYSTORE_TYPE_JKS, is, password); - } - } catch(Exception e) { - e.printStackTrace(); - //throw new KeyStoreException(e); - } - return ks; - - } - - - - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOADefaultHandler.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOADefaultHandler.java index 7a79bd9e5..c0b530ed0 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOADefaultHandler.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOADefaultHandler.java @@ -33,6 +33,8 @@ import org.xml.sax.SAXException; import org.xml.sax.SAXParseException; import org.xml.sax.helpers.DefaultHandler; +import at.gv.egiz.eaaf.core.impl.utils.EAAFDomEntityResolver; + /** * A <code>DefaultHandler</code> that uses a <code>MOAEntityResolver</code> and * a <code>MOAErrorHandler</code>. @@ -48,9 +50,9 @@ public class MOADefaultHandler extends DefaultHandler { /** * Create a new <code>MOADefaultHandler</code>. - */ + */ public MOADefaultHandler() { - entityResolver = new MOAEntityResolver(); + entityResolver = new EAAFDomEntityResolver(); errorHandler = new MOAErrorHandler(); } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeIteratorAdapter.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeIteratorAdapter.java deleted file mode 100644 index fdc823229..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeIteratorAdapter.java +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.util; - -import java.util.ListIterator; - -import org.w3c.dom.DOMException; -import org.w3c.dom.Node; -import org.w3c.dom.traversal.NodeFilter; -import org.w3c.dom.traversal.NodeIterator; - -/** - * A <code>NodeIterator</code> implementation based on a - * <code>ListIterator</code>. - * - * @see java.util.ListIterator - * @see org.w3c.dom.traversal.NodeIterator - * - * @author Patrick Peck - * @version $Id$ - */ -public class NodeIteratorAdapter implements NodeIterator { - - /** The <code>ListIterator</code> to wrap. */ - private ListIterator nodeIterator; - - /** - * Create a new <code>NodeIteratorAdapter</code>. - * @param nodeIterator The <code>ListIterator</code> to iterate over. - */ - public NodeIteratorAdapter(ListIterator nodeIterator) { - this.nodeIterator = nodeIterator; - } - - /** - * @see org.w3c.dom.traversal.NodeIterator#getRoot() - */ - public Node getRoot() { - return null; - } - - /** - * @see org.w3c.dom.traversal.NodeIterator#getWhatToShow() - */ - public int getWhatToShow() { - return NodeFilter.SHOW_ALL; - } - - /** - * @see org.w3c.dom.traversal.NodeIterator#getFilter() - */ - public NodeFilter getFilter() { - return null; - } - - /** - * @see org.w3c.dom.traversal.NodeIterator#getExpandEntityReferences() - */ - public boolean getExpandEntityReferences() { - return false; - } - - /** - * @see org.w3c.dom.traversal.NodeIterator#nextNode() - */ - public Node nextNode() throws DOMException { - if (nodeIterator.hasNext()) { - return (Node) nodeIterator.next(); - } - return null; - } - - /** - * @see org.w3c.dom.traversal.NodeIterator#previousNode() - */ - public Node previousNode() throws DOMException { - if (nodeIterator.hasPrevious()) { - return (Node) nodeIterator.previous(); - } - return null; - } - - /** - * @see org.w3c.dom.traversal.NodeIterator#detach() - */ - public void detach() { - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeListAdapter.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeListAdapter.java deleted file mode 100644 index e39cc0291..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeListAdapter.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.util; - -import java.util.List; - -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; - -/** - * A <code>NodeList</code> implementation based on a <code>List</code>. - * - * @see java.util.List - * @see org.w3c.dom.NodeList - * - * @author Patrick Peck - * @version $Id$ - */ -public class NodeListAdapter implements NodeList { - /** The <code>List</code> to wrap. */ - private List nodeList; - - /** - * Create a new <code>NodeListAdapter</code>. - * - * @param nodeList The <code>List</code> containing the nodes. - */ - public NodeListAdapter(List nodeList) { - this.nodeList = nodeList; - } - - /** - * @see org.w3c.dom.NodeList#item(int) - */ - public Node item(int index) { - return (Node) nodeList.get(index); - } - - /** - * @see org.w3c.dom.NodeList#getLength() - */ - public int getLength() { - return nodeList.size(); - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java deleted file mode 100644 index e4ccd127f..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java +++ /dev/null @@ -1,197 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.util; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.io.PrintStream; - -/** - * Utility methods for streams. - * - * @author Patrick Peck - * @version $Id$ - */ -public class StreamUtils { - - /** - * Compare the contents of two <code>InputStream</code>s. - * - * @param is1 The 1st <code>InputStream</code> to compare. - * @param is2 The 2nd <code>InputStream</code> to compare. - * @return boolean <code>true</code>, if both streams contain the exactly the - * same content, <code>false</code> otherwise. - * @throws IOException An error occurred reading one of the streams. - */ - public static boolean compareStreams(InputStream is1, InputStream is2) - throws IOException { - - byte[] buf1 = new byte[256]; - byte[] buf2 = new byte[256]; - int length1; - int length2; - - try { - while (true) { - length1 = is1.read(buf1); - length2 = is2.read(buf2); - - if (length1 != length2) { - return false; - } - if (length1 <= 0) { - return true; - } - if (!compareBytes(buf1, buf2, length1)) { - return false; - } - } - } catch (IOException e) { - throw e; - } finally { - // close both streams - try { - is1.close(); - is2.close(); - } catch (IOException e) { - // ignore this - } - } - } - - /** - * Compare two byte arrays, up to a given maximum length. - * - * @param b1 1st byte array to compare. - * @param b2 2nd byte array to compare. - * @param length The maximum number of bytes to compare. - * @return <code>true</code>, if the byte arrays are equal, <code>false</code> - * otherwise. - */ - private static boolean compareBytes(byte[] b1, byte[] b2, int length) { - if (b1.length != b2.length) { - return false; - } - - for (int i = 0; i < b1.length && i < length; i++) { - if (b1[i] != b2[i]) { - return false; - } - } - - return true; - } - - /** - * Reads a byte array from a stream. - * @param in The <code>InputStream</code> to read. - * @return The bytes contained in the given <code>InputStream</code>. - * @throws IOException on any exception thrown - */ - public static byte[] readStream(InputStream in) throws IOException { - - ByteArrayOutputStream out = new ByteArrayOutputStream(); - copyStream(in, out, null); - - /* - ByteArrayOutputStream out = new ByteArrayOutputStream(); - int b; - while ((b = in.read()) >= 0) - out.write(b); - - */ - in.close(); - return out.toByteArray(); - } - - /** - * Reads a <code>String</code> from a stream, using given encoding. - * @param in The <code>InputStream</code> to read. - * @param encoding The character encoding to use for converting the bytes - * of the <code>InputStream</code> into a <code>String</code>. - * @return The content of the given <code>InputStream</code> converted into - * a <code>String</code>. - * @throws IOException on any exception thrown - */ - public static String readStream(InputStream in, String encoding) throws IOException { - ByteArrayOutputStream out = new ByteArrayOutputStream(); - copyStream(in, out, null); - - /* - ByteArrayOutputStream out = new ByteArrayOutputStream(); - int b; - while ((b = in.read()) >= 0) - out.write(b); - */ - in.close(); - return out.toString(encoding); - } - - /** - * Reads all data (until EOF is reached) from the given source to the - * destination stream. If the destination stream is null, all data is dropped. - * It uses the given buffer to read data and forward it. If the buffer is - * null, this method allocates a buffer. - * - * @param source The stream providing the data. - * @param destination The stream that takes the data. If this is null, all - * data from source will be read and discarded. - * @param buffer The buffer to use for forwarding. If it is null, the method - * allocates a buffer. - * @exception IOException If reading from the source or writing to the - * destination fails. - */ - private static void copyStream(InputStream source, OutputStream destination, byte[] buffer) throws IOException { - if (source == null) { - throw new NullPointerException("Argument \"source\" must not be null."); - } - if (buffer == null) { - buffer = new byte[8192]; - } - - if (destination != null) { - int bytesRead; - while ((bytesRead = source.read(buffer)) >= 0) { - destination.write(buffer, 0, bytesRead); - } - } else { - while (source.read(buffer) >= 0); - } - } - - /** - * Gets the stack trace of the <code>Throwable</code> passed in as a string. - * @param t The <code>Throwable</code>. - * @return a String representing the stack trace of the <code>Throwable</code>. - */ - public static String getStackTraceAsString(Throwable t) - { - ByteArrayOutputStream stackTraceBIS = new ByteArrayOutputStream(); - t.printStackTrace(new PrintStream(stackTraceBIS)); - return new String(stackTraceBIS.toByteArray()); - } -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathException.java deleted file mode 100644 index 206245a68..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathException.java +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.util; - -import java.io.PrintStream; -import java.io.PrintWriter; - -/** - * An exception occurred evaluating an XPath. - * - * @author Patrick Peck - * @version $Id$ - */ -public class XPathException extends RuntimeException { - /** - * - */ - private static final long serialVersionUID = 1736311265333034392L; -/** The wrapped exception. */ - private Throwable wrapped; - - /** - * Create a <code>XPathException</code>. - * - * @param message The exception message. - * @param wrapped The exception being the likely cause of this exception. - */ - public XPathException(String message, Throwable wrapped) { - super(message); - this.wrapped = wrapped; - } - - /** - * Return the wrapped exception. - * - * @return The wrapped exception being the likely cause of this exception. - */ - public Throwable getWrapped() { - return wrapped; - } - - /** - * @see java.lang.Throwable#printStackTrace(java.io.PrintStream) - */ - public void printStackTrace(PrintStream s) { - super.printStackTrace(s); - if (getWrapped() != null) { - s.print("Caused by: "); - getWrapped().printStackTrace(s); - } - } - - /** - * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter) - */ - public void printStackTrace(PrintWriter s) { - super.printStackTrace(s); - if (getWrapped() != null) { - s.print("Caused by: "); - getWrapped().printStackTrace(s); - } - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java deleted file mode 100644 index 89aeaf3d1..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java +++ /dev/null @@ -1,557 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.util; - -import java.util.List; -import java.util.Map; - -import org.w3c.dom.Attr; -import org.w3c.dom.Element; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; -import org.w3c.dom.traversal.NodeIterator; - -import org.jaxen.JaxenException; -import org.jaxen.NamespaceContext; -import org.jaxen.Navigator; -import org.jaxen.SimpleNamespaceContext; -import org.jaxen.dom.DOMXPath; -import org.jaxen.dom.DocumentNavigator; - -/** - * Utility methods to evaluate XPath expressions on DOM nodes. - * - * @author Patrick Peck - * @version $Id$ - */ -public class XPathUtils { - - /** - * The XPath expression selecting all nodes under a given root (including the - * root node itself). - */ - public static final String ALL_NODES_XPATH = - "(.//. | .//@* | .//namespace::*)"; - - /** The <code>DocumentNavigator</code> to use for navigating the document. */ - private static Navigator documentNavigator = - DocumentNavigator.getInstance(); - /** The default namespace prefix to namespace URI mappings. */ - private static NamespaceContext NS_CONTEXT; - - static { - SimpleNamespaceContext ctx = new SimpleNamespaceContext(); - ctx.addNamespace(Constants.MOA_PREFIX, Constants.MOA_NS_URI); - ctx.addNamespace(Constants.MOA_CONFIG_PREFIX, Constants.MOA_CONFIG_NS_URI); - ctx.addNamespace(Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); - ctx.addNamespace(Constants.SL10_PREFIX, Constants.SL10_NS_URI); - ctx.addNamespace(Constants.SL11_PREFIX, Constants.SL11_NS_URI); - ctx.addNamespace(Constants.SL12_PREFIX, Constants.SL12_NS_URI); - ctx.addNamespace(Constants.ECDSA_PREFIX, Constants.ECDSA_NS_URI); - ctx.addNamespace(Constants.PD_PREFIX, Constants.PD_NS_URI); - ctx.addNamespace(Constants.SAML_PREFIX, Constants.SAML_NS_URI); - ctx.addNamespace(Constants.SAMLP_PREFIX, Constants.SAMLP_NS_URI); - ctx.addNamespace(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); - ctx.addNamespace(Constants.XSLT_PREFIX, Constants.XSLT_NS_URI); - ctx.addNamespace(Constants.XSI_PREFIX, Constants.XSI_NS_URI); - ctx.addNamespace(Constants.DSIG_FILTER2_PREFIX, Constants.DSIG_FILTER2_NS_URI); - ctx.addNamespace(Constants.DSIG_EC_PREFIX, Constants.DSIG_EC_NS_URI); - ctx.addNamespace(Constants.MD_PREFIX, Constants.MD_NS_URI); - ctx.addNamespace(Constants.MDP_PREFIX, Constants.MDP_NS_URI); - ctx.addNamespace(Constants.MVV_PREFIX, Constants.MVV_NS_URI); - ctx.addNamespace(Constants.STB_PREFIX, Constants.STB_NS_URI); - ctx.addNamespace(Constants.WRR_PREFIX, Constants.WRR_NS_URI); - ctx.addNamespace(Constants.STORK_PREFIX, Constants.STORK_NS_URI); - ctx.addNamespace(Constants.STORKP_PREFIX, Constants.STORKP_NS_URI); - ctx.addNamespace(Constants.SAML2_PREFIX, Constants.SAML2_NS_URI); - ctx.addNamespace(Constants.SAML2P_PREFIX, Constants.SAML2P_NS_URI); - ctx.addNamespace(Constants.XENC_PREFIX, Constants.XENC_NS_URI); - ctx.addNamespace(Constants.XADES_1_1_1_NS_PREFIX, Constants.XADES_1_1_1_NS_URI); - NS_CONTEXT = ctx; - } - - /** - * Return a <code>NodeIterator</code> over the nodes matching the XPath - * expression. - * - * All namespace URIs and prefixes declared in the <code>Constants</code> - * interface are used for resolving namespaces. - * - * @param contextNode The root node from which to evaluate the XPath - * expression. - * @param exp The XPath expression to evaluate. - * @return An iterator over the resulting nodes. - * @throws XPathException An error occurred evaluating the XPath expression. - */ - public static NodeIterator selectNodeIterator(Node contextNode, String exp) - throws XPathException { - - return selectNodeIterator(contextNode, NS_CONTEXT, exp); - } - - /** - * Return a <code>NodeIterator</code> over the nodes matching the XPath - * expression. - * - * @param contextNode The root node from which to evaluate the XPath - * expression. - * @param namespaceElement An element from which to build the - * namespace mapping for evaluating the XPath expression - * @param exp The XPath expression to evaluate. - * @return An iterator over the resulting nodes. - * @throws XPathException An error occurred evaluating the XPath expression. - */ - public static NodeIterator selectNodeIterator( - Node contextNode, - Element namespaceElement, - String exp) - throws XPathException { - - try { - SimpleNamespaceContext ctx = new SimpleNamespaceContext(); - ctx.addElementNamespaces(documentNavigator, namespaceElement); - return selectNodeIterator(contextNode, ctx, exp); - } catch (JaxenException e) { - MessageProvider msg = MessageProvider.getInstance(); - String message = msg.getMessage("xpath.00", new Object[] { exp }); - throw new XPathException(message, e); - } - } - - /** - * Return a <code>NodeIterator</code> over the nodes matching the XPath - * expression. - * - * @param contextNode The root node from which to evaluate the XPath - * expression. - * @param namespaceMapping A namespace prefix to namespace URI mapping - * (<code>String</code> to <code>String</code>) for evaluating the XPath - * expression. - * @param exp The XPath expression to evaluate. - * @return An iterator over the resulting nodes. - * @throws XPathException An error occurred evaluating the XPath expression. - */ - public static NodeIterator selectNodeIterator( - Node contextNode, - Map namespaceMapping, - String exp) - throws XPathException { - - SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping); - - return selectNodeIterator(contextNode, ctx, exp); - } - - /** - * Return a <code>NodeIterator</code> over the nodes matching the XPath - * expression. - * - * @param contextNode The root node from which to evaluate the XPath - * expression. - * @param nsContext The <code>NamespaceContext</code> for resolving namespace - * prefixes to namespace URIs for evaluating the XPath expression. - * @param exp The XPath expression to evaluate. - * @return An iterator over the resulting nodes. - * @throws XPathException An error occurred evaluating the XPath expression. - */ - private static NodeIterator selectNodeIterator( - Node contextNode, - NamespaceContext nsContext, - String exp) - throws XPathException { - - try { - DOMXPath xpath = new DOMXPath(exp); - List nodes; - - xpath.setNamespaceContext(nsContext); - nodes = xpath.selectNodes(contextNode); - return new NodeIteratorAdapter(nodes.listIterator()); - } catch (JaxenException e) { - MessageProvider msg = MessageProvider.getInstance(); - String message = msg.getMessage("xpath.00", new Object[] { exp }); - throw new XPathException(message, e); - } - } - - /** - * Return a <code>NodeList</code> of all the nodes matching the XPath - * expression. - * - * All namespace URIs and prefixes declared in the <code>Constants</code> - * interface are used for resolving namespaces. - * - * @param contextNode The root node from which to evaluate the XPath - * expression. - * @param exp The XPath expression to evaluate. - * @return A <code>NodeList</code> containing the matching nodes. - * @throws XPathException An error occurred evaluating the XPath expression. - */ - public static NodeList selectNodeList(Node contextNode, String exp) - throws XPathException { - - return selectNodeList(contextNode, NS_CONTEXT, exp); - } - - /** - * Return a <code>NodeList</code> of all the nodes matching the XPath - * expression. - * - * @param contextNode The root node from which to evaluate the XPath - * expression. - * @param namespaceElement An element from which to build the - * namespace mapping for evaluating the XPath expression - * @param exp The XPath expression to evaluate. - * @return A <code>NodeList</code> containing the matching nodes. - * @throws XPathException An error occurred evaluating the XPath expression. - */ - public static NodeList selectNodeList( - Node contextNode, - Element namespaceElement, - String exp) - throws XPathException { - - try { - SimpleNamespaceContext ctx = new SimpleNamespaceContext(); - - ctx.addElementNamespaces(documentNavigator, namespaceElement); - return selectNodeList(contextNode, ctx, exp); - } catch (JaxenException e) { - MessageProvider msg = MessageProvider.getInstance(); - String message = msg.getMessage("xpath.00", new Object[] { exp }); - throw new XPathException(message, e); - } - } - - /** - * Return a <code>NodeList</code> of all the nodes matching the XPath - * expression. - * - * @param contextNode The root node from which to evaluate the XPath - * expression. - * @param namespaceMapping A namespace prefix to namespace URI mapping - * (<code>String</code> to <code>String</code>) for evaluating the XPath - * expression. - * @param exp The XPath expression to evaluate. - * @return A <code>NodeList</code> containing the matching nodes. - * @throws XPathException An error occurred evaluating the XPath expression. - */ - public static NodeList selectNodeList( - Node contextNode, - Map namespaceMapping, - String exp) - throws XPathException { - - SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping); - - return selectNodeList(contextNode, ctx, exp); - } - - /** - * Return a <code>NodeList</code> of all the nodes matching the XPath - * expression. - * - * @param contextNode The root node from which to evaluate the XPath - * expression. - * @param nsContext The <code>NamespaceContext</code> for resolving namespace - * prefixes to namespace URIs for evaluating the XPath expression. - * @param exp The XPath expression to evaluate. - * @return A <code>NodeList</code> containing the matching nodes. - * @throws XPathException An error occurred evaluating the XPath expression. - */ - private static NodeList selectNodeList( - Node contextNode, - NamespaceContext nsContext, - String exp) - throws XPathException { - - try { - DOMXPath xpath = new DOMXPath(exp); - List nodes; - - xpath.setNamespaceContext(nsContext); - nodes = xpath.selectNodes(contextNode); - return new NodeListAdapter(nodes); - } catch (JaxenException e) { - MessageProvider msg = MessageProvider.getInstance(); - String message = msg.getMessage("xpath.00", new Object[] { exp }); - throw new XPathException(message, e); - } - } - - /** - * Select the first node matching an XPath expression. - * - * All namespace URIs and prefixes declared in the <code>Constants</code> - * interface are used for resolving namespaces. - * - * @param contextNode The root node from which to evaluate the XPath - * expression. - * @param exp The XPath expression to evaluate. - * @return Node The first node matching the XPath expression, or - * <code>null</code>, if no node matched. - * @throws XPathException An error occurred evaluating the XPath expression. - */ - public static Node selectSingleNode(Node contextNode, String exp) - throws XPathException { - - return selectSingleNode(contextNode, NS_CONTEXT, exp); - } - - /** - * Select the first node matching an XPath expression. - * - * @param contextNode The root node from which to evaluate the XPath - * expression. - * @param namespaceElement An element from which to build the - * namespace mapping for evaluating the XPath expression - * @param exp The XPath expression to evaluate. - * @return Node The first node matching the XPath expression, or - * <code>null</code>, if no node matched. - * @throws XPathException An error occurred evaluating the XPath expression. - */ - public static Node selectSingleNode( - Node contextNode, - Element namespaceElement, - String exp) - throws XPathException { - - try { - SimpleNamespaceContext ctx = new SimpleNamespaceContext(); - ctx.addElementNamespaces(documentNavigator, namespaceElement); - - return selectSingleNode(contextNode, ctx, exp); - } catch (JaxenException e) { - MessageProvider msg = MessageProvider.getInstance(); - String message = msg.getMessage("xpath.00", new Object[] { exp }); - throw new XPathException(message, e); - } - } - - /** - * Select the first node matching an XPath expression. - * - * @param contextNode The root node from which to evaluate the XPath - * expression. - * @param namespaceMapping A namespace prefix to namespace URI mapping - * (<code>String</code> to <code>String</code>) for evaluating the XPath - * expression. - * @param exp The XPath expression to evaluate. - * @return Node The first node matching the XPath expression, or - * <code>null</code>, if no node matched. - * @throws XPathException An error occurred evaluating the XPath expression. - */ - public static Node selectSingleNode( - Node contextNode, - Map namespaceMapping, - String exp) - throws XPathException { - - SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping); - - return selectSingleNode(contextNode, ctx, exp); - } - - /** - * Select the first node matching an XPath expression. - * - * @param contextNode The root node from which to evaluate the XPath - * expression. - * @param nsContext The <code>NamespaceContext</code> for resolving namespace - * prefixes to namespace URIs for evaluating the XPath expression. - * @param exp The XPath expression to evaluate. - * @return Node The first node matching the XPath expression, or - * <code>null</code>, if no node matched. - * @throws XPathException An error occurred evaluating the XPath expression. - */ - public static Node selectSingleNode( - Node contextNode, - NamespaceContext nsContext, - String exp) - throws XPathException { - - try { - DOMXPath xpath = new DOMXPath(exp); - xpath.setNamespaceContext(nsContext); - return (Node) xpath.selectSingleNode(contextNode); - } catch (JaxenException e) { - MessageProvider msg = MessageProvider.getInstance(); - String message = msg.getMessage("xpath.00", new Object[] { exp }); - throw new XPathException(message, e); - } - } - - /** - * Return the value of a DOM element whose location is given by an XPath - * expression. - * - * @param root The root element from which to evaluate the XPath. - * @param xpath The XPath expression pointing to the element whose value - * to return. - * @param def The default value to return, if no element can be found using - * the given <code>xpath</code>. - * @return The element value, if it can be located using the - * <code>xpath</code>. Otherwise, <code>def</code> is returned. - */ - public static String getElementValue( - Element root, - String xpath, - String def) { - - Element elem = (Element) XPathUtils.selectSingleNode(root, xpath); - return elem != null ? DOMUtils.getText(elem) : def; - } - - /** - * Return the value of a DOM attribute whose location is given by an XPath - * expression. - * - * @param root The root element from which to evaluate the XPath. - * @param xpath The XPath expression pointing to the attribute whose value to - * return. - * @param def The default value to return, if no attribute can be found using - * the given <code>xpath</code>. - * @return The element value, if it can be located using the - * <code>xpath</code>. Otherwise, <code>def</code> is returned. - */ - public static String getAttributeValue( - Element root, - String xpath, - String def) { - - Attr attr = (Attr) XPathUtils.selectSingleNode(root, xpath); - return attr != null ? attr.getValue() : def; - } - - /** - * Returns the namespace prefix used within <code>XPathUtils</code> for referring to - * the namespace of the specified (Security Layer command) element. - * - * This namespace prefix can be used in various XPath expression evaluation methods - * within <code> XPathUtils</code> without explicitely binding it to the particular - * namespace. - * - * @param contextElement The (Security Layer command) element. - * - * @return the namespace prefix used within <code>XPathUtils</code> for referring to - * the namespace of the specified (Security Layer command) element. - * - * throws XpathException If the specified element has a namespace other than the ones - * known by this implementation as valid Security Layer namespaces (cf. - * @link Constants#SL10_NS_URI, @link Constants#SL11_NS_URI, @link Constants#SL12_NS_URI). - */ - public static String getSlPrefix (Element contextElement) throws XPathException - { - String sLNamespace = contextElement.getNamespaceURI(); - String sLPrefix = null; - - if (sLNamespace.equals(Constants.SL10_NS_URI)) - { - sLPrefix = Constants.SL10_PREFIX; - } - else if (sLNamespace.equals(Constants.SL12_NS_URI)) - { - sLPrefix = Constants.SL12_PREFIX; - } - else if (sLNamespace.equals(Constants.SL11_NS_URI)) - { - sLPrefix = Constants.SL11_PREFIX; - } - else - { - MessageProvider msg = MessageProvider.getInstance(); - String message = msg.getMessage("xpath.00", new Object[] { "Ung�ltiger Security Layer Namespace: \"" + sLNamespace + "\"."}); - throw new XPathException(message, null); - } - - return sLPrefix; - } - - - /** - * Return the SecurityLayer namespace prefix of the context element. - * If the context element is not the element that lies within the - * SecurityLayer namespace. The Securitylayer namespace is derived from - * the <code>xmlns:sl10</code>, <code>sl11</code> or <code>sl</code> - * attribute of the context element. - * - * The returned prefix is needed for evaluating XPATH expressions. - * - * @param contextElement The element to get a prefix for the Securitylayer namespace, - * that is used within the corresponding document. - * - * @return The string <code>sl10</code>, <code>sl11</code> or <code>sl</code>, - * depending on the SecurityLayer namespace of the contextElement. - * - * throws XPathException If no (vlalid) SecurityLayer namespace prefix or namespace - * is defined. - */ - public static String getSlPrefixFromNoRoot (Element contextElement) throws XPathException { - - String slPrefix = checkSLnsDeclaration(contextElement, Constants.SL10_PREFIX, Constants.SL10_NS_URI); - if (slPrefix == null) { - slPrefix = checkSLnsDeclaration(contextElement, Constants.SL11_PREFIX, Constants.SL11_NS_URI); - } - if (slPrefix == null) { - slPrefix = checkSLnsDeclaration(contextElement, Constants.SL12_PREFIX, Constants.SL12_NS_URI); - } - - return slPrefix; - - } - - /** - * Checks if the context element has an attribute <code>xmlns:slPrefix</code> and - * if the prefix of that attribute corresponds with a valid SecurityLayer namespace. - * - * @param contextElement The element to be checked. - * @param slPrefix The prefix which should be checked. Must be a valid SecurityLayer - * namespace prefix. - * @param slNameSpace The SecurityLayer namespace that corresponds to the specified prefix. - * - * @return The valid SecurityLayer prefix or <code>null</code> if this prefix is - * not used. - * @throws XPathException - */ - private static String checkSLnsDeclaration(Element contextElement, String slPrefix, String slNameSpace) - throws XPathException - { - String nsAtt = "xmlns:" + slPrefix; - String nameSpace = contextElement.getAttribute(nsAtt); - if (nameSpace == "") { - return null; - } else { - // check if namespace is correct - if (nameSpace.equals(slNameSpace)) { - return slPrefix; - } else { - MessageProvider msg = MessageProvider.getInstance(); - String message = msg.getMessage("xpath.00", new Object[] { "Ung�ltiger SecurityLayer Namespace: \"" + nameSpace + "\"."}); - throw new XPathException(message, null); - } - } - } - -} diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.4.1.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.4.1.xsd deleted file mode 100644 index 274dbdca1..000000000 --- a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.4.1.xsd +++ /dev/null @@ -1,15 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<xsd:schema targetNamespace="http://uri.etsi.org/01903/v1.4.1#" xmlns="http://uri.etsi.org/01903/v1.4.1#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" elementFormDefault="qualified"> - <xsd:import namespace="http://uri.etsi.org/01903/v1.3.2#" schemaLocation="XAdES-1.3.2.xsd"/> - <!-- Start CertificateValues --> - <xsd:element name="TimeStampValidationData" type="ValidationDataType"/> - <xsd:complexType name="ValidationDataType"> - <xsd:sequence> - <xsd:element ref="xades:CertificateValues" minOccurs="0" /> - <xsd:element ref="xades:RevocationValues" minOccurs="0" /> - </xsd:sequence> - <xsd:attribute name="Id" type="xsd:ID" use="optional"/> - <xsd:attribute name="UR" type="xsd:anyURI" use="optional"/> - </xsd:complexType> - <xsd:element name="ArchiveTimeStampV2" type="xades:XAdESTimeStampType"/> -</xsd:schema> diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.3.2.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v132-201601.xsd index b05691515..e7a5f3a02 100644 --- a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.3.2.xsd +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v132-201601.xsd @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <xsd:schema targetNamespace="http://uri.etsi.org/01903/v1.3.2#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://uri.etsi.org/01903/v1.3.2#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="qualified"> - <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/> + <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/xmldsig-core-schema.xsd"/> <!-- Start auxiliary types definitions: AnyType, ObjectIdentifierType, EncapsulatedPKIDataType and containers for time-stamp tokens --> <!-- Start AnyType --> @@ -125,8 +125,8 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> <xsd:element name="QualifyingProperties" type="QualifyingPropertiesType"/> <xsd:complexType name="QualifyingPropertiesType"> <xsd:sequence> - <xsd:element name="SignedProperties" type="SignedPropertiesType" minOccurs="0"/> - <xsd:element name="UnsignedProperties" type="UnsignedPropertiesType" minOccurs="0"/> + <xsd:element ref="SignedProperties" minOccurs="0"/> + <xsd:element ref="UnsignedProperties" minOccurs="0"/> </xsd:sequence> <xsd:attribute name="Target" type="xsd:anyURI" use="required"/> <xsd:attribute name="Id" type="xsd:ID" use="optional"/> @@ -136,8 +136,8 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> <xsd:element name="SignedProperties" type="SignedPropertiesType"/> <xsd:complexType name="SignedPropertiesType"> <xsd:sequence> - <xsd:element name="SignedSignatureProperties" type="SignedSignaturePropertiesType" minOccurs="0"/> - <xsd:element name="SignedDataObjectProperties" type="SignedDataObjectPropertiesType" minOccurs="0"/> + <xsd:element ref="SignedSignatureProperties" minOccurs="0"/> + <xsd:element ref="SignedDataObjectProperties" minOccurs="0"/> </xsd:sequence> <xsd:attribute name="Id" type="xsd:ID" use="optional"/> </xsd:complexType> @@ -146,21 +146,26 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> <xsd:element name="UnsignedProperties" type="UnsignedPropertiesType"/> <xsd:complexType name="UnsignedPropertiesType"> <xsd:sequence> - <xsd:element name="UnsignedSignatureProperties" type="UnsignedSignaturePropertiesType" minOccurs="0"/> - <xsd:element name="UnsignedDataObjectProperties" type="UnsignedDataObjectPropertiesType" minOccurs="0"/> + <xsd:element ref="UnsignedSignatureProperties" minOccurs="0"/> + <xsd:element ref="UnsignedDataObjectProperties" minOccurs="0"/> </xsd:sequence> <xsd:attribute name="Id" type="xsd:ID" use="optional"/> </xsd:complexType> <!-- End UnsignedProperties--> <!-- Start SignedSignatureProperties--> + <!-- Definition changed: added new optional children for EN --> <xsd:element name="SignedSignatureProperties" type="SignedSignaturePropertiesType"/> <xsd:complexType name="SignedSignaturePropertiesType"> <xsd:sequence> - <xsd:element name="SigningTime" type="xsd:dateTime" minOccurs="0"/> - <xsd:element name="SigningCertificate" type="CertIDListType" minOccurs="0"/> - <xsd:element name="SignaturePolicyIdentifier" type="SignaturePolicyIdentifierType" minOccurs="0"/> - <xsd:element name="SignatureProductionPlace" type="SignatureProductionPlaceType" minOccurs="0"/> - <xsd:element name="SignerRole" type="SignerRoleType" minOccurs="0"/> + <xsd:element ref="SigningTime" minOccurs="0"/> + <xsd:element ref="SigningCertificate" minOccurs="0"/> + <xsd:element ref="SigningCertificateV2" minOccurs="0"/> + <xsd:element ref="SignaturePolicyIdentifier" minOccurs="0"/> + <xsd:element ref="SignatureProductionPlace" minOccurs="0"/> + <xsd:element ref="SignatureProductionPlaceV2" minOccurs="0"/> + <xsd:element ref="SignerRole" minOccurs="0"/> + <xsd:element ref="SignerRoleV2" minOccurs="0"/> + <xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> <xsd:attribute name="Id" type="xsd:ID" use="optional"/> </xsd:complexType> @@ -169,10 +174,11 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> <xsd:element name="SignedDataObjectProperties" type="SignedDataObjectPropertiesType"/> <xsd:complexType name="SignedDataObjectPropertiesType"> <xsd:sequence> - <xsd:element name="DataObjectFormat" type="DataObjectFormatType" minOccurs="0" maxOccurs="unbounded"/> - <xsd:element name="CommitmentTypeIndication" type="CommitmentTypeIndicationType" minOccurs="0" maxOccurs="unbounded"/> - <xsd:element name="AllDataObjectsTimeStamp" type="XAdESTimeStampType" minOccurs="0" maxOccurs="unbounded"/> - <xsd:element name="IndividualDataObjectsTimeStamp" type="XAdESTimeStampType" minOccurs="0" maxOccurs="unbounded"/> + <xsd:element ref="DataObjectFormat" minOccurs="0" maxOccurs="unbounded"/> + <xsd:element ref="CommitmentTypeIndication" minOccurs="0" maxOccurs="unbounded"/> + <xsd:element ref="AllDataObjectsTimeStamp" minOccurs="0" maxOccurs="unbounded"/> + <xsd:element ref="IndividualDataObjectsTimeStamp" minOccurs="0" maxOccurs="unbounded"/> + <xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> <xsd:attribute name="Id" type="xsd:ID" use="optional"/> </xsd:complexType> @@ -181,19 +187,19 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> <xsd:element name="UnsignedSignatureProperties" type="UnsignedSignaturePropertiesType"/> <xsd:complexType name="UnsignedSignaturePropertiesType"> <xsd:choice maxOccurs="unbounded"> - <xsd:element name="CounterSignature" type="CounterSignatureType"/> - <xsd:element name="SignatureTimeStamp" type="XAdESTimeStampType"/> - <xsd:element name="CompleteCertificateRefs" type="CompleteCertificateRefsType"/> - <xsd:element name="CompleteRevocationRefs" type="CompleteRevocationRefsType"/> - <xsd:element name="AttributeCertificateRefs" type="CompleteCertificateRefsType"/> - <xsd:element name="AttributeRevocationRefs" type="CompleteRevocationRefsType"/> - <xsd:element name="SigAndRefsTimeStamp" type="XAdESTimeStampType"/> - <xsd:element name="RefsOnlyTimeStamp" type="XAdESTimeStampType"/> - <xsd:element name="CertificateValues" type="CertificateValuesType"/> - <xsd:element name="RevocationValues" type="RevocationValuesType"/> - <xsd:element name="AttrAuthoritiesCertValues" type="CertificateValuesType"/> - <xsd:element name="AttributeRevocationValues" type="RevocationValuesType"/> - <xsd:element name="ArchiveTimeStamp" type="XAdESTimeStampType"/> + <xsd:element ref="CounterSignature"/> + <xsd:element ref="SignatureTimeStamp"/> + <xsd:element ref="CompleteCertificateRefs"/> + <xsd:element ref="CompleteRevocationRefs"/> + <xsd:element ref="AttributeCertificateRefs"/> + <xsd:element ref="AttributeRevocationRefs"/> + <xsd:element ref="SigAndRefsTimeStamp"/> + <xsd:element ref="RefsOnlyTimeStamp"/> + <xsd:element ref="CertificateValues"/> + <xsd:element ref="RevocationValues"/> + <xsd:element ref="AttrAuthoritiesCertValues"/> + <xsd:element ref="AttributeRevocationValues"/> + <xsd:element ref="ArchiveTimeStamp"/> <xsd:any namespace="##other"/> </xsd:choice> <xsd:attribute name="Id" type="xsd:ID" use="optional"/> @@ -240,6 +246,21 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> </xsd:sequence> </xsd:complexType> <!-- End SigningCertificate --> + <!-- Start SigningCertificateV2 and CertIDListV2Type --> + <xsd:element name="SigningCertificateV2" type="CertIDListV2Type"/> + <xsd:complexType name="CertIDListV2Type"> + <xsd:sequence> + <xsd:element name="Cert" type="CertIDTypeV2" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="CertIDTypeV2"> + <xsd:sequence> + <xsd:element name="CertDigest" type="DigestAlgAndValueType"/> + <xsd:element name="IssuerSerialV2" type="xsd:base64Binary" minOccurs="0"/> + </xsd:sequence> + <xsd:attribute name="URI" type="xsd:anyURI" use="optional"/> + </xsd:complexType> + <!-- End SigningCertificateV2 and CertIDListV2Type --> <!-- Start SignaturePolicyIdentifier --> <xsd:element name="SignaturePolicyIdentifier" type="SignaturePolicyIdentifierType"/> <xsd:complexType name="SignaturePolicyIdentifierType"> @@ -287,6 +308,7 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> <xsd:sequence> <xsd:element ref="ds:Signature"/> </xsd:sequence> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> </xsd:complexType> <!-- End CounterSignature --> <!-- Start DataObjectFormat --> @@ -330,6 +352,18 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> </xsd:sequence> </xsd:complexType> <!-- End SignatureProductionPlace --> + <!-- Start SignatureProductionPlaceV2 and SignatureProductionPlaceV2Type --> + <xsd:element name="SignatureProductionPlaceV2" type="SignatureProductionPlaceV2Type"/> + <xsd:complexType name="SignatureProductionPlaceV2Type"> + <xsd:sequence> + <xsd:element name="City" type="xsd:string" minOccurs="0"/> + <xsd:element name="StreetAddress" type="xsd:string" minOccurs="0"/> + <xsd:element name="StateOrProvince" type="xsd:string" minOccurs="0"/> + <xsd:element name="PostalCode" type="xsd:string" minOccurs="0"/> + <xsd:element name="CountryName" type="xsd:string" minOccurs="0"/> + </xsd:sequence> + </xsd:complexType> + <!-- End SignatureProductionPlace --> <!-- Start SignerRole --> <xsd:element name="SignerRole" type="SignerRoleType"/> <xsd:complexType name="SignerRoleType"> @@ -349,6 +383,38 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> </xsd:sequence> </xsd:complexType> <!-- End SignerRole --> + <!-- Start SignerRoleV2 and SignerRoleV2Type --> + <xsd:element name="SignerRoleV2" type="SignerRoleV2Type"/> + <xsd:complexType name="SignerRoleV2Type"> + <xsd:sequence> + <xsd:element ref="ClaimedRoles" minOccurs="0"/> + <xsd:element ref="CertifiedRolesV2" minOccurs="0"/> + <xsd:element ref="SignedAssertions" minOccurs="0"/> + </xsd:sequence> + </xsd:complexType> + <xsd:element name="ClaimedRoles" type="ClaimedRolesListType"/> + <xsd:element name="CertifiedRolesV2" type="CertifiedRolesListTypeV2"/> + <xsd:element name="SignedAssertions" type="SignedAssertionsListType"/> + <xsd:complexType name="CertifiedRolesListTypeV2"> + <xsd:sequence> + <xsd:element name="CertifiedRole" type="CertifiedRoleTypeV2" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="CertifiedRoleTypeV2"> + <xsd:choice> + <xsd:element ref="X509AttributeCertificate"/> + <xsd:element ref="OtherAttributeCertificate"/> + </xsd:choice> + </xsd:complexType> + <xsd:element name="X509AttributeCertificate" type="EncapsulatedPKIDataType"/> + <xsd:element name="OtherAttributeCertificate" type="AnyType"/> + <xsd:complexType name="SignedAssertionsListType"> + <xsd:sequence> + <xsd:element ref="SignedAssertion" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + <xsd:element name="SignedAssertion" type="AnyType"/> + <!-- End SignerRoleV2 and SignerRoleV2Type --> <xsd:element name="AllDataObjectsTimeStamp" type="XAdESTimeStampType"/> <xsd:element name="IndividualDataObjectsTimeStamp" type="XAdESTimeStampType"/> <xsd:element name="SignatureTimeStamp" type="XAdESTimeStampType"/> @@ -464,3 +530,4 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> <xsd:element name="AttributeRevocationValues" type="RevocationValuesType"/> <xsd:element name="ArchiveTimeStamp" type="XAdESTimeStampType"/> </xsd:schema> + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v141-201601.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v141-201601.xsd new file mode 100644 index 000000000..1f3aaf935 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v141-201601.xsd @@ -0,0 +1,64 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xsd:schema targetNamespace="http://uri.etsi.org/01903/v1.4.1#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns="http://uri.etsi.org/01903/v1.4.1#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" elementFormDefault="qualified"> + <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/xmldsig-core-schema.xsd"/> + <xsd:import namespace="http://uri.etsi.org/01903/v1.3.2#" schemaLocation="http://uri.etsi.org/01903/v1.3.2/XAdES01903v132-201601.xsd"/> + <!-- Start CertificateValues --> + <xsd:element name="TimeStampValidationData" type="ValidationDataType"/> + <xsd:complexType name="ValidationDataType"> + <xsd:sequence> + <xsd:element ref="xades:CertificateValues" minOccurs="0"/> + <xsd:element ref="xades:RevocationValues" minOccurs="0"/> + </xsd:sequence> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + <xsd:attribute name="URI" type="xsd:anyURI" use="optional"/> + </xsd:complexType> + <xsd:element name="SignaturePolicyStore" type="SignaturePolicyStoreType"/> + <xsd:complexType name="SignaturePolicyStoreType"> + <xsd:sequence> + <xsd:element ref="SPDocSpecification"/> + <xsd:choice> + <xsd:element name="SignaturePolicyDocument" type="xsd:base64Binary"/> + <xsd:element name="SigPolDocLocalURI" type="xsd:anyURI"/> + </xsd:choice> + </xsd:sequence> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + </xsd:complexType> + <xsd:element name="SPDocSpecification" type="xades:ObjectIdentifierType"/> + <!-- --> + <!-- Start RenewedDigests--> + <!-- --> + <xsd:element name="RenewedDigests" type="RenewedDigestsType"/> + <xsd:complexType name="RenewedDigestsType"> + <xsd:sequence> + <xsd:element ref="ds:DigestMethod"/> + <xsd:element ref="RecomputedDigestValue" maxOccurs="unbounded"/> + </xsd:sequence> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + </xsd:complexType> + <xsd:element name="RecomputedDigestValue" type="RecomputedDigestValueType"/> + <xsd:complexType name="RecomputedDigestValueType"> + <xsd:simpleContent> + <xsd:extension base="ds:DigestValueType"> + <xsd:attribute name="Order" type="xsd:integer" use="required"/> + </xsd:extension> + </xsd:simpleContent> + </xsd:complexType> + <!-- --> + <!-- End RenewedDigests--> + <!-- --> + <!-- ArchiveTimeStamp in namespace with URI 'http://uri.etsi.org/01903/v1.4.1#'--> + <xsd:element name="ArchiveTimeStamp" type="xades:XAdESTimeStampType"/> + <!--CompleteCertificateRefsV2 and AttributeCertificateRefsV2--> + <xsd:element name="CompleteCertificateRefsV2" type="CompleteCertificateRefsTypeV2"/> + <xsd:element name="AttributeCertificateRefsV2" type="CompleteCertificateRefsTypeV2"/> + <xsd:complexType name="CompleteCertificateRefsTypeV2"> + <xsd:sequence> + <xsd:element name="CertRefs" type="xades:CertIDListV2Type"/> + </xsd:sequence> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + </xsd:complexType> + <!-- SigAndRefsTimeStampV2 and RefsOnlyTimeStampV2--> + <xsd:element name="SigAndRefsTimeStampV2" type="xades:XAdESTimeStampType"/> + <xsd:element name="RefsOnlyTimeStampV2" type="xades:XAdESTimeStampType"/> +</xsd:schema> + diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java index 66bf1faff..51297fce3 100644 --- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java @@ -36,8 +36,8 @@ import javax.xml.parsers.DocumentBuilderFactory; import org.w3c.dom.Document; import org.xml.sax.InputSource; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; import junit.framework.TestCase; /** diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java index 7b1c0cb67..ac121a0b2 100644 --- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java @@ -31,8 +31,8 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NodeList; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; import test.at.gv.egovernment.moa.MOATestCase; /** diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java index e3468b89f..749879c35 100644 --- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java @@ -26,14 +26,11 @@ package test.at.gv.egovernment.moa.util; import java.text.DateFormat; import java.text.ParseException; import java.text.SimpleDateFormat; -import java.util.Calendar; import java.util.Date; -import java.util.GregorianCalendar; import java.util.TimeZone; -import junit.framework.TestCase; - import at.gv.egovernment.moa.util.DateTimeUtils; +import junit.framework.TestCase; /** * @author Patrick Peck diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java index 8941ab4cf..c52f52fa8 100644 --- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java @@ -26,13 +26,13 @@ import java.io.BufferedInputStream; import java.io.FileInputStream; import java.io.IOException; -import at.gv.egovernment.moa.util.StreamUtils; +import at.gv.egiz.eaaf.core.impl.utils.StreamUtils; /** * @author tlenz * */ -public class FileUtils extends at.gv.egovernment.moa.util.FileUtils { +public class FileUtils extends at.gv.egiz.eaaf.core.impl.utils.FileUtils { /** * Reads a file, given by URL, into a String. diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java index be5581139..6d341b88b 100644 --- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java @@ -34,8 +34,7 @@ import java.security.Security; import java.security.cert.X509Certificate; import java.util.Enumeration; -import at.gv.egovernment.moa.util.KeyStoreUtils; - +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; import junit.framework.TestCase; /** diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java index 15e6a62f3..4837caa2b 100644 --- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java @@ -26,10 +26,9 @@ package test.at.gv.egovernment.moa.util; import org.w3c.dom.Document; import org.w3c.dom.NodeList; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import test.at.gv.egovernment.moa.MOATestCase; -import at.gv.egovernment.moa.util.XPathUtils; - /** * @author Patrick Peck diff --git a/id/server/moa-id-frontend-resources/pom.xml b/id/server/moa-id-frontend-resources/pom.xml index 342cedac8..4a960e359 100644 --- a/id/server/moa-id-frontend-resources/pom.xml +++ b/id/server/moa-id-frontend-resources/pom.xml @@ -106,6 +106,10 @@ <groupId>MOA.id.server</groupId> <artifactId>moa-id-commons</artifactId> </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf-core</artifactId> + </dependency> <dependency> <groupId>org.springframework</groupId> diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java new file mode 100644 index 000000000..f32b90eb0 --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java @@ -0,0 +1,33 @@ +package at.gv.egovernment.moa.id.auth.frontend; + +import java.net.MalformedURLException; +import java.net.URI; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfigurationFactory; +import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; + +public class MOAIDGuiBilderConfigurationFactory implements IGUIBuilderConfigurationFactory { + + @Override + public IGUIBuilderConfiguration getDefaultErrorGUI(String authURL) { + return new DefaultGUIFormBuilderConfiguration(authURL, + DefaultGUIFormBuilderConfiguration.VIEW_ERRORMESSAGE, null); + + } + + @Override + public IGUIBuilderConfiguration getSPSpecificSAML2PostConfiguration(IRequest pendingReq, String viewName, URI configRootDir) + throws MalformedURLException { + return new SPSpecificGUIBuilderConfigurationWithFileSystemLoad( + pendingReq, + viewName, + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, + null, + configRootDir.toURL().toString()); + + } +} diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java deleted file mode 100644 index d57834192..000000000 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java +++ /dev/null @@ -1,110 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.frontend.builder; - -import java.util.HashMap; -import java.util.Map; - -import at.gv.egovernment.moa.util.MiscUtil; - -/** - * @author tlenz - * - */ -public abstract class AbstractGUIFormBuilderConfiguration implements IGUIBuilderConfiguration { - - public static final String PARAM_AUTHCONTEXT = "contextPath"; - public static final String PARAM_FORMSUBMITENDPOINT = "submitEndpoint"; - - public static final String PARAM_PENDINGREQUESTID = "pendingReqID"; - - private String authURL = null; - private String viewName = null; - private String formSubmitEndpoint = null; - - /** - * @param authURL IDP PublicURL-Prefix which should be used, but never null - * @param viewName Name of the template (with suffix) but never null - * @param formSubmitEndpoint EndPoint on which the form should be submitted, - * or null if the form must not submitted - * - */ - public AbstractGUIFormBuilderConfiguration(String authURL, String viewName, String formSubmitEndpoint) { - if (viewName.startsWith("/")) - this.viewName = viewName.substring(1); - else - this.viewName = viewName; - - if (authURL.endsWith("/")) - this.authURL = authURL.substring(0, authURL.length() - 1); - else - this.authURL = authURL; - - if (MiscUtil.isNotEmpty(formSubmitEndpoint)) { - if (formSubmitEndpoint.startsWith("/")) - this.formSubmitEndpoint = formSubmitEndpoint; - else - this.formSubmitEndpoint = "/" + formSubmitEndpoint; - } - } - - - /** - * Define the parameters, which should be evaluated in the template <br> - * <b>IMPORTANT:</b> external HTML escapetion is required, because it is NOT done internally during the building process - * - * @return Map of parameters, which should be added to template - */ - abstract protected Map<String, Object> getSpecificViewParameters(); - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewName() - */ - @Override - public final String getViewName() { - return this.viewName; - - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewParameters() - */ - @Override - public final Map<String, Object> getViewParameters() { - //get parameters from detail implementation - Map<String, Object> specParams = getSpecificViewParameters(); - if (specParams == null) - specParams = new HashMap<String, Object>(); - - //add generic parameters - specParams.put(PARAM_AUTHCONTEXT, this.authURL); - if (this.formSubmitEndpoint != null) - specParams.put(PARAM_FORMSUBMITENDPOINT, this.formSubmitEndpoint); - - return specParams; - - } - -} diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java index ad068ac49..c9dcd291a 100644 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java @@ -29,10 +29,11 @@ import java.util.Map; import org.apache.commons.lang.StringEscapeUtils; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.gui.AbstractGUIFormBuilderConfiguration; import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.CPEPS; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -62,6 +63,7 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration public static final String PARAM_OANAME = "OAName"; public static final String PARAM_COUNTRYLIST = "countryList"; + public static final String PARAM_EIDAS_VISIBLE = "eIDASVisible"; protected IRequest pendingReq = null; protected String templateClasspahtDir = null; @@ -121,10 +123,10 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration params.put(PARAM_BKU_LOCAL, IOAAuthParameters.LOCALBKU); if (pendingReq != null) { - params.put(PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getRequestID())); + params.put(PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getPendingRequestId())); //add service-provider specific GUI parameters - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); if (oaParam != null) { params.put(PARAM_OANAME, StringEscapeUtils.escapeHtml(oaParam.getFriendlyName())); @@ -140,10 +142,15 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration params.put(PARAM_BKU_URL_THIRD, oaParam.getBKUURL(IOAAuthParameters.THIRDBKU)); //set eIDAS login information if requird - if (oaParam.isShowStorkLogin()) + if (oaParam.isShowStorkLogin()) { addCountrySelection(params, oaParam); - else - params.put(PARAM_COUNTRYLIST, ""); + params.put(PARAM_EIDAS_VISIBLE, ""); + + } else { + params.put(PARAM_COUNTRYLIST, ""); + params.put(PARAM_EIDAS_VISIBLE, FormBuildUtils.TEMPLATEVISIBLE); + + } FormBuildUtils.customiceLayoutBKUSelection(params, oaParam); @@ -170,7 +177,7 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration */ private void addCountrySelection(Map<String, Object> params, IOAAuthParameters oaParam) { String pepslist = ""; - try { + try { for (CPEPS current : oaParam.getPepsList()) { String countryName = null; if (MiscUtil.isNotEmpty(MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getFullCountryCode().toUpperCase()))) @@ -205,14 +212,14 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration */ @Override public InputStream getTemplate(String viewName) { - if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null) { + if (pendingReq != null && pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class) != null) { byte[] oatemplate = null; if (VIEW_BKUSELECTION.equals(viewName)) - oatemplate = pendingReq.getOnlineApplicationConfiguration().getBKUSelectionTemplate(); + oatemplate = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getBKUSelectionTemplate(); else if (VIEW_SENDASSERTION.equals(viewName)) - oatemplate = pendingReq.getOnlineApplicationConfiguration().getSendAssertionTemplate(); + oatemplate = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getSendAssertionTemplate(); // OA specific template requires a size of 8 bits minimum if (oatemplate != null && oatemplate.length > 7) diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java index 8cc7040dc..e59c19219 100644 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java @@ -28,7 +28,9 @@ import java.util.Map; import org.apache.commons.lang.StringEscapeUtils; -import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.impl.gui.AbstractGUIFormBuilderConfiguration; /** * This class builds MOA-ID GUI forms from default resource paths @@ -36,7 +38,7 @@ import at.gv.egovernment.moa.id.commons.api.IRequest; * @author tlenz * */ -public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderConfiguration { +public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderConfiguration implements ModifyableGuiBuilderConfiguration { public static final String VIEW_REDIRECT = "redirectForm.html"; public static final String VIEW_ERRORMESSAGE = "error_message.html"; @@ -70,13 +72,10 @@ public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderCo } - /** - * Add a key/value pair into Velocity context.<br> - * <b>IMPORTANT:</b> external HTML escapetion is required, because it is NOT done internally - * - * @param key velocity context key - * @param value of this key + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.frontend.builder.ModifyableGuiBuilderConfiguration#putCustomParameterWithOutEscaption(java.lang.String, java.lang.Object) */ + @Override public void putCustomParameterWithOutEscaption(String key, Object value) { if (customParameters == null) customParameters = new HashMap<String, Object>(); @@ -84,13 +83,10 @@ public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderCo customParameters.put(key, value); } - /** - * Add a key/value pair into Velocity context.<br> - * All parameters get escaped internally - * - * @param key velocity context key - * @param value of this key + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.frontend.builder.ModifyableGuiBuilderConfiguration#putCustomParameter(java.lang.String, java.lang.String) */ + @Override public void putCustomParameter(String key, String value) { if (customParameters == null) customParameters = new HashMap<String, Object>(); @@ -106,7 +102,7 @@ public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderCo public Map<String, Object> getSpecificViewParameters() { Map<String, Object> params = new HashMap<String, Object>(); if (pendingReq != null) { - params.put(PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getRequestID())); + params.put(PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getPendingRequestId())); } if (customParameters != null) diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java index 285c90163..43d499589 100644 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java @@ -22,152 +22,40 @@ */ package at.gv.egovernment.moa.id.auth.frontend.builder; -import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; -import java.io.IOException; import java.io.InputStream; -import java.io.InputStreamReader; -import java.io.StringWriter; import java.net.URI; -import java.util.Iterator; -import java.util.Map; -import java.util.Map.Entry; -import javax.servlet.http.HttpServletResponse; - -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; -import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; -import at.gv.egovernment.moa.id.commons.MOAIDConstants; +import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration; +import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; +import at.gv.egiz.eaaf.core.impl.gui.AbstractGUIFormBuilderImpl; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz * */ @Service("guiFormBuilder") -public class GUIFormBuilderImpl implements IGUIFormBuilder { +public class GUIFormBuilderImpl extends AbstractGUIFormBuilderImpl { - private static final String DEFAULT_CONTENT_TYPE = MOAIDConstants.DEFAULT_CONTENT_TYPE_HTML_UTF8; + private static final String CONFIG_HTMLTEMPLATES_DIR = "htmlTemplates/"; private static final String CLASSPATH_HTMLTEMPLATES_DIR = "templates/"; @Autowired private AuthConfiguration authConfig; - private VelocityEngine engine; - + public GUIFormBuilderImpl() throws GUIBuildException { - try { - engine = VelocityProvider.getClassPathVelocityEngine(); - - } catch (Exception e) { - Logger.fatal("Initialization of Velocity-Engine to render GUI components FAILED.", e); - throw new GUIBuildException("Initialization of Velocity-Engine to render GUI components FAILED.", e); - - } + super(); } - - public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String loggerName) throws GUIBuildException { - build(httpResp, config, getInternalContentType(config), loggerName); - - } - - @Override - public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, - String contentType, String loggerName) throws GUIBuildException { - - InputStream is = null; - try { - String viewName = config.getViewName(); - is = getTemplateInputStream(config); - - //build Velocity Context from input paramters - VelocityContext context = buildContextFromViewParams(config.getViewParameters()); - - //evaluate template - StringWriter writer = new StringWriter(); - engine.evaluate(context, writer, loggerName, new BufferedReader(new InputStreamReader(is))); - - //write template to response - final byte[] content = writer.toString().getBytes("UTF-8"); - httpResp.setStatus(HttpServletResponse.SC_OK); - httpResp.setContentLength(content.length); - httpResp.setContentType(contentType); - httpResp.getOutputStream().write(content); - - if (Logger.isTraceEnabled()) { - Logger.trace("Write Content for viewName:" + viewName - + ". Contentsize:" + String.valueOf(content.length) - + " BufferSize:" + httpResp.getBufferSize() - + " ContentType:" + contentType); - for (String el : httpResp.getHeaderNames()) - Logger.trace(" * Headername:" + el + " Value:" + httpResp.getHeader(el)); - } - - } catch (IOException e) { - Logger.error("GUI form-builder has an internal error.", e); - throw new GUIBuildException("GUI form-builder has an internal error.", e); - - } finally { - if (is != null) - try { - is.close(); - - } catch (IOException e) { - Logger.error("Can NOT close GUI-Template InputStream.", e); - - } - } - - } - - /** - * Generate a new {@link VelocityContext} and populate it with MOA-ID GUI parameters - * - * @param config - * @return - */ - public VelocityContext generateVelocityContextFromConfiguration(IGUIBuilderConfiguration config) { - return buildContextFromViewParams(config.getViewParameters()); - - } - - /** - * Load the template from different resources - * - * @param config - * @return An {@link InputStream} but never null. The {@link InputStream} had to be closed be the invoking method - * @throws GUIBuildException - */ - public InputStream getTemplateInputStream(IGUIBuilderConfiguration config) throws GUIBuildException { - InputStream is = getInternalTemplate(config); - if (is == null) { - Logger.warn("No GUI with viewName:" + config.getViewName() + " FOUND."); - throw new GUIBuildException("No GUI with viewName:" + config.getViewName() + " FOUND."); - - } - return is; - - } - - private String getInternalContentType(IGUIBuilderConfiguration config) { - if (MiscUtil.isEmpty(config.getDefaultContentType())) - return DEFAULT_CONTENT_TYPE; - - else - return config.getDefaultContentType(); - - } - - private InputStream getInternalTemplate(IGUIBuilderConfiguration config) throws GUIBuildException { + @Override + protected InputStream getInternalTemplate(IGUIBuilderConfiguration config) throws GUIBuildException { String viewName = config.getViewName(); //load specific template @@ -191,7 +79,7 @@ public class GUIFormBuilderImpl implements IGUIFormBuilder { Logger.debug("GUI template:" + viewName + " is not found in configuration directory. " + " Load template from project library ... "); try { - pathLocation = getInternalClasspathTemplateDir(config) + viewName; + pathLocation = super.getInternalClasspathTemplateDir(config, CLASSPATH_HTMLTEMPLATES_DIR) + viewName; is = Thread.currentThread() .getContextClassLoader() .getResourceAsStream(pathLocation); @@ -217,39 +105,4 @@ public class GUIFormBuilderImpl implements IGUIFormBuilder { } - - /** - * @return - */ - private String getInternalClasspathTemplateDir(IGUIBuilderConfiguration config) { - String dir = config.getClasspathTemplateDir(); - if (dir != null) { - if (!dir.endsWith("/")) - dir += "/"; - - return dir; - - } else - return CLASSPATH_HTMLTEMPLATES_DIR; - } - - /** - * @param viewParams - * @return - */ - private VelocityContext buildContextFromViewParams(Map<String, Object> viewParams) { - VelocityContext context = new VelocityContext(); - - if (viewParams != null) { - Iterator<Entry<String, Object>> interator = viewParams.entrySet().iterator(); - while (interator.hasNext()) { - Entry<String, Object> el = interator.next(); - context.put(el.getKey(), el.getValue()); - } - - } - - return context; - } - } diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIBuilderConfiguration.java deleted file mode 100644 index 51f6295c7..000000000 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIBuilderConfiguration.java +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.frontend.builder; - -import java.io.InputStream; -import java.util.Map; - -/** - * @author tlenz - * - */ -public interface IGUIBuilderConfiguration { - - - /** - * Define the name of the template (with suffix) which should be used - * - * @return templatename, but never null - */ - public String getViewName(); - - /** - * Define the parameters, which should be evaluated in the template - * - * @return Map of parameters, which should be added to template - */ - public Map<String, Object> getViewParameters(); - - - /** - * Get a specific classpath template-directory prefix, which is used - * to load a template from classpath by using <code>ClassLoader.getResourceAsStream(...)</code> - * - * @return Classpath directory, or null if the default directory should be used - */ - public String getClasspathTemplateDir(); - - /** - * Get the GUI template with a specific name - * - * @param viewName Name of the template - * @return Tempate as <code>InputStream</code>, or null if default getTemplate method should be used - */ - public InputStream getTemplate(String viewName); - - /** - * Get the contentType, which should be set in HTTP response - * <br><br> - * <b>DefaultValue:</b> text/html;charset=UTF-8 - * - * @return ContentType, or null if default ContentType should be used. - */ - public String getDefaultContentType(); -} diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java deleted file mode 100644 index 8e8a63094..000000000 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.frontend.builder; - -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; - -/** - * @author tlenz - * - */ -public interface IGUIFormBuilder { - - /** - * Parse a GUI template, with parameters into a http servlet-response - * and use the default http-response content-type. - * <br><br> - * The parser use the <code>VelocityEngine</code> as internal template evaluator. - * - * @param httpResp http-response object - * @param viewName Name of the template (with suffix), which should be used. - * The template is selected by using the <code>getTemplate(String viewName)</code> method - * @param viewParams Map of parameters, which should be added to template - * @param loggerName String, which should be used from logger - * - * @throws GUIBuildException - */ - public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String loggerName) throws GUIBuildException; - - /** - * Parse a GUI template, with parameters into a http servlet-response. - * <br><br> - * The parser use the <code>VelocityEngine</code> as internal template evaluator. - * - * @param httpResp http-response object - * @param viewName Name of the template (with suffix), which should be used. - * The template is selected by using the <code>getTemplate(String viewName)</code> method - * @param viewParams Map of parameters, which should be added to template - * @param contentType http-response content-type, which should be set - * @param loggerName String, which should be used from logger - * - * @throws GUIBuildException - */ - void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String contentType, - String loggerName) throws GUIBuildException; - -} diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java index 0215afc41..8afda3c71 100644 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java @@ -25,7 +25,8 @@ package at.gv.egovernment.moa.id.auth.frontend.builder; import java.io.ByteArrayInputStream; import java.io.InputStream; -import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; /** * @author tlenz @@ -62,14 +63,14 @@ public class SPSpecificGUIBuilderConfigurationWithDBLoad extends AbstractService */ @Override public InputStream getTemplate(String viewName) { - if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null) { + if (pendingReq != null && pendingReq.getServiceProviderConfiguration() != null) { byte[] oatemplate = null; if (VIEW_BKUSELECTION.equals(viewName)) - oatemplate = pendingReq.getOnlineApplicationConfiguration().getBKUSelectionTemplate(); + oatemplate = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getBKUSelectionTemplate(); else if (VIEW_SENDASSERTION.equals(viewName)) - oatemplate = pendingReq.getOnlineApplicationConfiguration().getSendAssertionTemplate(); + oatemplate = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getSendAssertionTemplate(); // OA specific template requires a size of 8 bits minimum if (oatemplate != null && oatemplate.length > 7) diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java index b5c50004b..3e2bdda10 100644 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java @@ -31,9 +31,9 @@ import java.net.URI; import java.net.URISyntaxException; import java.net.URL; -import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; /** @@ -81,10 +81,10 @@ public class SPSpecificGUIBuilderConfigurationWithFileSystemLoad extends Abstrac */ @Override public InputStream getTemplate(String viewName) { - if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null && + if (pendingReq != null && pendingReq.getServiceProviderConfiguration() != null && configKeyIdentifier != null) { try { - String templateURL = pendingReq.getOnlineApplicationConfiguration().getConfigurationValue(configKeyIdentifier); + String templateURL = pendingReq.getServiceProviderConfiguration().getConfigurationValue(configKeyIdentifier); if (MiscUtil.isNotEmpty(templateURL)) { String absURL = FileUtils.makeAbsoluteURL(templateURL, configRootContextDir); if (!absURL.startsWith("file:")) { diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/exception/GUIBuildException.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/exception/GUIBuildException.java deleted file mode 100644 index fff458546..000000000 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/exception/GUIBuildException.java +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.frontend.exception; - -/** - * @author tlenz - * - */ -public class GUIBuildException extends Exception { - - private static final long serialVersionUID = -278663750102498205L; - - /** - * @param string - */ - public GUIBuildException(String msg) { - super(msg); - - } - - public GUIBuildException(String msg, Throwable e) { - super(msg, e); - - } - -} diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java index 66bfd9c3e..248bde700 100644 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java @@ -50,12 +50,10 @@ public class FormBuildUtils { private static String PARAM_MANDATEVISIBLE = "MANDATEVISIBLE"; private static String PARAM_MANDATECHECKED = "MANDATECHECKED"; - private static String PARAM_STORKVISIBLE = "STORKVISIBLE"; - - private static final String TEMPLATEVISIBLE = " unvisible"; - private static final String TEMPLATEDISABLED = "disabled=\"true\""; - private static final String TEMPLATECHECKED = "checked=\"true\""; - private static final String TEMPLATE_ARIACHECKED = "aria-checked="; + public static final String TEMPLATEVISIBLE = " unvisible"; + public static final String TEMPLATEDISABLED = "disabled=\"true\""; + public static final String TEMPLATECHECKED = "checked=\"true\""; + public static final String TEMPLATE_ARIACHECKED = "aria-checked="; static { @@ -76,7 +74,7 @@ public class FormBuildUtils { defaultmap.put(PARAM_REDIRECTTARGET, "_top"); } - } + } public static void customiceLayoutBKUSelection(Map<String, Object> params, IOAAuthParameters oaParam) { @@ -91,12 +89,7 @@ public class FormBuildUtils { } else params.put(PARAM_MANDATECHECKED, TEMPLATE_ARIACHECKED + "\"false\""); - - if (oaParam.isShowStorkLogin()) - params.put(PARAM_STORKVISIBLE, ""); - else - params.put(PARAM_STORKVISIBLE, TEMPLATEVISIBLE); - + //add more SP specific infos setFormCustomizatenFromSP(params, oaParam); @@ -126,7 +119,6 @@ public class FormBuildUtils { public static void defaultLayoutBKUSelection(Map<String, Object> params) { params.put(PARAM_MANDATEVISIBLE, TEMPLATEVISIBLE); params.put(PARAM_MANDATECHECKED, TEMPLATE_ARIACHECKED + "\"false\""); - params.put(PARAM_STORKVISIBLE, TEMPLATEVISIBLE); params.putAll(getDefaultMap()); } diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java deleted file mode 100644 index 3d5c5ed2f..000000000 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java +++ /dev/null @@ -1,99 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.auth.frontend.velocity; - -import org.apache.velocity.app.Velocity; -import org.apache.velocity.runtime.RuntimeServices; -import org.apache.velocity.runtime.log.LogChute; - -import at.gv.egovernment.moa.logging.Logger; - -public class VelocityLogAdapter implements LogChute { - - public VelocityLogAdapter() { - try - { - /* - * register this class as a logger with the Velocity singleton - * (NOTE: this would not work for the non-singleton method.) - */ - Velocity.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, this ); - Velocity.init(); - } - catch (Exception e) - { - Logger.error("Failed to register Velocity logger"); - } - } - - public void init(RuntimeServices arg0) throws Exception { - } - - public boolean isLevelEnabled(int arg0) { - switch(arg0) { - case LogChute.DEBUG_ID: - return Logger.isDebugEnabled(); - case LogChute.TRACE_ID: - return Logger.isTraceEnabled(); - default: - return true; - } - } - - public void log(int arg0, String arg1) { - switch(arg0) { - case LogChute.DEBUG_ID: - Logger.debug(arg1); - break; - case LogChute.TRACE_ID: - Logger.trace(arg1); - break; - case LogChute.INFO_ID: - Logger.info(arg1); - break; - case LogChute.WARN_ID: - Logger.warn(arg1); - break; - case LogChute.ERROR_ID: - default: - Logger.error(arg1); - break; - } - } - - public void log(int arg0, String arg1, Throwable arg2) { - switch(arg0) { - case LogChute.DEBUG_ID: - case LogChute.TRACE_ID: - case LogChute.INFO_ID: - case LogChute.WARN_ID: - Logger.warn(arg1, arg2); - break; - case LogChute.ERROR_ID: - default: - Logger.error(arg1, arg2); - break; - } - } - -} diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java deleted file mode 100644 index 015d8e321..000000000 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java +++ /dev/null @@ -1,121 +0,0 @@ -/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-/**
- *
- */
-package at.gv.egovernment.moa.id.auth.frontend.velocity;
-
-import org.apache.velocity.app.Velocity;
-import org.apache.velocity.app.VelocityEngine;
-import org.apache.velocity.runtime.RuntimeConstants;
-
-/**
- * Gets a Velocity Engine
- *
- * @author bzwattendorfer
- *
- */
-public class VelocityProvider {
-
- private static VelocityEngine velocityEngine = null;
-
- /**
- * Gets velocityEngine from Classpath
- * @return VelocityEngine
- * @throws Exception
- */
- public static VelocityEngine getClassPathVelocityEngine() throws Exception {
- if (velocityEngine == null) {
- velocityEngine = getBaseVelocityEngine();
- velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
- velocityEngine.setProperty("classpath.resource.loader.class",
- "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
- velocityEngine.init();
-
- }
-
- return velocityEngine;
- }
-
- /**
- * Gets VelocityEngine from File
- * @param rootPath File Path to template file
- * @return VelocityEngine
- * @throws Exception
- */
- public static VelocityEngine getFileVelocityEngine(String rootPath) throws Exception {
- if (velocityEngine == null) {
- velocityEngine = getBaseVelocityEngine();
- velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "file");
- velocityEngine.setProperty("file.resource.loader.class",
- "org.apache.velocity.runtime.resource.loader.FileResourceLoader");
- velocityEngine.setProperty("file.resource.loader.path", rootPath);
-
- velocityEngine.init();
-
- }
-
- return velocityEngine;
- }
-
- /**
- * Gets a basic VelocityEngine
- * @return VelocityEngine
- */
- private static VelocityEngine getBaseVelocityEngine() {
- VelocityEngine velocityEngine = new VelocityEngine();
- velocityEngine.setProperty(RuntimeConstants.INPUT_ENCODING, "UTF-8");
- velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
-// velocityEngine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
-// "org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
- velocityEngine.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, new VelocityLogAdapter() );
-
- return velocityEngine;
- }
-
-}
diff --git a/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS.png b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS.png Binary files differnew file mode 100644 index 000000000..8958cf2e6 --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS.png diff --git a/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS_small.png b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS_small.png Binary files differnew file mode 100644 index 000000000..6c785bf06 --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS_small.png diff --git a/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS_small_deactivated.png b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS_small_deactivated.png Binary files differnew file mode 100644 index 000000000..21050502f --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS_small_deactivated.png diff --git a/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/index.html b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/index.html index 7fc2b0298..13fe891b7 100644 --- a/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/index.html +++ b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/index.html @@ -2,7 +2,7 @@ <html> <head> <meta http-equiv="content-type" content="text/html; charset=utf8" > - <title>MOA-ID 3.3.x</title> + <title>MOA-ID 3.4.x</title> <link rel="stylesheet" href="./common/main.css" type="text/css"> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <link href='https://fonts.googleapis.com/css?family=Roboto:300,400' rel='stylesheet' type='text/css'> @@ -72,20 +72,20 @@ <ul> <!--li><a href="_index.html">Allgemein</a></li--> <!--li><a href="http://joinup.ec.europa.eu/site/moa-idspss/">Dokumentation</a></li--> - <li><a href="http://joinup.ec.europa.eu/site/moa-idspss/moa-id-3.x/doc/handbook">Dokumentation</a></li> + <li><a href="https://apps.egiz.gv.at/handbooks/moa-id/handbook/index.html">Dokumentation</a></li> <!--Link zu den Demo-Clients--> - <li><a href=#>Demo Clients</a></li> + <!--li><a href=#>Demo Clients</a></li--> <!--Link zum Konfigtool--> - <li><a href="https://localhost:8443/moa-id-configuration">Konfiguration GUI</a></li> - <li><a href="./TransferSSOSession">Transfer Single Sign-On Session to Smartphone App</a></li> + <!--li><a href="https://localhost:8443/moa-id-configuration">Konfiguration GUI</a></li--> + <!--li><a href="./TransferSSOSession">Transfer Single Sign-On Session to Smartphone App</a></li--> </ul> </nav> - <div id="demologin" class="container"> + <!--div id="demologin" class="container"> <br/> <a href="#" id="loginButton" class="button" onClick="PVP2LoginIframe('https://menja.iaik.tugraz.at:8443/moa-id-oa/servlet/pvp2login')">Login</a> <p id="loginText">Über den Login-Button können Sie sich anschließend bei Ihrer Online-Applikation mit der Bürgerkarte oder der Handysignatur anmelden. Dazu müssen Sie allerdings zuvor die Applikation gemäß <a href="http://joinup.ec.europa.eu/site/moa-idspss/moa-id-3.x/doc/handbook/application/application.html#DemoApp_pvp21">Beschreibung</a> konfigurieren.</p> - </div> + </div--> </div> </body> diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css b/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css index c8de82c50..40e8eae7a 100644 --- a/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css +++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css @@ -1,687 +1,368 @@ @charset "utf-8"; - @media screen and (min-width: 650px) { - - body { - margin:0; - padding:0; - color : #000; - background-color : #fff; - text-align: center; - background-color: #6B7B8B; - } - - .browserInfoButton{ - color: rgb(128, 128, 128); - } - - #localBKU p { - font-size: 0.7em; - } - - #localBKU input{ - font-size: 0.85em; - /*border-radius: 5px;*/ - } - - #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit]{ - font-size: 0.85em; - /*border-radius: 7px;*/ - margin-bottom: 25px; - min-width: 80px; - } - - #mandateLogin { - font-size: 0.85em; - } - - #bku_header h2 { - font-size: 0.8em; - } - - - #page { - display: block; - border: 2px solid rgb(0,0,0); - width: 650px; - height: 460px; - margin: 0 auto; - margin-top: 5%; - position: relative; - border-radius: 25px; - background: rgb(255,255,255); - } - - #page1 { - text-align: center; - } + body { + margin:0; + padding:0; + color : #000; + background-color : #fff; + text-align: left; + background-color: #E6E6E6; + } + + .browserInfoButton{ + color: rgb(128, 128, 128); + } + + #page { + display: block; + margin: 0 auto; + margin-top: 5%; + position: relative; + background: rgb(255,255,255); + } - #main { - /* clear:both; */ - position:relative; - margin: 0 auto; - /*width: 250px;*/ - text-align: center; - } + #page1 { + padding-top: 1%; + text-align: center; + } - .OA_header { - /* background-color: white;*/ - font-size: 20pt; - margin-bottom: 25px; - margin-top: 25px; - } - #alert_area { - width: 500px; - padding-left: 80px; - } - #leftcontent { - /*float:left; */ - width:250px; - margin-bottom: 25px; - text-align: left; - border: 1px solid rgb(0,0,0); - } - - #selectArea { - font-size: 15px; - padding-bottom: 65px; - } - - #leftcontent { - width: 300px; - /*margin-top: 30px;*/ - margin: auto; - } - - #bku_header { - height: 5%; - padding-bottom: 3px; - padding-top: 3px; - } - - #bkulogin { - overflow:hidden; - min-width: 190px; - min-height: 180px; - /*height: 260px;*/ - } - - h2#tabheader{ - font-size: 1.1em; - padding-left: 2%; - padding-right: 2%; - position: relative; - } - - #stork h2 { - font-size: 1.0em; - margin-bottom: 2%; - } - - .setAssertionButton_full { - background: #efefef; - cursor: pointer; - margin-top: 15px; - width: 100px; - height: 30px - } - - #leftbutton { - width: 30%; - float:left; - margin-left: 40px; - } - - #rightbutton { - width: 30%; - float:right; - margin-right: 45px; - text-align: right; - } - - button { - height: 25px; - width: 75px; - margin-bottom: 10px; - } - - - - #validation { - position: absolute; - bottom: 0px; - margin-left: 270px; - padding-bottom: 10px; - } - + #main { + float:left; + width: 100%; + text-align: center; + } + + h2#tabheader{ + font-size: 1.0em; + padding-left: 2%; + padding-right: 2%; + position: relative; + } + + #bkulogin { + min-width: 200px; + min-height: 155px; + margin-bottom: 5%; + } + #mandateLogin { + padding-bottom: 1%; + padding-top: 2%; + position: relative; + text-align: left; } - @media screen and (max-width: 205px) { - #localBKU p { - font-size: 0.6em; - } - .browserInfoButton{ - color: rgb(128, 128, 128); - } - - #localBKU input { - font-size: 0.6em; - min-width: 60px; - /* max-width: 65px; */ - min-height: 1.0em; - /* border-radius: 5px; */ - } - - #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit]{ - font-size: 0.7em; - min-width: 55px; - /*min-height: 1.1em; - border-radius: 5px;*/ - margin-bottom: 2% - } - - #mandateLogin { - font-size: 0.65em; - } - - #bku_header h2 { - font-size: 0.8em; - margin-top: -0.4em; - padding-top: 0.4em; - } - - #bkulogin { - min-height: 150px; - } + .unvisible { + visibility: hidden; } - @media screen and (max-width: 249px) and (min-width: 206px) { - #localBKU p { - font-size: 0.7em; - } - .browserInfoButton{ - color: rgb(128, 128, 128); - } - - #localBKU input { - font-size: 0.7em; - min-width: 70px; - /* max-width: 75px; */ - min-height: 0.95em; - /* border-radius: 6px; */ - } - - #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit] { - font-size: 0.75em; - min-width: 60px; - /* min-height: 0.95em; - border-radius: 6px; */ - margin-bottom: 5% - } - - #mandateLogin { - font-size: 0.75em; - } - - #bku_header h2 { - font-size: 0.9em; - margin-top: -0.45em; - padding-top: 0.45em; - } - - #bkulogin { - min-height: 180px; - } - } + .OA_header { + /* background-color: white;*/ + font-size: 2.1em; + margin-bottom: 1%; + margin-top: 1%; + } - @media screen and (max-width: 299px) and (min-width: 250px) { - #localBKU p { - font-size: 0.9em; - } - .browserInfoButton{ - color: rgb(128, 128, 128); - } - - #localBKU input { - font-size: 0.8em; - min-width: 70px; - /* max-width: 75px; */ - /* border-radius: 6px; */ - } - - #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit] { - font-size: 0.85em; - /* min-height: 1.05em; - border-radius: 7px; */ - margin-bottom: 10%; - } - - #mandateLogin { - font-size: 1em; - } - - #bku_header h2 { - font-size: 1.0em; - margin-top: -0.50em; - padding-top: 0.50em; - } + #ssoSessionTransferBlock { + font-size: 0.8em; + margin-left: 1%; + margin-bottom: 1%; } - @media screen and (max-width: 399px) and (min-width: 300px) { - #localBKU p { - font-size: 0.9em; - } - .browserInfoButton{ - color: rgb(128, 128, 128); - } - #localBKU input { - font-size: 0.8em; - min-width: 70px; - /* max-width: 75px; */ - /* border-radius: 6px; */ - } - - #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit] { - font-size: 0.9em; - /* min-height: 1.2em; - border-radius: 8px; */ - margin-bottom: 10%; - max-width: 80px; - } - - #mandateLogin { - font-size: 1em; - } - - #bku_header h2 { - font-size: 1.1em; - margin-top: -0.55em; - padding-top: 0.55em; - } + #processInfoArea { + margin-bottom: 4%; + margin-top: 4%; + } + + #processSelectionArea { + width: 550px; + margin-left: 25px; + margin-top: 35px; + } + + .processSelectionButtonArea { + float: none; + margin-bottom: 5%; + height: 35px; + } + + .processSelectionButton { + background: #ababab; + cursor: pointer; + height: 40px; + width: 200px; + float: right; + } + + .buttonDescription { + float: left; + margin-left: 10px; + padding-bottom: 0.4em; + text-align: left; + width: 60%; + } + + #processContent { + margin-top: 10%; } - - @media screen and (max-width: 649px) and (min-width: 400px) { - #localBKU p { - font-size: 0.9em; - } - .browserInfoButton{ - color: rgb(128, 128, 128); - } - #localBKU input { - font-size: 0.8em; - min-width: 70px; - /* max-width: 80px; */ - /* border-radius: 6px; */ - } - - #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit] { - font-size: 1.0em; - /* min-height: 1.3em; - border-radius: 10px; */ - margin-bottom: 10%; - max-width: 85px; - } - - #mandateLogin { - font-size: 1.2em; - } - - #bku_header h2 { - font-size: 1.3em; - margin-top: -0.65em; - padding-top: 0.65em; - } + + #eIDASSelection { + width: 120px; + margin-right: 5px; } + #bkukarte { + float:left; + width:33%; + text-align:center; + margin-top: 2%; + } - - @media screen and (max-width: 649px) { - - body { - margin:0; - padding:0; - color : #000; - text-align: center; - font-size: 100%; - background-color: $MAIN_BACKGOUNDCOLOR; - } - .browserInfoButton{ - color: rgb(128, 128, 128); - } - #page { - visibility: hidden; - margin-top: 0%; - } - - #page1 { - visibility: hidden; - } - - #main { - visibility: hidden; - } - - #validation { - visibility: hidden; - display: none; - } - - .OA_header { - margin-bottom: 0px; - margin-top: 0px; - font-size: 0pt; - visibility: hidden; - } - - #alert_area { - visibility: visible; - width: 250px; - } - #alert_area > p:first-child { - display: none; - visibility: hidden; - } - - #leftcontent { - visibility: visible; - margin-bottom: 0px; - text-align: left; - border:none; - vertical-align: middle; - min-height: 173px; - min-width: 204px; - - } - - #bku_header { - height: 10%; - min-height: 1.2em; - margin-top: 1%; - } - - h2#tabheader{ - padding-left: 2%; - padding-right: 2%; - position: relative; - top: 50%; - } - - #stork h2 { - font-size: 0.9em; - margin-bottom: 2%; - } - - #bkulogin { - min-width: 190px; - min-height: 155px; - } + #bkuhandy { + float:left; + width:33%; + text-align:center; + margin-top: 2%; + } + + #bkueulogin { + display:block; + float:left; + text-align:center; + width:33%; + margin-top: 2%; + } + + .bkuimage { + width: 55%; + } + + input { + width:auto; + cursor: pointer; - .setAssertionButton_full { - background: #efefef; - cursor: pointer; - margin-top: 15px; - width: 70px; - height: 25px; - } - - input[type=button],input[type=submit] { -/* height: 11%; */ - width: 70%; - } - } - - * { - margin: 0; - padding: 0; - #if($FONTTYPE) - font-family: $FONTTYPE; - #end - } - - #selectArea { - padding-top: 10px; - padding-bottom: 55px; - padding-left: 10px; - } - - .setAssertionButton { - background: #efefef; - cursor: pointer; - margin-top: 15px; - width: 70px; - height: 25px; - } - - #leftbutton { - width: 35%; - float:left; - margin-left: 15px; - } + } + + #localBKU input { + display: inline-block; + + } - #rightbutton { - width: 35%; - float:right; - margin-right: 25px; - text-align: right; - } + #localBKU input:hover, #localBKU input:focus, #localBKU input:active { + /*text-decoration: underline;*/ + } + + #installJava, #BrowserNOK { + clear:both; + font-size:0.8em; + padding:4px; + } + - #ssoSessionTransferBlock { + #ssoSessionTransferBlock { clear: both; - } - - #stork { - /*margin-bottom: 10px;*/ - /* margin-top: 5px; */ - clear: both; - } + } + + #stork { + clear: both; + } - #mandateLogin { - padding-bottom: 4%; - padding-top: 4%; - height: 10%; - position: relative; - text-align: center; - } + - .verticalcenter { + .verticalcenter { vertical-align: middle; } + + .mandate{ + float: left; + margin-left: 2%; + font-size: 1.3em; + } - #mandateLogin div { + #mandateLogin div { clear: both; margin-top: -1%; position: relative; top: 50%; - } - - #bkuselectionarea { - position: relative; - display: block; - } - - #localBKU { + } + + #localBKU { padding-bottom: 4%; /*padding-top: 4%;*/ position: relative; clear: both; text-align: center; - } - - #bkukarte { - float:left; - text-align:center; - width:40%; - min-height: 70px; - padding-left: 5%; - padding-top: 2%; - } - - #bkuhandy { - float:right; - text-align:center; - width:40%; - min-height: 90px; - padding-right: 5%; - padding-top: 2%; - } - - .bkuimage { - width: 60%; - height: auto; - margin-bottom: 10%; - } - - #mandate{ - text-align:center; - padding : 5px 5px 5px 5px; - } - -/* input[type=button], .sendButton { - background: $BUTTON_BACKGROUNDCOLOR; - color: $BUTTON_COLOR; -/* border:1px solid #000; */ -/* cursor: pointer; -/* box-shadow: 3px 3px 3px #222222; */ -/* } - -/* button:hover, button:focus, button:active, - .sendButton:hover , .sendButton:focus, .sendButton:active, - #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active { - background: $BUTTON_BACKGROUNDCOLOR_FOCUS; - color: $BUTTON_COLOR; -/* border:1px solid #000; */ -/* cursor: pointer; -/* box-shadow: -1px -1px 3px #222222; */ -/* } - -*/ - input { - /*border:1px solid #000;*/ - cursor: pointer; - } - - #localBKU input { -/* color: $BUTTON_COLOR; */ - /*border: 0px;*/ - display: inline-block; - - } - - #localBKU input:hover, #localBKU input:focus, #localBKU input:active { - /*text-decoration: underline;*/ - } - - #installJava, #BrowserNOK { - clear:both; - font-size:0.8em; - padding:4px; - } - - .selectText{ - - } - + } + + #selectArea { + width:90%; + padding-left: 4% + } - .selectTextHeader{ - - } - - .sendButton { - width: 30%; - margin-bottom: 1%; - } - - #leftcontent a { - text-decoration:none; - color: #000; - /* display:block;*/ - padding:4px; - } - - #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active { - text-decoration:underline; - color: #000; - } - - .infobutton { - background-color: #005a00; - color: white; - font-family: serif; - text-decoration: none; - padding-top: 2px; - padding-right: 4px; - padding-bottom: 2px; - padding-left: 4px; - font-weight: bold; - } - - .hell { - background-color : $MAIN_BACKGOUNDCOLOR; + .setAssertionButton { + background: #efefef; + cursor: pointer; + margin-top: 15px; + width: 70px; + height: 25px; + } + #leftcontent { + width: 70%; + margin-bottom: 4%; + text-align: left; + border: 1px solid rgb(0,0,0); + margin:auto; + } + .hell { + background-color : $MAIN_BACKGOUNDCOLOR; color: $MAIN_COLOR; - } + } - .dunkel { - background-color: $HEADER_BACKGROUNDCOLOR; + .dunkel { + background-color: $HEADER_BACKGROUNDCOLOR; color: $HEADER_COLOR; - } - - .main_header { - color: black; - font-size: 32pt; - position: absolute; - right: 10%; - top: 40px; - - } - - #ssoSessionTransferBlock { - font-size: 0.8em; - margin-left: 5px; - margin-bottom: 5px; + } + + +@media screen and (min-width: 650px) { + + #page { + width: 650px; + height: 460px; + } + + #localBKU p { + font-size: 0.7em; + } + + #localBKU input{ + font-size: 0.85em; + /*border-radius: 5px;*/ + } + + #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit]{ + font-size: 0.85em; + width:65% + } + + #mandateLogin { + font-size: 0.85em; + } + + #alert_area { + width: 500px; + padding-left: 80px; + } + + #selectArea { + font-size: 15px; + padding-bottom: 65px; } - #processInfoArea { - margin-bottom: 15px; + + #stork h2 { + font-size: 1.0em; + margin-bottom: 2%; + } + + .setAssertionButton_full { + background: #efefef; + cursor: pointer; margin-top: 15px; - } - #processSelectionArea { - width: 550px; - margin-left: 25px; - margin-top: 35px; - } - .processSelectionButtonArea { - float: none; - margin-bottom: 20px; - height: 35px; - } - .processSelectionButton { - background: #ababab; - cursor: pointer; - height: 30px; - width: 200px; - float: right; - border-style: solid; - border-bottom-width: 2px; - border-right-width: 2px; - border-left-width: 1px; - border-top-width: 1px; - border-color: #000000; - } - .buttonDescription { - float: left; - margin-left: 10px; - padding-top: 4px; - text-align: left; - width: 330px; - } - #processContent { - margin-top: 25px; - } - #eIDASButton { - /*color:#FFF;*/ - } - #eIDASSelection { - width: 120px; - margin-right: 5px; - } - .unvisible { + width: 100px; + height: 30px + } + + + #validation { + position: absolute; + bottom: 0px; + margin-left: 270px; + padding-bottom: 10px; + } +} + + + +@media screen and (max-width: 649px) { + + body { + background-color:#fff; + } + + #page { + visibility: hidden; + margin-top: 0%; + } + + #page1 { + visibility: hidden; + } + + #main { + visibility: hidden; + } + + #validation { + visibility: hidden; display: none; - }
\ No newline at end of file + } + + .OA_header { + margin-bottom: 0%; + margin-top: 0%; + font-size: 0pt; + visibility: hidden; + } + + #alert_area { + visibility: visible; + width: 250px; + } + + #alert_area > p:first-child { + display: none; + visibility: hidden; + } + + + h2#tabheader{ + font-size: 1.5em; + position: relative; + } + .mandate{ + font-size: 1.0em; + } + + #leftcontent { + float: left; + width:auto; + border:none; + visibility:visible; + margin-bottom: 2%; + } + .bkuimage { + width: 40%; + } + + #bkukarte { + box-sizing: border-box; + } + + #bkuhandy { + box-sizing: border-box; + } + + #bkueulogin { + box-sizing: border-box; + } + + .setAssertionButton_full { + background: #efefef; + cursor: pointer; + margin-top: 15px; + width: 70px; + height: 25px; + } + + input[type=button],input[type=submit] { + width:65%; + } +}
\ No newline at end of file diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/javascript_tempalte.js b/id/server/moa-id-frontend-resources/src/main/resources/templates/javascript_tempalte.js index 313f14b4a..15b82614c 100644 --- a/id/server/moa-id-frontend-resources/src/main/resources/templates/javascript_tempalte.js +++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/javascript_tempalte.js @@ -84,9 +84,9 @@ function isIE() { /* setSSOSelection(); */ var ccc = "AT"; - var countrySelection = document.getElementById("eIDASSelection"); + var countrySelection = document.getElementById("cccSelection"); if (countrySelection != null) { - ccc = document.getElementById("eIDASSelection").value; + ccc = document.getElementById("cccSelection").value; } var iFrameURL = "$contextPath$submitEndpoint" + "?"; iFrameURL += "&pendingid=" + "$pendingReqID"; @@ -238,7 +238,22 @@ function isIE() { } function setUseMandateFlag(e) { /*document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);*/ - e.setAttribute("aria-checked", e.checked); + e.target.setAttribute("aria-checked", e.target.checked); + if (e.target.checked) { + var image = document.getElementById("eIDASImage"); + var srcatt = image.getAttribute("src"); + var last = srcatt.substring(srcatt.lastIndexOf('/')+1); + srcatt = srcatt.replace(last,'eIDAS_small_deactivated.png'); + image.setAttribute("src",srcatt); + document.getElementById("buttonEULogin").disabled=true; + } else { + var image = document.getElementById("eIDASImage"); + var srcatt = image.getAttribute("src"); + var last = srcatt.substring(srcatt.lastIndexOf('/')+1); + srcatt = srcatt.replace(last,'eIDAS_small.png'); + image.setAttribute("src",srcatt); + document.getElementById("buttonEULogin").disabled=false + } } document.addEventListener('resize', onChangeChecks); @@ -246,7 +261,7 @@ function isIE() { document.querySelector('#mandateCheckBox').addEventListener('click', setUseMandateFlag); document.querySelector('#moaidform>input[type=submit]').addEventListener('click', setMandateSelection); document.querySelector('#bkuhandy>input[type=button]').addEventListener('click', bkuHandyClicked); - document.querySelector('#stork button[type=button]').addEventListener('click', storkClicked); + document.querySelector('#moaideIDASform>input[type=submit]').addEventListener('click', setMandateSelection); onChangeChecks(); }); diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/loginFormFull.html b/id/server/moa-id-frontend-resources/src/main/resources/templates/loginFormFull.html index fe9bc2166..4e548e58c 100644 --- a/id/server/moa-id-frontend-resources/src/main/resources/templates/loginFormFull.html +++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/loginFormFull.html @@ -4,7 +4,7 @@ <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <!-- MOA-ID 2.x BKUSelection Layout CSS --> - <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=$pendingReqID" /> + <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=$pendingReqID"/> <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions--> <script src="$contextPath/js/buildJS?pendingid=$pendingReqID"></script> @@ -26,8 +26,8 @@ <div id="mandateLogin" class="$MANDATEVISIBLE"> <div> <input tabindex="1" type="checkbox" name="Mandate" - id="mandateCheckBox" class="verticalcenter" role="checkbox" $MANDATECHECKED> - <label for="mandateCheckBox" class="verticalcenter">in + id="mandateCheckBox" class="mandate" role="checkbox" $MANDATECHECKED> + <label for="mandateCheckBox" class="mandate">in Vertretung anmelden</label> <!--a href="info_mandates.html" target="_blank" @@ -37,31 +37,41 @@ </div> <div id="bkuselectionarea"> <div id="bkukarte"> - <img id="bkuimage" class="bkuimage" src="$contextPath/img/karte.png" alt="OnlineBKU" /> + <img id="bkuimage" class="bkuimage" src="$contextPath/img/karte.png" alt="OnlineBKU"/> - <!-- Remove support for Online BKU and swith the card button to local BKU--> - <!--input name="bkuButtonOnline" type="button" onClick="bkuOnlineClicked();" tabindex="2" role="button" value="Karte" /--> + <!-- Remove support for Online BKU and swith the card button to local BKU--> + <!--input name="bkuButtonOnline" type="button" onClick="bkuOnlineClicked();" tabindex="2" role="button" value="Karte" /--> - <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent"> - <input type="hidden" name="bkuURI" value="$bkuLocal" /> - <input type="hidden" name="useMandate" id="useMandate" /> - <input type="hidden" name="SSO" id="useSSO" /> - <input type="hidden" name="ccc" id="ccc" /> - <input type="hidden" name="pendingid" value="$pendingReqID" /> - <input type="submit" value=" Karte " tabindex="4" role="button"> - </form> + <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent"> + <input type="hidden" name="bkuURI" value="$bkuLocal" /> + <input type="hidden" name="useMandate" id="useMandate" /> + <input type="hidden" name="SSO" id="useSSO" /> + <input type="hidden" name="ccc" id="ccc" /> + <input type="hidden" name="pendingid" value="$pendingReqID" /> + <input type="submit" value=" Karte " tabindex="5" role="button" /> + </form> - <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/feature/bkuDetection?pendingid=$pendingReqID"></iframe> + <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/feature/bkuDetection?pendingid=$pendingReqID"></iframe> - <!-- BKU detection with static template--> - <!--iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/iframeLBKUdetect.html"></iframe--> - - </div> - <div id="bkuhandy"> - <img class="bkuimage" src="$contextPath/img/handysign.png" alt="HandyBKU" /> - <input name="bkuButtonHandy" type="button" tabindex="3" role="button" value="HANDY" /> - </div> - </div> + <!-- BKU detection with static template--> + <!--iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/iframeLBKUdetect.html"></iframe--> + </div> + + <div id="bkuhandy"> + <img class="bkuimage" src="$contextPath/img/handysign.png" alt="HandyBKU" /> + <input name="bkuButtonHandy" type="button" tabindex="3" role="button" value="HANDY" /> + </div> + + + <div id="bkueulogin" class="$eIDASVisible"> + <img id="eIDASImage" class="bkuimage" src="$contextPath/img/eIDAS_small.png" alt="EULogin" /> + <form method="get" id="moaideIDASform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent"> + <input type="hidden" name="useeIDAS" value="true" /> + <input type="hidden" name="useMandate" id="useMandate" /> + <input type="hidden" name="pendingid" value="$pendingReqID" /> + <input id="buttonEULogin" name="bkuButtonEULogin" type="submit" role="button" value="EULogin" /> + </form> + </div> <!--div id="localBKU"> <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent"> @@ -80,7 +90,11 @@ <!--div id="ssoSessionTransferBlock"> <a href="$contextPath$submitEndpoint?pendingid=$pendingReqID&restoreSSOSession=true">>Restore SSO Session from Smartphone</a> </div--> - + + + + + <!-- <div id="stork" align="center" class="$STORKVISIBLE"> <h2 id="tabheader" class="dunkel">Home Country Selection</h2> <p> @@ -88,9 +102,9 @@ $countryList </select> <button id="eIDASButton" name="bkuButton" type="button">Proceed</button> - <!--a href="info_stork.html" target="_blank" class="infobutton">i</a--> + a href="info_stork.html" target="_blank" class="infobutton">i</a </p> - </div> + </div>--> <div id="metroDetected" class="unvisible"> <p>Anscheinend verwenden Sie Internet Explorer im diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java index f99013082..59779060f 100644 --- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java +++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java @@ -37,6 +37,7 @@ import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor; import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.IDestroyableObject; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java index d8146786a..4552afba5 100644 --- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java +++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java @@ -23,6 +23,9 @@ import org.springframework.web.context.support.ServletContextResource; import org.springframework.web.servlet.DispatcherServlet; import at.gv.egiz.components.spring.api.SpringLoader; +import at.gv.egiz.eaaf.core.api.IPostStartupInitializable; +import at.gv.egiz.eaaf.core.api.IStatusMessenger; +import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory; import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; @@ -91,7 +94,7 @@ public class MOAIDAuthSpringInitializer implements WebApplicationInitializer { rootContext.getEnvironment().addActiveProfile(profile); } } - + Logger.info("Spring-context was initialized with active profiles: " + Arrays.asList(rootContext.getEnvironment().getActiveProfiles())); @@ -158,7 +161,10 @@ public class MOAIDAuthSpringInitializer implements WebApplicationInitializer { // Logger.info("=============== Register RequestFilter! ==============="); // servletContext.addFilter("vHost RequestFilter", new VHostUrlRewriteServletFilter(rootContext)) // .addMappingForUrlPatterns(null, false, "/*"); - + + //initialize LogMessengProvider + LogMessageProviderFactory.setStatusMessager(rootContext.getBean(IStatusMessenger.class)); + Logger.info("Basic Context initalisation finished --> Start MOA-ID-Auth initialization process ..."); MOAIDAuthInitializer.initialize(rootContext); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 3d0073276..a77ba45a5 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -4,7 +4,6 @@ package at.gv.egovernment.moa.id.auth; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; -import java.io.UnsupportedEncodingException; import java.security.Principal; import java.security.cert.CertificateException; import java.util.Calendar; @@ -21,27 +20,30 @@ import org.apache.xpath.XPathAPI; import org.opensaml.xml.util.Base64; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import org.springframework.util.Base64Utils; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.xml.sax.SAXException; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BKUException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.exception.ServiceException; @@ -53,29 +55,25 @@ import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; +import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; +import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl; -import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.logging.SpecificTraceLogger; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moaspss.logging.LogMsg; @@ -96,7 +94,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { @Autowired private MOAReversionLogger revisionsLogger; @Autowired private AuthConfiguration authConfig; - + /** * Constructor for AuthenticationServer. */ @@ -148,12 +146,12 @@ public class AuthenticationServer extends BaseAuthenticationServer { } //load OnlineApplication configuration - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[]{pendingReq.getOAURL()}); + throw new AuthenticationException("auth.00", new Object[]{pendingReq.getSPEntityId()}); //load Template - String templateURL = pendingReq.getGenericData( + String templateURL = pendingReq.getRawData( MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, String.class); String template = null; if (MiscUtil.isNotEmpty(templateURL)) { @@ -203,7 +201,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { //build DataURL for BKU request String dataURL = new DataURLBuilder().buildDataURL( - pendingReq.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, pendingReq.getRequestID()); + pendingReq.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, pendingReq.getPendingRequestId()); //removed in MOAID 2.0 String pushInfobox = ""; @@ -298,7 +296,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() .build(identityLink, authConfig - .getMoaSpIdentityLinkTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseIDLTestTrustStore())); + .getMoaSpIdentityLinkTrustProfileID(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).isUseIDLTestTrustStore())); // invokes the call Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance() @@ -307,14 +305,15 @@ public class AuthenticationServer extends BaseAuthenticationServer { IVerifiyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( domVerifyXMLSignatureResponse).parseData(); - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); // validates the <VerifyXMLSignatureResponse> VerifyXMLSignatureResponseValidator.getInstance().validate( verifyXMLSignatureResponse, authConfig.getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, - oaParam); + oaParam, + authConfig); session.setIdentityLink(identityLink); // now validate the extended infoboxes @@ -322,8 +321,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { //Removed in MOA-ID 2.0 //verifyInfoboxes(session, infoboxReadResponseParameters, false); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED); return "found!"; } @@ -401,7 +399,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { throw new AuthenticationException("auth.10", new Object[]{ GET_MIS_SESSIONID, PARAM_SESSIONID}); - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); try { // sets the extended SAML attributes for OID (Organwalter) setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam @@ -436,9 +434,9 @@ public class AuthenticationServer extends BaseAuthenticationServer { */ public String getCreateXMLSignatureRequestAuthBlockOrRedirect( IAuthenticationSession session, IRequest pendingReq) throws ConfigurationException, - BuildException, ValidateException { + BuildException, ValidateException, EAAFBuilderException { - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); // builds the AUTH-block String authBlock = buildAuthenticationBlock(session, oaParam, pendingReq); @@ -450,10 +448,10 @@ public class AuthenticationServer extends BaseAuthenticationServer { .build(authBlock, oaParam.getKeyBoxIdentifier(), transformsInfos); - SpecificTraceLogger.trace("Req. Authblock: " + Base64Utils.encodeToString(createXMLSignatureRequest.getBytes())); - SpecificTraceLogger.trace("OA config: " + pendingReq.getOnlineApplicationConfiguration().toString()); - SpecificTraceLogger.trace("saml1RequestedTarget: " + pendingReq.getGenericData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class)); - SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + pendingReq.getGenericData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class)); + SpecificTraceLogger.trace("Req. Authblock: " + createXMLSignatureRequest); + SpecificTraceLogger.trace("OA config: " + pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).toString()); + SpecificTraceLogger.trace("saml1RequestedTarget: " + pendingReq.getRawData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class)); + SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + pendingReq.getRawData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class)); return createXMLSignatureRequest; } @@ -517,8 +515,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { xmlReadInfoboxResponse); X509Certificate cert = p.parseCertificate(); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED); return cert; @@ -536,7 +533,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @throws ConfigurationException */ private String buildAuthenticationBlock(IAuthenticationSession session, - IOAAuthParameters oaParam, IRequest pendingReq) throws BuildException, ConfigurationException { + IOAAuthParameters oaParam, IRequest pendingReq) throws BuildException, ConfigurationException, EAAFBuilderException { IIdentityLink identityLink = session.getIdentityLink(); String issuer = identityLink.getName(); @@ -550,10 +547,10 @@ public class AuthenticationServer extends BaseAuthenticationServer { String authURL = pendingReq.getAuthURL(); @Deprecated - String saml1RequestedTarget = pendingReq.getGenericData( + String saml1RequestedTarget = pendingReq.getRawData( MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class); @Deprecated - String saml1RequestedFriendlyName = pendingReq.getGenericData( + String saml1RequestedFriendlyName = pendingReq.getRawData( MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class); @@ -935,7 +932,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { public void verifyAuthenticationBlock(IRequest pendingReq, IAuthenticationSession session, String xmlCreateXMLSignatureReadResponse) throws AuthenticationException, BuildException, ParseException, - ConfigurationException, ServiceException, ValidateException, BKUException { + ConfigurationException, ServiceException, ValidateException, BKUException, EAAFBuilderException { if (session == null) throw new AuthenticationException("auth.10", new Object[]{ @@ -965,13 +962,11 @@ public class AuthenticationServer extends BaseAuthenticationServer { new CreateXMLSignatureResponseValidator().validateSSO(csresp, session, pendingReq); else - new CreateXMLSignatureResponseValidator().validate(csresp, session, pendingReq, - authConfig.getBasicMOAIDConfigurationBoolean( - ConfigurationProviderImpl.VALIDATION_AUTHBLOCK_TARGETFRIENDLYNAME, true)); + new CreateXMLSignatureResponseValidator().validate(csresp, session, pendingReq); // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call List<String> vtids = authConfig.getMoaSpAuthBlockVerifyTransformsInfoIDs(); - String tpid = authConfig.getMoaSpAuthBlockTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseAuthBlockTestTestStore()); + String tpid = authConfig.getMoaSpAuthBlockTrustProfileID(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).isUseAuthBlockTestTestStore()); Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); // debug output @@ -1001,12 +996,13 @@ public class AuthenticationServer extends BaseAuthenticationServer { } } - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); // validates the <VerifyXMLSignatureResponse> VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, - oaParam); + oaParam, + authConfig); // Compare AuthBlock Data with information stored in session, especially // date and time @@ -1040,10 +1036,10 @@ public class AuthenticationServer extends BaseAuthenticationServer { session.setForeigner(false); //set QAA Level four in case of card authentifcation - session.setQAALevel(PVPConstants.STORK_QAA_1_4); + session.setQAALevel(PVPConstants.EIDAS_QAA_HIGH); + - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED); revisionsLogger.logPersonalInformationEvent(pendingReq, session.getIdentityLink() ); @@ -1075,7 +1071,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { */ protected Element createIdentificationBPK(Element mandatePerson, - String baseid, String target) throws BuildException { + String baseid, String target) throws BuildException, EAAFBuilderException { Element identificationBpK = mandatePerson.getOwnerDocument() .createElementNS(Constants.PD_NS_URI, "Identification"); Element valueBpK = mandatePerson.getOwnerDocument().createElementNS( diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java index 9a807ca00..a2a38c9dd 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java @@ -31,10 +31,10 @@ import javax.xml.transform.TransformerException; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; /** diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index bc28d4f0e..a2e03bc4e 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -47,21 +47,21 @@ import javax.xml.transform.stream.StreamResult; import org.w3c.dom.Element; import org.w3c.dom.Node; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; @@ -69,8 +69,7 @@ import at.gv.egovernment.moa.util.StringUtils; * Builder for the authentication block <code><saml:Assertion></code> * to be included in a <code><CreateXMLSignatureResponse></code>. * - * @author Paul Ivancsics - * @version $Id$ + * @author Paul Ivancsics */ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertionBuilder implements Constants { @@ -163,7 +162,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion result.put(AUTHBLOCK_TEXT_PATTERN_TIME, timeformat.format(datetime.getTime())); //set other values from pendingReq if exists - Map<?,?> processSpecificElements = pendingReq.getGenericData(PENDING_REQ_AUTHBLOCK_TEXT_KEY, Map.class); + Map<?,?> processSpecificElements = pendingReq.getRawData(PENDING_REQ_AUTHBLOCK_TEXT_KEY, Map.class); if (processSpecificElements != null && !processSpecificElements.isEmpty()) { Logger.debug("Find process-specific patterns for 'special AuthBlock-Text'. Start processing ..."); Iterator<?> mapIterator = processSpecificElements.entrySet().iterator(); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java index a904242e1..8e80fbbbb 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java @@ -49,9 +49,9 @@ package at.gv.egovernment.moa.id.auth.builder; import java.io.IOException; import java.text.MessageFormat; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.FileUtils; /** * Builder for the <code><VerifyXMLSignatureRequest></code> structure diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index f7aba5e53..e4063903d 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -156,9 +156,10 @@ public class GetIdentityLinkFormBuilder extends Builder { String dataURL, String certInfoXMLRequest, String certInfoDataURL, - String pushInfobox, IOAAuthParameters oaParam, + String pushInfobox, + IOAAuthParameters oaParam, String appletheigth, - String appletwidth, + String appletwidth, String contextURL) throws BuildException { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java index 9dcc93e9f..fb65bac04 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java @@ -49,10 +49,10 @@ package at.gv.egovernment.moa.id.auth.builder; import org.w3c.dom.Element; import org.w3c.dom.Node; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; /** * Builder for the <code>lt;pr:Person></code> element to be inserted diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java index 306c871fc..ee58b7fa1 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java @@ -50,9 +50,9 @@ import java.text.MessageFormat; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; /** diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java index 7caf2f5a1..1962d6c82 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java @@ -3,9 +3,9 @@ package at.gv.egovernment.moa.id.auth.modules.internal; import org.apache.commons.lang3.StringUtils; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; /** * Module descriptor @@ -16,7 +16,7 @@ public class DefaultCitizenCardAuthModuleImpl implements AuthModule { public int getPriority() { return 0; } - + @Override public String selectProcess(ExecutionContext context) { //select process if BKU is selected and it is no STORK authentication @@ -26,10 +26,16 @@ public class DefaultCitizenCardAuthModuleImpl implements AuthModule { if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean) performBKUSelection = (boolean) performBKUSelectionObj; - if ( (StringUtils.isBlank((String) context.get("ccc")) && - StringUtils.isBlank((String) context.get("CCC")) ) && - StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU)) && - !performBKUSelection) + if ( (StringUtils.isBlank((String) context.get("ccc")) + && StringUtils.isBlank((String) context.get("CCC")) +// && ( StringUtils.isBlank((String) context.get("useeIDAS")) +// || ( StringUtils.isNotBlank((String) context.get("useeIDAS")) +// && !Boolean.parseBoolean((String) context.get("useeIDAS")) +// ) +// ) + ) + && StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU)) && !performBKUSelection ) + return "DefaultAuthentication"; else diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java index 000a47438..3eb7225a8 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java @@ -10,15 +10,15 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.BooleanUtils; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -50,10 +50,9 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask { throws TaskExecutionException { Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); - try { - //execute default task initialization - defaultTaskInitialization(req, executionContext); - + try { + //execute default task initialization + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); boolean useMandate = moasession.isMandateUsed(); boolean identityLinkAvailable = BooleanUtils.isTrue((Boolean) executionContext.get("identityLinkAvailable")); if (!identityLinkAvailable && useMandate) { @@ -66,7 +65,7 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask { // build dataurl (to the VerifyCertificateSerlvet) String dataurl = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), REQ_VERIFY_CERTIFICATE, - pendingReq.getRequestID()); + pendingReq.getPendingRequestId()); CitizenCardServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); @@ -77,9 +76,6 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask { } catch (IOException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); - } catch (MOADatabaseException e1) { - throw new TaskExecutionException(pendingReq, e1.getMessage(), e1); - } finally { } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java index e1495f254..50add6beb 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java @@ -10,14 +10,15 @@ import org.springframework.stereotype.Component; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; @@ -61,20 +62,18 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { - try { + try { //execute default task initialization - defaultTaskInitialization(req, executionContext); - + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + //normal MOA-ID authentication Logger.debug("Starting normal MOA-ID authentication"); String getIdentityLinkForm = authServer.startAuthentication(moasession, req, pendingReq); if (BooleanUtils.isTrue((Boolean) executionContext.get("useMandate"))) - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL()); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL()); if (!StringUtils.isEmpty(getIdentityLinkForm)) { byte[] content = getIdentityLinkForm.getBytes("UTF-8"); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java index ba778002d..ef9ddc1cd 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java @@ -1,42 +1,18 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.PARAM_XMLRESPONSE; -import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.security.cert.CertificateException; -import java.util.Map; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.xml.transform.TransformerException; -import org.apache.commons.fileupload.FileUploadException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; -import org.w3c.dom.Element; -import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.client.SZRGWClientException; -import at.gv.egovernment.moa.id.client.utils.SZRGWClientUtils; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; /** * Evaluates the {@code CreateXMLSignatureResponse}, extracts signature and certificate and asks the SZR Gateway for an identity link.<p/> @@ -71,86 +47,87 @@ public class GetForeignIDTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { - - Logger.debug("POST GetForeignIDServlet"); - - Map<String, String> parameters; - try { - parameters = getParameters(req); - - } catch (FileUploadException | IOException e) { - Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); - throw new TaskExecutionException(pendingReq, "Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); - } - - try { - //check if response exists - String xmlCreateXMLSignatureResponse = (String) parameters.get(PARAM_XMLRESPONSE); - if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse)) { - throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12"); - - } - Logger.debug(xmlCreateXMLSignatureResponse); - - //execute default task initialization - defaultTaskInitialization(req, executionContext); - - - CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse) - .parseResponseDsig(); - - try { - String serializedAssertion = DOMUtils.serializeNode(csresp.getDsigSignature()); - moasession.setAuthBlock(serializedAssertion); + throw new MOAIDException("auth.36", new Object[]{"Foreign authentication IS ONLY supported by using eIDAS"}); - } catch (TransformerException e) { - throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - - } catch (IOException e) { - throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - - } - - Element signature = csresp.getDsigSignature(); - - try { - moasession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature)); - - } catch (CertificateException e) { - Logger.error("Could not extract certificate from CreateXMLSignatureResponse"); - throw new MOAIDException("auth.14", null); - } - - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED); - // make SZR request to the identity link - CreateIdentityLinkResponse response = SZRGWClientUtils.getIdentityLink(pendingReq, signature); - - if (null != response.getErrorResponse()) { - // TODO fix exception parameter - throw new SZRGWClientException("service.08", (String) response.getErrorResponse().getErrorCode(), - (String) response.getErrorResponse().getInfo()); - } else { - IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream( - response.getIdentityLink())); - IIdentityLink identitylink = ilParser.parseIdentityLink(); - moasession.setIdentityLink(identitylink); - - // set QAA Level four in case of card authentifcation - moasession.setQAALevel(PVPConstants.STORK_QAA_1_4); - - authServer.getForeignAuthenticationData(moasession); - - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED); - - //store pending request - requestStoreage.storePendingRequest(pendingReq); - - - } +// Logger.debug("POST GetForeignIDServlet"); +// +// Map<String, String> parameters; +// +// +// parameters = getParameters(req); +// +// } catch (FileUploadException | IOException e) { +// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); +// throw new TaskExecutionException(pendingReq, "Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); +// } +// +// try { +// //check if response exists +// String xmlCreateXMLSignatureResponse = (String) parameters.get(PARAM_XMLRESPONSE); +// if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse)) { +// throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12"); +// +// } +// Logger.debug(xmlCreateXMLSignatureResponse); +// +// //execute default task initialization +// AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); +// +// CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse) +// .parseResponseDsig(); +// +// try { +// String serializedAssertion = DOMUtils.serializeNode(csresp.getDsigSignature()); +// moasession.setAuthBlock(serializedAssertion); +// +// } catch (TransformerException e) { +// throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); +// +// } catch (IOException e) { +// throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); +// +// } +// +// Element signature = csresp.getDsigSignature(); +// +// try { +// moasession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature)); +// +// } catch (CertificateException e) { +// Logger.error("Could not extract certificate from CreateXMLSignatureResponse"); +// throw new MOAIDException("auth.14", null); +// } +// +// revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED); +// +// // make SZR request to the identity link +// CreateIdentityLinkResponse response = SZRGWClientUtils.getIdentityLink(pendingReq, signature); +// +// if (null != response.getErrorResponse()) { +// // TODO fix exception parameter +// throw new SZRGWClientException("service.08", (String) response.getErrorResponse().getErrorCode(), +// (String) response.getErrorResponse().getInfo()); +// } else { +// IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream( +// response.getIdentityLink())); +// IIdentityLink identitylink = ilParser.parseIdentityLink(); +// moasession.setIdentityLink(identitylink); +// +// // set QAA Level four in case of card authentifcation +// moasession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH); +// +// authServer.getForeignAuthenticationData(moasession); +// +// revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED); +// +// //store pending request +// pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); +// requestStoreage.storePendingRequest(pendingReq); +// +// +// } } catch (MOAIDException ex) { throw new TaskExecutionException(pendingReq, ex.getMessage(), ex); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java index 3383cf201..e4966a53b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java @@ -15,20 +15,23 @@ import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; import org.xml.sax.SAXException; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.MISMandate; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; import iaik.pki.PKIException; /** @@ -58,28 +61,29 @@ import iaik.pki.PKIException; public class GetMISSessionIDTask extends AbstractAuthServletTask { @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; + @Autowired private AuthConfiguration moaAuthConfig; @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { - + Logger.debug("POST GetMISSessionIDServlet"); try { //execute default task initialization - defaultTaskInitialization(req, executionContext); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); //get MIS sessionID String misSessionID = moasession.getMISSessionID(); //get mandates from MIS - ConnectionParameterInterface connectionParameters = authConfig - .getOnlineMandatesConnectionParameter(pendingReq.getOnlineApplicationConfiguration()); + ConnectionParameterInterface connectionParameters = moaAuthConfig + .getOnlineMandatesConnectionParameter(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class)); SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( - authConfig, + moaAuthConfig, connectionParameters); List<MISMandate> list = MISSimpleClient.sendGetMandatesRequest( - connectionParameters.getUrl(), misSessionID, sslFactory, authConfig); + connectionParameters.getUrl(), misSessionID, sslFactory, moaAuthConfig); //check if mandates received if (list == null || list.size() == 0) { @@ -87,8 +91,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { throw new AuthenticationException("auth.15", null); } - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED); // for now: list contains only one element @@ -114,7 +117,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { moasession.setMISMandate(mandate); //log mandate specific set of events - revisionsLogger.logMandateEventSet(pendingReq, mandate); + //revisionsLogger.logMandateEventSet(pendingReq, mandate); //store pending request with new MOASession data information requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java index 88a235978..65ae9cf91 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java @@ -30,19 +30,22 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; /** @@ -53,11 +56,12 @@ import at.gv.egovernment.moa.util.MiscUtil; public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { @Autowired StartAuthentificationParameterParser authInitialisationParser; + @Autowired private AuthConfiguration moaAuthConfig; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { @@ -81,10 +85,12 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { } protected void internalInitializeWithoutPersist(ExecutionContext executionContext, - HttpServletRequest request, HttpServletResponse response) throws WrongParametersException, MOAIDException, MOADatabaseException { + HttpServletRequest request, HttpServletResponse response) throws EAAFException { Logger.info("BKU is selected -> Start BKU communication ..."); - defaultTaskInitialization(request, executionContext); + //AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); + + AuthenticationSessionWrapper moasession = ((RequestImpl)pendingReq).getSessionData(AuthenticationSessionWrapper.class); boolean isLegacyRequest = false; Object isLegacyRequestObj = executionContext.get("isLegacyRequest"); @@ -109,26 +115,25 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { } //load OA Config - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() }); + throw new AuthenticationException("auth.00", new Object[] { pendingReq.getSPEntityId() }); else { - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid); //get Target from config or from request in case of SAML 1 String target = null; - if (MiscUtil.isNotEmpty(pendingReq.getGenericData("saml1_target", String.class)) && + if (MiscUtil.isNotEmpty(pendingReq.getRawData("saml1_target", String.class)) && pendingReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol")) - target = pendingReq.getGenericData("saml1_target", String.class); + target = pendingReq.getRawData("saml1_target", String.class); String bkuURL = oaParam.getBKUURL(bkuid); if (MiscUtil.isEmpty(bkuURL)) { Logger.info("No OA specific BKU defined. Use BKU from default configuration"); - bkuURL = authConfig.getDefaultBKUURL(bkuid); + bkuURL = moaAuthConfig.getDefaultBKUURL(bkuid); } //search for OA specific template @@ -139,13 +144,13 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { templateURL = oaTemplateURLList.get(0); } else { - templateURL = authConfig.getSLRequestTemplates(bkuid); + templateURL = moaAuthConfig.getSLRequestTemplates(bkuid); } //make url absolut if it is a local url if (MiscUtil.isNotEmpty(templateURL)) templateURL = FileUtils.makeAbsoluteURL(templateURL, - authConfig.getRootConfigFileDir()); + moaAuthConfig.getRootConfigFileDir()); if (oaParam.isOnlyMandateAllowed()) useMandate = "true"; @@ -156,7 +161,7 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { //parse all OA parameters i authInitialisationParser.parse( moasession, target, - pendingReq.getOAURL(), + pendingReq.getSPEntityId(), bkuURL, templateURL, useMandate, diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java index f7a816c74..a02032e74 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java @@ -7,11 +7,12 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -40,7 +41,7 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { // note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet @@ -49,7 +50,7 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { try { //initialize task - defaultTaskInitialization(req, executionContext); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); //build authBlock String createXMLSignatureRequest = authServer diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java index d2fd4d1de..dd7890b7e 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java @@ -30,23 +30,26 @@ import javax.net.ssl.SSLSocketFactory; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.commons.api.exceptions.MISSimpleClientException; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; /** * @author tlenz @@ -55,7 +58,9 @@ import at.gv.egovernment.moa.util.DOMUtils; @Component("PrepareGetMISMandateTask") public class PrepareGetMISMandateTask extends AbstractAuthServletTask { - /* (non-Javadoc) + @Autowired private AuthConfiguration moaAuthConfig; + + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override @@ -66,11 +71,11 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { //mandate Mode try { //perform default task initialization - defaultTaskInitialization(request, executionContext); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); ConnectionParameterInterface connectionParameters = - authConfig.getOnlineMandatesConnectionParameter(pendingReq.getOnlineApplicationConfiguration()); - SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(authConfig, connectionParameters); + moaAuthConfig.getOnlineMandatesConnectionParameter(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class)); + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(moaAuthConfig, connectionParameters); // get identitity link as byte[] Element elem = moasession.getIdentityLink().getSamlAssertion(); @@ -83,9 +88,9 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { String redirectURL = new DataURLBuilder().buildDataURL( pendingReq.getAuthURL(), GET_MIS_SESSIONID, - pendingReq.getRequestID()); + pendingReq.getPendingRequestId()); - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); List<String> profiles = oaParam.getMandateProfiles(); if (profiles == null) { @@ -101,8 +106,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { //TODO: check in case of SSO!!! String targetType = oaParam.getAreaSpecificTargetIdentifier(); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED, mandateReferenceValue); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED, mandateReferenceValue); MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest( connectionParameters.getUrl(), @@ -115,7 +119,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { targetType, authBlock, sslFactory, - authConfig); + moaAuthConfig); if (misSessionID == null) { Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); @@ -129,8 +133,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { //store pending request with new MOASession data information requestStoreage.storePendingRequest(pendingReq); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT); response.setStatus(302); response.addHeader("Location", redirectMISGUI); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java index 5730224e5..c8b562282 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java @@ -3,7 +3,6 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.PARAM_XMLRESPONSE; import java.io.IOException; -import java.io.UnsupportedEncodingException; import java.util.Map; import javax.servlet.http.HttpServletRequest; @@ -13,19 +12,17 @@ import org.apache.commons.fileupload.FileUploadException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; -import org.springframework.util.Base64Utils; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.logging.SpecificTraceLogger; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; /** * Verifies the signed authentication block (provided as {@code CreateXMLSignatureResponse}).<p/> @@ -59,7 +56,7 @@ import at.gv.egovernment.moa.util.MiscUtil; * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet}. * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * - */ + */ @Component("VerifyAuthenticationBlockTask") public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { @@ -83,19 +80,16 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { } String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); - if (createXMLSignatureResponse != null) - SpecificTraceLogger.trace("Raw signed AuthBlock: " + Base64Utils.encodeToString(createXMLSignatureResponse.getBytes())); - + try { //check if authblock is received if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse)) throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); //execute default task initialization - defaultTaskInitialization(req, executionContext); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); //verify authBlock authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java index 6aefb75a1..9f1f23344 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java @@ -13,14 +13,15 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.util.CertificateUtils; @@ -56,7 +57,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { @@ -76,10 +77,9 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { try { //execute default task initialization - defaultTaskInitialization(req, executionContext); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); //read certificate from response X509Certificate cert = authServer.getCertificate(pendingReq, parameters); @@ -113,8 +113,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { } // Foreign Identities Modus - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND); String createXMLSignatureRequest = authServer.createXMLSignatureRequestForeignID(pendingReq, cert); @@ -123,7 +122,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { new DataURLBuilder().buildDataURL( pendingReq.getAuthURL(), REQ_GET_FOREIGN_ID, - pendingReq.getRequestID()); + pendingReq.getPendingRequestId()); CitizenCardServletUtils.writeCreateXMLSignatureRequest(resp, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java index 4408f3852..b7c45a032 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java @@ -10,13 +10,14 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; /** @@ -48,7 +49,7 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { @@ -65,10 +66,9 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { try { //execute default task initialization - defaultTaskInitialization(req, executionContext); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); //verify identityLink boolean identityLinkAvailable = authServer.verifyIdentityLink(pendingReq, moasession, parameters) != null; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java index eca231094..0b5db368f 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java @@ -58,14 +58,14 @@ import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.w3c.dom.traversal.NodeIterator; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BKUException; import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; /** * Parses an <code><InfoboxReadResponse></code> returned from diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java index 390467bf8..4c9c15e99 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java @@ -53,12 +53,12 @@ import java.util.Vector; import org.w3c.dom.Document; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.auth.data.InfoboxToken; import at.gv.egovernment.moa.id.auth.data.InfoboxTokenImpl; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; /** * Parses and unmarshales <code>InfoboxReadResponse<code>. diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java index 154092b03..8458bce01 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java @@ -63,14 +63,14 @@ import org.apache.xpath.XPathAPI; import org.w3c.dom.Document; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BKUException; import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; import iaik.x509.X509Certificate; /** diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java index 139be49fe..582af517c 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java @@ -31,6 +31,8 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; + /** * @author tlenz * diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 1d2887e6a..ab9be7163 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -54,31 +54,31 @@ import java.util.List; import javax.xml.bind.DatatypeConverter; import org.jaxen.SimpleNamespaceContext; -import org.springframework.util.Base64Utils; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.logging.SpecificTraceLogger; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; -import at.gv.egovernment.moa.util.XPathUtils; /** * @@ -136,18 +136,18 @@ public class CreateXMLSignatureResponseValidator { * @throws BuildException * @throws ConfigurationException */ - public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, IAuthenticationSession session, IRequest pendingReq, boolean validateTargetFriendlyName) - throws ValidateException, BuildException, ConfigurationException { + public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, IAuthenticationSession session, IRequest pendingReq) + throws ValidateException, BuildException, ConfigurationException, EAAFBuilderException { // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); String oaURL = oaParam.getPublicURLPrefix(); IIdentityLink identityLink = session.getIdentityLink(); @Deprecated - String saml1RequestedTarget = pendingReq.getGenericData( + String saml1RequestedTarget = pendingReq.getRawData( MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class); @Deprecated - String saml1RequestedFriendlyName = pendingReq.getGenericData( + String saml1RequestedFriendlyName = pendingReq.getRawData( MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class); try { @@ -273,16 +273,8 @@ public class CreateXMLSignatureResponseValidator { } String refValueSector = userSectorId.getSecond().substring(MOAIDAuthConstants.PREFIX_CDID.length()) + " (" + sectorName + ")"; - if (!refValueSector.equals((String)samlAttribute.getValue())) { - if (validateTargetFriendlyName) - throw new ValidateException("validator.13", new Object[] {(String)samlAttribute.getValue(), refValueSector}); - - else { - Logger.warn("AuthBlock 'TargetFriendlyName' " + samlAttribute.getValue() + " does not match to " + refValueSector); - - } - - } + if (!refValueSector.equals((String)samlAttribute.getValue())) + throw new ValidateException("validator.13", new Object[] {(String)samlAttribute.getValue(), refValueSector}); } else throw new ValidateException("validator.12", null); @@ -438,7 +430,7 @@ public class CreateXMLSignatureResponseValidator { } catch (Exception e) { SpecificTraceLogger.trace("Validate AuthBlock without SSO"); - SpecificTraceLogger.trace("Signed AuthBlock: " + Base64Utils.encodeToString(session.getAuthBlock().getBytes())); + SpecificTraceLogger.trace("Signed AuthBlock: " + session.getAuthBlock()); SpecificTraceLogger.trace("OA config: " + oaParam.toString()); SpecificTraceLogger.trace("saml1RequestedTarget: " + saml1RequestedTarget); SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + saml1RequestedFriendlyName); @@ -671,12 +663,12 @@ public class CreateXMLSignatureResponseValidator { } catch (Exception e) { SpecificTraceLogger.trace("Validate AuthBlock with SSO"); - SpecificTraceLogger.trace("Signed AuthBlock: " + Base64Utils.encodeToString(session.getAuthBlock().getBytes())); - SpecificTraceLogger.trace("OA config: " + pendingReq.getOnlineApplicationConfiguration().toString()); + SpecificTraceLogger.trace("Signed AuthBlock: " + session.getAuthBlock()); + SpecificTraceLogger.trace("OA config: " + pendingReq.getServiceProviderConfiguration().toString()); throw e; } - + } public void validateSigningDateTime( CreateXMLSignatureResponse csresp) throws ValidateException { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index 7bb07df74..e023a6507 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -63,17 +63,17 @@ import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; /** diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java index d093cc7f0..01e349d0f 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java @@ -56,9 +56,10 @@ import javax.servlet.http.HttpServletResponse; import com.google.common.net.MediaType; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; +import at.gv.egiz.eaaf.core.impl.utils.ServletUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; @@ -69,7 +70,7 @@ import at.gv.egovernment.moa.logging.Logger; */ public class CitizenCardServletUtils extends ServletUtils{ - /** + /** * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing * depending on the requests starting text. * @@ -88,7 +89,7 @@ public class CitizenCardServletUtils extends ServletUtils{ if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) { resp.setStatus(307); String dataURL = new DataURLBuilder().buildDataURL( - pendingReq.getAuthURL(), MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK, pendingReq.getRequestID()); + pendingReq.getAuthURL(), MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK, pendingReq.getPendingRequestId()); resp.addHeader("Location", dataURL); //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) @@ -100,7 +101,7 @@ public class CitizenCardServletUtils extends ServletUtils{ Logger.debug("Finished POST " + servletName); } else { - String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), servletGoal, pendingReq.getRequestID()); + String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), servletGoal, pendingReq.getPendingRequestId()); resp.setContentType("text/html"); resp.setStatus(302); resp.addHeader("Location", redirectURL); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index 26d50905e..fe0e659c7 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -70,12 +70,12 @@ import org.w3c.dom.Node; import org.w3c.dom.NodeList; import org.xml.sax.SAXException; -import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.MISSimpleClientException; import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule index e628fbd1b..e628fbd1b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml index 74792ed72..48c7b6a07 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml @@ -15,7 +15,8 @@ <pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" /> <pd:Task id="prepareGetMISMandate" class="PrepareGetMISMandateTask" /> <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> - <pd:Task id="getForeignID" class="GetForeignIDTask" async="true" /> + <pd:Task id="getForeignID" class="GetForeignIDTask" async="true" /> + <pd:Task id="userRestrictionTask" class="UserRestrictionTask" /> <!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. --> <pd:StartEvent id="start" /> @@ -39,13 +40,15 @@ <pd:Transition from="verifyCertificate" to="getForeignID" /> <pd:Transition from="verifyAuthBlock" to="prepareGetMISMandate" conditionExpression="ctx['useMandate']" /> - <pd:Transition from="verifyAuthBlock" to="finalizeAuthentication" /> + <pd:Transition from="verifyAuthBlock" to="userRestrictionTask" /> <pd:Transition from="prepareGetMISMandate" to="getMISMandate" /> - <pd:Transition from="getMISMandate" to="finalizeAuthentication" /> - <pd:Transition from="getForeignID" to="finalizeAuthentication" /> + <pd:Transition from="getMISMandate" to="userRestrictionTask" /> + <pd:Transition from="getForeignID" to="userRestrictionTask" /> + + <pd:Transition from="userRestrictionTask" to="finalizeAuthentication" /> <pd:Transition from="finalizeAuthentication" to="end" /> <pd:EndEvent id="end" /> diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java index ec15a209c..9d59b60f3 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java @@ -48,10 +48,9 @@ package test.at.gv.egovernment.moa.id.auth.builder; import org.w3c.dom.Document; import test.at.gv.egovernment.moa.id.UnitTestCase; - +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; /** * @author Paul Ivancsics diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java index f2fde6322..f83f57144 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java @@ -46,9 +46,9 @@ package test.at.gv.egovernment.moa.id.auth.builder; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.util.Constants; import test.at.gv.egovernment.moa.id.UnitTestCase; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java index 977764878..88b973457 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java @@ -46,20 +46,19 @@ package test.at.gv.egovernment.moa.id.auth.parser; -import iaik.security.rsa.RSAPublicKey; - import java.io.FileOutputStream; import java.io.RandomAccessFile; import java.security.PublicKey; import org.w3c.dom.Document; -import test.at.gv.egovernment.moa.id.UnitTestCase; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; +import iaik.security.rsa.RSAPublicKey; +import test.at.gv.egovernment.moa.id.UnitTestCase; /** * @author Paul Ivancsics @@ -74,7 +73,7 @@ public class IdentityLinkAssertionParserTest extends UnitTestCase { } public void setUp() { - try { + try { RandomAccessFile s = new RandomAccessFile( "data/test/xmldata/testperson1/InfoboxReadResponse.xml", diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java index 38bf1cab6..58c6b66d0 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java @@ -48,10 +48,10 @@ package test.at.gv.egovernment.moa.id.auth.parser; import java.io.RandomAccessFile; -import test.at.gv.egovernment.moa.id.UnitTestCase; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import test.at.gv.egovernment.moa.id.UnitTestCase; /** * @author Paul Ivancsics @@ -64,7 +64,7 @@ public class InfoboxReadResponseParserTest extends UnitTestCase { public InfoboxReadResponseParserTest(String name) { super(name); } - + public void setUp() { } diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml new file mode 100644 index 000000000..c340f90c9 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml @@ -0,0 +1,59 @@ +<?xml version="1.0"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-modules</artifactId> + <version>${moa-id-version}</version> + </parent> + <artifactId>moa-id-module-AT_eIDAS_connector</artifactId> + <name>moa-id-module-AT_eIDAS_connector</name> + <url>http://maven.apache.org</url> + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + <repositoryPath>${basedir}/../../../../repository</repositoryPath> + </properties> + + <profiles> + <profile> + <id>default</id> + <activation> + <activeByDefault>true</activeByDefault> + </activation> + <repositories> + <repository> + <id>local</id> + <name>local</name> + <url>file:${basedir}/../../../../repository</url> + </repository> + <repository> + <id>egiz-commons</id> + <url>https://demo.egiz.gv.at/int-repo/</url> + <releases> + <enabled>true</enabled> + </releases> + </repository> + </repositories> + </profile> + </profiles> + + <dependencies> + <dependency> + <groupId>MOA.id.server</groupId> + <artifactId>moa-id-lib</artifactId> + </dependency> + + + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> + </dependencies> +</project> diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java new file mode 100644 index 000000000..19950a078 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java @@ -0,0 +1,94 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; + +/** + * @author tlenz + * + */ +public class EidasCentralAuthConstants { + + public static final String MODULE_NAME_FOR_LOGGING = "eIDAS central authentication"; + + public static final int METADATA_VALIDUNTIL_IN_HOURS = 24; + + public static final String HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION = "useeIDAS"; + + public static final String ENDPOINT_POST = "/sp/eidas/post"; + public static final String ENDPOINT_REDIRECT = "/sp/eidas/redirect"; + public static final String ENDPOINT_METADATA = "/sp/eidas/metadata"; + + public static final String CONFIG_PROPS_PREFIX = "modules.eidascentralauth."; + public static final String CONFIG_PROPS_KEYSTORE = CONFIG_PROPS_PREFIX + "keystore.path"; + public static final String CONFIG_PROPS_KEYSTOREPASSWORD = CONFIG_PROPS_PREFIX + "keystore.password"; + public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.password"; + public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.alias"; + public static final String CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.password"; + public static final String CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.alias"; + public static final String CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.password"; + public static final String CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.alias"; + public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + "required.additional.attributes"; + public static final String CONFIG_PROPS_NODE_ENTITYID = CONFIG_PROPS_PREFIX + "node.entityId"; + public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "node.metadataUrl"; + public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "node.trustprofileID"; + + + public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EAAFConstants.EIDAS_LOA_HIGH; + public static final List<Trible<String, String, Boolean>> DEFAULT_REQUIRED_PVP_ATTRIBUTES = + Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() { + private static final long serialVersionUID = 1L; + { + //add PVP Version attribute + add(Trible.newInstance(PVPConstants.PVP_VERSION_NAME, PVPConstants.PVP_VERSION_FRIENDLY_NAME, true)); + + //request entity information + add(Trible.newInstance(PVPConstants.GIVEN_NAME_NAME, PVPConstants.GIVEN_NAME_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.PRINCIPAL_NAME_NAME, PVPConstants.PRINCIPAL_NAME_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.BIRTHDATE_NAME, PVPConstants.BIRTHDATE_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.BPK_NAME, PVPConstants.BPK_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, PVPConstants.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.EID_ISSUING_NATION_NAME, PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.EID_IDENTITY_LINK_NAME, PVPConstants.EID_IDENTITY_LINK_FRIENDLY_NAME, false)); + } + }); + + public static final List<String> DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES = + Collections.unmodifiableList(new ArrayList<String>() { + private static final long serialVersionUID = 1L; + { + for (Trible<String, String, Boolean> el : DEFAULT_REQUIRED_PVP_ATTRIBUTES) + add(el.getFirst()); + } + }); +} + + diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java new file mode 100644 index 000000000..821a200c7 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java @@ -0,0 +1,103 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth; + +import java.io.Serializable; + +import javax.annotation.PostConstruct; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class EidasCentralAuthModuleImpl implements AuthModule { + + @Autowired(required=true) private AuthenticationManager authManager; + + private int priority = 0; + + @PostConstruct + protected void initalCentralEidasAuthentication() { + //parameter to whiteList + authManager.addParameterNameToWhiteList(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION); + + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() + */ + @Override + public int getPriority() { + return priority; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context) { + Serializable paramObj = context.get(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION); + if (paramObj != null ) { + if (paramObj instanceof String) { + String param = (String)paramObj; + if (StringUtils.isNotEmpty(param) && Boolean.parseBoolean(param)) { + Logger.debug("Centrial eIDAS authentication process selected "); + return "centrialEidasAuthentication"; + + } else + Logger.trace(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION + + " is empty or has value: " + Boolean.parseBoolean(param)); + + } else + Logger.info("Find suspect http param '" + EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION + + "' of type: " + paramObj.getClass().getName()); + } + return null; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:eIDAS_central_node_auth.process.xml" }; + } + + /** + * @param priority the priority to set + */ + public void setPriority(int priority) { + this.priority = priority; + + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthSpringResourceProvider.java index e7412a0fc..beaaee619 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthSpringResourceProvider.java @@ -20,54 +20,44 @@ * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ -package at.gv.egovernment.moa.id.saml2; +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth; -import java.util.ArrayList; -import java.util.List; +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; -import org.opensaml.saml2.metadata.provider.FilterException; -import org.opensaml.saml2.metadata.provider.MetadataFilter; -import org.opensaml.xml.XMLObject; - -import at.gv.egovernment.moa.logging.Logger; +import at.gv.egiz.components.spring.api.SpringResourceProvider; /** * @author tlenz * */ -public class MetadataFilterChain implements MetadataFilter { +public class EidasCentralAuthSpringResourceProvider implements SpringResourceProvider { - private List<MetadataFilter> filters = new ArrayList<MetadataFilter>(); - - /** - * Return all actually used Metadata filters - * - * @return List of Metadata filters + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() */ - public List<MetadataFilter> getFilters() { - return filters; + @Override + public Resource[] getResourcesToLoad() { + ClassPathResource federationAuthConfig = new ClassPathResource("/moaid_eIDAS_central_node_auth.beans.xml", EidasCentralAuthSpringResourceProvider.class); + + return new Resource[] {federationAuthConfig}; } - - /** - * Add a new Metadata filter to filterchain - * - * @param filter + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan() */ - public void addFilter(MetadataFilter filter) { - filters.add(filter); + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; } - - + /* (non-Javadoc) - * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName() */ @Override - public void doFilter(XMLObject arg0) throws FilterException { - for (MetadataFilter filter : filters) { - Logger.trace("Use MOAMetadataFilter " + filter.getClass().getName()); - filter.doFilter(arg0); - } - + public String getName() { + return "MOA-ID Auth-module 'central eIDAS Authentication'"; } } diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java new file mode 100644 index 000000000..aad1244f1 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java @@ -0,0 +1,355 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.NameIDType; +import org.opensaml.saml2.metadata.ContactPerson; +import org.opensaml.saml2.metadata.Organization; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.xml.security.credential.Credential; + +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class EidasCentralAuthMetadataConfiguration implements IPVPMetadataBuilderConfiguration { + + private Collection<RequestedAttribute> additionalAttributes = null; + + + private String authURL; + private EidasCentralAuthCredentialProvider credentialProvider; + private IPVP2BasicConfiguration pvpConfiguration; + + public EidasCentralAuthMetadataConfiguration(String authURL, + EidasCentralAuthCredentialProvider credentialProvider, + IPVP2BasicConfiguration pvpConfiguration) { + this.authURL = authURL; + this.credentialProvider = credentialProvider; + this.pvpConfiguration = pvpConfiguration; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataValidUntil() + */ + @Override + public int getMetadataValidUntil() { + return EidasCentralAuthConstants.METADATA_VALIDUNTIL_IN_HOURS; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildEntitiesDescriptorAsRootElement() + */ + @Override + public boolean buildEntitiesDescriptorAsRootElement() { + return false; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildIDPSSODescriptor() + */ + @Override + public boolean buildIDPSSODescriptor() { + return false; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildSPSSODescriptor() + */ + @Override + public boolean buildSPSSODescriptor() { + return true; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityIDPostfix() + */ + @Override + public String getEntityID() { + return authURL + EidasCentralAuthConstants.ENDPOINT_METADATA; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityFriendlyName() + */ + @Override + public String getEntityFriendlyName() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getContactPersonInformation() + */ + @Override + public List<ContactPerson> getContactPersonInformation() { + try { + return pvpConfiguration.getIDPContacts(); + + } catch (EAAFException e) { + Logger.warn("Can not load Metadata entry: Contect Person", e); + return null; + + } + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getOrgansiationInformation() + */ + @Override + public Organization getOrgansiationInformation() { + try { + return pvpConfiguration.getIDPOrganisation(); + + } catch (EAAFException e) { + Logger.warn("Can not load Metadata entry: Organisation", e); + return null; + + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataSigningCredentials() + */ + @Override + public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPMetaDataSigningCredential(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getRequestorResponseSigningCredentials() + */ + @Override + public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPAssertionSigningCredential(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEncryptionCredentials() + */ + @Override + public Credential getEncryptionCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPAssertionEncryptionCredential(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSOPostBindingURL() + */ + @Override + public String getIDPWebSSOPostBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSORedirectBindingURL() + */ + @Override + public String getIDPWebSSORedirectBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLOPostBindingURL() + */ + @Override + public String getIDPSLOPostBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLORedirectBindingURL() + */ + @Override + public String getIDPSLORedirectBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServicePostBindingURL() + */ + @Override + public String getSPAssertionConsumerServicePostBindingURL() { + return authURL + EidasCentralAuthConstants.ENDPOINT_POST; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServiceRedirectBindingURL() + */ + @Override + public String getSPAssertionConsumerServiceRedirectBindingURL() { + return authURL + EidasCentralAuthConstants.ENDPOINT_REDIRECT; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOPostBindingURL() + */ + @Override + public String getSPSLOPostBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLORedirectBindingURL() + */ + @Override + public String getSPSLORedirectBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOSOAPBindingURL() + */ + @Override + public String getSPSLOSOAPBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleAttributes() + */ + @Override + public List<Attribute> getIDPPossibleAttributes() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleNameITTypes() + */ + @Override + public List<String> getIDPPossibleNameITTypes() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPRequiredAttributes() + */ + @Override + public Collection<RequestedAttribute> getSPRequiredAttributes() { + Map<String, RequestedAttribute> requestedAttributes = new HashMap<String, RequestedAttribute>(); + for (Trible<String, String, Boolean> el : EidasCentralAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES) + requestedAttributes.put(el.getFirst(), PVPAttributeBuilder.buildReqAttribute(el.getFirst(), el.getSecond(), el.getThird())); + + if (additionalAttributes != null) { + Logger.trace("Add additional PVP attributes into metadata ... "); + for (RequestedAttribute el : additionalAttributes) { + if (requestedAttributes.containsKey(el.getName())) + Logger.debug("Attribute " + el.getName() + " is already added by default configuration. Overwrite it by user configuration"); + + requestedAttributes.put(el.getName(), el); + + } + } + + return requestedAttributes.values(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAllowedNameITTypes() + */ + @Override + public List<String> getSPAllowedNameITTypes() { + return Arrays.asList(NameIDType.PERSISTENT); + + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#getSPNameForLogging() + */ + @Override + public String getSPNameForLogging() { + return EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAssertionSigned() + */ + @Override + public boolean wantAssertionSigned() { + return false; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned() + */ + @Override + public boolean wantAuthnRequestSigned() { + return true; + } + + /** + * Add additonal PVP attributes that are required by this deployment + * + * @param additionalAttr List of PVP attribute name and isRequired flag + */ + public void setAdditionalRequiredAttributes(List<Pair<String, Boolean>> additionalAttr) { + if (additionalAttr != null) { + additionalAttributes = new ArrayList<RequestedAttribute>(); + for (Pair<String, Boolean> el : additionalAttr) { + Attribute attributBuilder = PVPAttributeBuilder.buildEmptyAttribute(el.getFirst()); + if (attributBuilder != null) { + additionalAttributes.add( + PVPAttributeBuilder.buildReqAttribute( + attributBuilder.getName(), + attributBuilder.getFriendlyName(), + el.getSecond())); + + } else + Logger.info("NO PVP attribute with name: " + el.getFirst()); + + } + } + } + +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java new file mode 100644 index 000000000..8376f3aad --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java @@ -0,0 +1,272 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config; + +import java.util.List; + +import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.xml.security.credential.Credential; +import org.w3c.dom.Element; + +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; + +/** + * @author tlenz + * + */ +public class EidasCentralAuthRequestBuilderConfiguration implements IPVPAuthnRequestBuilderConfiguruation { + + private boolean isPassive; + private String SPEntityID; + private String QAA_Level; + private EntityDescriptor idpEntity; + private Credential signCred; + private String scopeRequesterId; + private String providerName; + private List<EAAFRequestedAttribute> requestedAttributes; + private String reqId; + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#isPassivRequest() + */ + @Override + public Boolean isPassivRequest() { + return this.isPassive; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAssertionConsumerServiceId() + */ + @Override + public Integer getAssertionConsumerServiceId() { + return 0; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getEntityID() + */ + @Override + public String getSPEntityID() { + return this.SPEntityID; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() + */ + @Override + public String getNameIDPolicyFormat() { + return NameID.PERSISTENT; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() + */ + @Override + public boolean getNameIDPolicyAllowCreation() { + return true; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnContextClassRef() + */ + @Override + public String getAuthnContextClassRef() { + return this.QAA_Level; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnContextComparison() + */ + @Override + public AuthnContextComparisonTypeEnumeration getAuthnContextComparison() { + return AuthnContextComparisonTypeEnumeration.MINIMUM; + } + + /** + * @param isPassive the isPassive to set + */ + public void setPassive(boolean isPassive) { + this.isPassive = isPassive; + } + + /** + * @param sPEntityID the sPEntityID to set + */ + public void setSPEntityID(String sPEntityID) { + SPEntityID = sPEntityID; + } + + /** + * @param qAA_Level the qAA_Level to set + */ + public void setQAA_Level(String qAA_Level) { + QAA_Level = qAA_Level; + } + + /** + * @param idpEntity the idpEntity to set + */ + public void setIdpEntity(EntityDescriptor idpEntity) { + this.idpEntity = idpEntity; + } + + /** + * @param signCred the signCred to set + */ + public void setSignCred(Credential signCred) { + this.signCred = signCred; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnRequestSigningCredential() + */ + @Override + public Credential getAuthnRequestSigningCredential() { + return this.signCred; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getIDPEntityDescriptor() + */ + @Override + public EntityDescriptor getIDPEntityDescriptor() { + return this.idpEntity; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameID() + */ + @Override + public String getSubjectNameID() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSPNameForLogging() + */ + @Override + public String getSPNameForLogging() { + return EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDFormat() + */ + @Override + public String getSubjectNameIDFormat() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getRequestID() + */ + @Override + public String getRequestID() { + return this.reqId; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDQualifier() + */ + @Override + public String getSubjectNameIDQualifier() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationMethode() + */ + @Override + public String getSubjectConformationMethode() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationDate() + */ + @Override + public Element getSubjectConformationDate() { + return null; + } + + @Override + public List<EAAFRequestedAttribute> getRequestedAttributes() { + return this.requestedAttributes; + + } + + @Override + public String getProviderName() { + return this.providerName; + } + + @Override + public String getScopeRequesterId() { + return this.scopeRequesterId; + } + + /** + * Set the entityId of the SP that requests the proxy for eIDAS authentication + * + * @param scopeRequesterId + */ + public void setScopeRequesterId(String scopeRequesterId) { + this.scopeRequesterId = scopeRequesterId; + } + + /** + * Set a friendlyName for the SP that requests the proxy for eIDAS authentication + * + * @param providerName + */ + public void setProviderName(String providerName) { + this.providerName = providerName; + } + + /** + * Set a Set of PVP attributes that a requested by using requested attributes + * + * @param requestedAttributes + */ + public void setRequestedAttributes(List<EAAFRequestedAttribute> requestedAttributes) { + this.requestedAttributes = requestedAttributes; + } + + /** + * Set a RequestId for this Authn. Request + * + * @param reqId + */ + public void setRequestId(String reqId) { + this.reqId = reqId; + } + + + + +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java new file mode 100644 index 000000000..4898c8f1e --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java @@ -0,0 +1,133 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import com.google.common.net.MediaType; + +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config.EidasCentralAuthMetadataConfiguration; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Controller +public class EidasCentralAuthMetadataController extends AbstractController { + + @Autowired PVPMetadataBuilder metadatabuilder; + @Autowired AuthConfiguration authConfig; + @Autowired EidasCentralAuthCredentialProvider credentialProvider; + @Autowired IPVP2BasicConfiguration pvpConfiguration; + + public EidasCentralAuthMetadataController() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + + " with mappings '" + EidasCentralAuthConstants.ENDPOINT_METADATA + + "'."); + + } + + @RequestMapping(value = EidasCentralAuthConstants.ENDPOINT_METADATA, + method = {RequestMethod.GET}) + public void getSPMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException { + //check PublicURL prefix + try { + String authURL = HTTPUtils.extractAuthURLFromRequest(req); + if (!authConfig.getPublicURLPrefix().contains(authURL)) { + resp.sendError(HttpServletResponse.SC_FORBIDDEN, "No valid request URL"); + return; + + } else { + //initialize metadata builder configuration + EidasCentralAuthMetadataConfiguration metadataConfig = + new EidasCentralAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration); + metadataConfig.setAdditionalRequiredAttributes(getAdditonalRequiredAttributes()); + + + //build metadata + String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig); + + //write response + byte[] content = xmlMetadata.getBytes("UTF-8"); + resp.setStatus(HttpServletResponse.SC_OK); + resp.setContentLength(content.length); + resp.setContentType(MediaType.XML_UTF_8.toString()); + resp.getOutputStream().write(content); + + } + + } catch (Exception e) { + Logger.warn("Build federated-authentication PVP metadata FAILED.", e); + handleErrorNoRedirect(e, req, resp, false); + + } + + } + + private List<Pair<String, Boolean>> getAdditonalRequiredAttributes() { + Map<String, String> addReqAttributes = authConfig.getBasicMOAIDConfigurationWithPrefix(EidasCentralAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST); + if (addReqAttributes != null) { + List<Pair<String, Boolean>> result = new ArrayList<Pair<String, Boolean>>(); + for (String el : addReqAttributes.values()) { + if (MiscUtil.isNotEmpty(el)) { + Logger.trace("Parse additional attr. definition: " + el); + List<String> attr = KeyValueUtils.getListOfCSVValues(el.trim()); + if (attr.size() == 2) { + result.add(Pair.newInstance(attr.get(0), Boolean.parseBoolean(attr.get(1)))); + + } else + Logger.info("IGNORE additional attr. definition: " + el + + " Reason: Format not valid"); + } + } + + return result; + } + + return null; + } + +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthSignalController.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthSignalController.java new file mode 100644 index 000000000..1486ef841 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthSignalController.java @@ -0,0 +1,67 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.text.StringEscapeUtils; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Controller +public class EidasCentralAuthSignalController extends AbstractProcessEngineSignalController { + + public EidasCentralAuthSignalController() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + + " with mappings '" + EidasCentralAuthConstants.ENDPOINT_POST + + "' and '" + EidasCentralAuthConstants.ENDPOINT_REDIRECT + "'."); + + } + + @RequestMapping(value = { EidasCentralAuthConstants.ENDPOINT_POST, + EidasCentralAuthConstants.ENDPOINT_REDIRECT + }, + method = {RequestMethod.POST, RequestMethod.GET}) + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + signalProcessManagement(req, resp); + + } + + public String getPendingRequestId(HttpServletRequest request) { + return StringEscapeUtils.escapeHtml4(request.getParameter("RelayState")); + + } +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java new file mode 100644 index 000000000..c1229e3ff --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java @@ -0,0 +1,184 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.tasks; + +import java.security.NoSuchAlgorithmException; +import java.util.ArrayList; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.xml.security.SecurityException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config.EidasCentralAuthRequestBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Component("CreateEidasCentrialAuthnRequestTask") +public class CreateAuthnRequestTask extends AbstractAuthServletTask { + + @Autowired PVPAuthnRequestBuilder authnReqBuilder; + @Autowired EidasCentralAuthCredentialProvider credential; + @Autowired EidasCentralAuthMetadataProvider metadataService; + + //@Autowired(required=true) ILoALevelMapper loaMapper; + //@Autowired(required=true) MOAMetadataProvider metadataProvider; + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try{ + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_SELECTED); + + //check if eIDAS authentication is enabled for this SP + if (!Boolean.parseBoolean(pendingReq.getServiceProviderConfiguration().getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED, String.valueOf(false)))) { + Logger.info("eIDAS authentication is NOT enabled for OA: " + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier()); + throw new MOAIDException("eIDAS authentication is NOT enabled for OA: " + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(), null); + + } + + // get entityID for central ms-specific eIDAS node + String msNodeEntityID = Utils.getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration(), authConfig); + + + if (MiscUtil.isEmpty(msNodeEntityID)) { + Logger.info("eIDAS authentication not possible -> NO EntityID for central eIDAS node FOUND!"); + throw new MOAIDException("NO EntityID for central eIDAS node FOUND", null); + + } + + //load metadata with metadataURL, as backup + String metadataURL = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_METADATAURL); + if (MiscUtil.isNotEmpty(metadataURL)) { + Logger.warn("Use not recommended metadata-provider initialization!" + + " SAML2 'Well-Known-Location' is the preferred methode."); + Logger.info("Initialize 'ms-specific eIDAS node' metadata-provider with URL:" + metadataURL); + metadataService.addMetadataWithMetadataURL(metadataURL); + + } + + //load IDP SAML2 entitydescriptor + EntityDescriptor entityDesc = metadataService.getEntityDescriptor(msNodeEntityID); + if (entityDesc == null) { + Logger.error("Requested 'ms-specific eIDAS node' " + entityDesc + + " has no valid metadata or metadata is not found"); + throw new MOAIDException("Requested 'ms-specific eIDAS node' " + entityDesc + + " has no valid metadata or metadata is not found", null); + + } + + //setup AuthnRequestBuilder configuration + EidasCentralAuthRequestBuilderConfiguration authnReqConfig = new EidasCentralAuthRequestBuilderConfiguration(); + SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + authnReqConfig.setRequestId(gen.generateIdentifier()); + authnReqConfig.setIdpEntity(entityDesc); + authnReqConfig.setPassive(false); + authnReqConfig.setSignCred(credential.getIDPAssertionSigningCredential()); + authnReqConfig.setSPEntityID(pendingReq.getAuthURL() + EidasCentralAuthConstants.ENDPOINT_METADATA); + authnReqConfig.setQAA_Level( + pendingReq.getServiceProviderConfiguration().getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, + EidasCentralAuthConstants.CONFIG_DEFAULT_LOA_EIDAS_LEVEL)); + + authnReqConfig.setScopeRequesterId(pendingReq.getServiceProviderConfiguration().getUniqueIdentifier()); + authnReqConfig.setProviderName(pendingReq.getServiceProviderConfiguration().getFriendlyName()); + authnReqConfig.setRequestedAttributes(buildRequestedAttributes()); + + //build and transmit AuthnRequest + authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response); + + revisionsLogger.logEvent(pendingReq, + MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_REQUESTED, + authnReqConfig.getRequestID()); + + } catch (MOAIDException e) { + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } catch (MetadataProviderException e) { + + throw new TaskExecutionException(pendingReq, + "Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED.", + new AuthnRequestBuildException("sp.pvp2.02", new Object[] {"'national central eIDASNode'"},e )); + + } catch (MessageEncodingException | NoSuchAlgorithmException | SecurityException e) { + Logger.error("Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED", e); + throw new TaskExecutionException(pendingReq, + e.getMessage(), + new AuthnRequestBuildException("sp.pvp2.13", new Object[] {"'national central eIDASNode'"},e )); + + } catch (Exception e) { + Logger.error("Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + } + + private List<EAAFRequestedAttribute> buildRequestedAttributes() { + List<EAAFRequestedAttribute> attributs = new ArrayList<EAAFRequestedAttribute>(); + + //build EID sector for identification attribute + Attribute attr = PVPAttributeBuilder.buildEmptyAttribute(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME); + EAAFRequestedAttribute reqAttr = SAML2Utils.generateReqAuthnAttributeSimple( + attr , + true, + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + attributs.add(reqAttr ); + + //TODO: add mandate information if mandates are used!!!! + + return attributs; + } + +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java new file mode 100644 index 000000000..f3eaff11a --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java @@ -0,0 +1,269 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.tasks; + +import java.io.IOException; +import java.util.Set; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.transform.TransformerException; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.security.SecurityException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Component("ReceiveFederatedAuthnResponseTask") +public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { + + @Autowired private SAMLVerificationEngineSP samlVerificationEngine; + @Autowired private EidasCentralAuthCredentialProvider credentialProvider; + @Autowired(required=true) EidasCentralAuthMetadataProvider metadataProvider; + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + InboundMessage msg = null; + + try { + + IDecoder decoder = null; + EAAFURICompare comperator = null; + //select Response Binding + if (request.getMethod().equalsIgnoreCase("POST")) { + decoder = new PostBinding(); + comperator = new EAAFURICompare(pendingReq.getAuthURL() + EidasCentralAuthConstants.ENDPOINT_POST); + Logger.trace("Receive PVP Response from 'ms-specific eIDAS node', by using POST-Binding."); + + } else if (request.getMethod().equalsIgnoreCase("GET")) { + decoder = new RedirectBinding(); + comperator = new EAAFURICompare(pendingReq.getAuthURL() + EidasCentralAuthConstants.ENDPOINT_REDIRECT); + Logger.trace("Receive PVP Response from 'ms-specific eIDAS node', by using Redirect-Binding."); + + } else { + Logger.warn("Receive PVP Response, but Binding (" + + request.getMethod() + ") is not supported."); + throw new AuthnResponseValidationException("sp.pvp2.03", new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING}); + + } + + //decode PVP response object + msg = (InboundMessage) decoder.decode( + request, response, metadataProvider, true, + comperator); + + if (MiscUtil.isEmpty(msg.getEntityID())) { + throw new InvalidProtocolRequestException("sp.pvp2.04", + new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING}); + + } + + //validate response signature + if(!msg.isVerified()) { + samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); + msg.setVerified(true); + + } + + //validate assertion + PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg); + + //validate entityId of response + String msNodeEntityID = Utils.getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration(), authConfig); + String respEntityId = msg.getEntityID(); + if (!msNodeEntityID.equals(respEntityId)) { + Logger.warn("Response Issuer is not a 'ms-specific eIDAS node'. Stopping eIDAS authentication ..."); + throw new AuthnResponseValidationException("sp.pvp2.08", + new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING, + msg.getEntityID()}); + + } + + //initialize Attribute extractor + AssertionAttributeExtractor extractor = + new AssertionAttributeExtractor((Response) processedMsg.getResponse()); + + getAuthDataFromInterfederation(extractor, pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class)); + + //store pending-request + requestStoreage.storePendingRequest(pendingReq); + + //write log entries + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID); + Logger.info("Receive a valid assertion from IDP " + msg.getEntityID()); + + } catch (MessageDecodingException | SecurityException e) { + String samlRequest = request.getParameter("SAMLRequest"); + Logger.warn("Receive INVALID PVP Response from 'ms-specific eIDAS node': " + samlRequest, e); + throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from federated IDP", + new AuthnResponseValidationException("sp.pvp2.11", new Object[] {"'national central eIDASNode'"}, e)); + + } catch (IOException | MarshallingException | TransformerException e) { + Logger.warn("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); + throw new TaskExecutionException(pendingReq, "Processing PVP response from 'ms-specific eIDAS node' FAILED.", + new AuthnResponseValidationException("sp.pvp2.12", new Object[] {"'national central eIDASNode'", e.getMessage()}, e)); + + } catch (CredentialsNotAvailableException e) { + Logger.error("PVP response decrytion FAILED. No credential found.", e); + throw new TaskExecutionException(pendingReq, "PVP response decrytion FAILED. No credential found.", + new AuthnResponseValidationException("sp.pvp2.10", new Object[] {"'national central eIDASNode'"}, e)); + + } catch (AssertionValidationExeption | AuthnResponseValidationException e) { + Logger.info("PVP response validation FAILED. Msg:" + e.getMessage()); + throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", + new AuthnResponseValidationException("sp.pvp2.10", new Object[] {"'national central eIDASNode'"}, e)); + + } catch (Exception e) { + Logger.warn("PVP response validation FAILED. Msg:" + e.getMessage(), e); + throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", + new AuthnResponseValidationException("sp.pvp2.12", new Object[] {"'national central eIDASNode'", e.getMessage()}, e)); + + } + + } + + private void getAuthDataFromInterfederation(AssertionAttributeExtractor extractor, IOAAuthParameters spConfig) throws BuildException, ConfigurationException{ + try { + //check if all attributes are include + if (!extractor.containsAllRequiredAttributes() + && !extractor.containsAllRequiredAttributes(EidasCentralAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES)) { + Logger.warn("PVP Response from 'ms-specific eIDAS node' contains not all requested attributes."); + throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING}); + + } + + //copy attributes into MOASession + AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames(); + for (String el : includedAttrNames) { + String value = extractor.getSingleAttributeValue(el); + session.setGenericDataToSession(el, value); + Logger.debug("Add PVP-attribute " + el + " into MOASession"); + + } + + //set foreigner flag + session.setForeigner(true); + if (extractor.getFullAssertion().getIssuer() != null && + StringUtils.isNotEmpty(extractor.getFullAssertion().getIssuer().getValue())) + session.setBkuURL(extractor.getFullAssertion().getIssuer().getValue()); + else + session.setBkuURL("eIDAS_Authentication"); + + + } catch (AssertionValidationExeption e) { + throw new BuildException("builder.06", null, e); + + } catch (EAAFStorageException e) { + throw new BuildException("builder.06", null, e); + + } + } + + /** + * PreProcess AuthResponse and Assertion + * @param msg + * @throws TransformerException + * @throws MarshallingException + * @throws IOException + * @throws CredentialsNotAvailableException + * @throws AssertionValidationExeption + * @throws AuthnResponseValidationException + */ + private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException { + Logger.debug("Start PVP21 assertion processing... "); + Response samlResp = (Response) msg.getResponse(); + + // check SAML2 response status-code + if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + //validate PVP 2.1 assertion + samlVerificationEngine.validateAssertion(samlResp, true, + credentialProvider.getIDPAssertionEncryptionCredential(), + pendingReq.getAuthURL() + EidasCentralAuthConstants.ENDPOINT_METADATA, + EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING); + + msg.setSAMLMessage(SAML2Utils.asDOMDocument(samlResp).getDocumentElement()); + revisionsLogger.logEvent(pendingReq, + MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED, + samlResp.getID()); + return msg; + + } else { + Logger.info("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue() + + " from 'ms-specific eIDAS node'."); + revisionsLogger.logEvent(pendingReq, + MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR); + throw new AuthnResponseValidationException("sp.pvp2.05", + new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING, + samlResp.getIssuer().getValue(), + samlResp.getStatus().getStatusCode().getValue(), + samlResp.getStatus().getStatusMessage().getMessage()}); + + } + + } + +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthCredentialProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthCredentialProvider.java new file mode 100644 index 000000000..f2f8530f6 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthCredentialProvider.java @@ -0,0 +1,124 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; + +/** + * @author tlenz + * + */ +@Service("EidasCentralAuthCredentialProvider") +public class EidasCentralAuthCredentialProvider extends AbstractCredentialProvider { + + @Autowired AuthConfiguration authConfig; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath() + */ + @Override + public String getKeyStoreFilePath() throws ConfigurationException { + return FileUtils.makeAbsoluteURL( + authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTORE), + authConfig.getRootConfigFileDir()); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStorePassword() + */ + @Override + public String getKeyStorePassword() { + return authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getMetadataKeyAlias() + */ + @Override + public String getMetadataKeyAlias() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getMetadataKeyPassword() + */ + @Override + public String getMetadataKeyPassword() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getSignatureKeyAlias() + */ + @Override + public String getSignatureKeyAlias() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getSignatureKeyPassword() + */ + @Override + public String getSignatureKeyPassword() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getEncryptionKeyAlias() + */ + @Override + public String getEncryptionKeyAlias() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getEncryptionKeyPassword() + */ + @Override + public String getEncryptionKeyPassword() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getCredentialName() + */ + @Override + public String getFriendlyName() { + return "eIDAS centrial authentication"; + } + +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java new file mode 100644 index 000000000..5cee90658 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java @@ -0,0 +1,345 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils; + +import java.net.MalformedURLException; +import java.util.List; +import java.util.Timer; + +import javax.xml.namespace.QName; + +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.MOAHttpClient; +import org.apache.commons.httpclient.params.HttpClientParams; +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.RoleDescriptor; +import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.parse.BasicParserPool; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.IDestroyableObject; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ + +@Service("EidasCentralAuthMetadataProvider") +public class EidasCentralAuthMetadataProvider extends SimpleMetadataProvider + implements IDestroyableObject { + @Autowired(required=true) AuthConfiguration moaAuthConfig; + + private ChainingMetadataProvider metadataProvider = new ChainingMetadataProvider(); + private Timer timer = null; + + + public EidasCentralAuthMetadataProvider() { + metadataProvider.setRequireValidMetadata(true); + + } + + public void addMetadataWithMetadataURL(String metadataURL) throws MetadataProviderException { + internalInitialize(metadataURL); + + } + + public void destroy() { + fullyDestroy(); + + } + + + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#requireValidMetadata() + */ + @Override + public boolean requireValidMetadata() { + return metadataProvider.requireValidMetadata(); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#setRequireValidMetadata(boolean) + */ + @Override + public void setRequireValidMetadata(boolean requireValidMetadata) { + metadataProvider.setRequireValidMetadata(requireValidMetadata); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadataFilter() + */ + @Override + public MetadataFilter getMetadataFilter() { + return metadataProvider.getMetadataFilter(); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#setMetadataFilter(org.opensaml.saml2.metadata.provider.MetadataFilter) + */ + @Override + public void setMetadataFilter(MetadataFilter newFilter) throws MetadataProviderException { + Logger.fatal("Set Metadata Filter is not implemented her!"); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadata() + */ + @Override + public XMLObject getMetadata() throws MetadataProviderException { + return metadataProvider.getMetadata(); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getEntitiesDescriptor(java.lang.String) + */ + @Override + public EntitiesDescriptor getEntitiesDescriptor(String name) throws MetadataProviderException { + return metadataProvider.getEntitiesDescriptor(name); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getEntityDescriptor(java.lang.String) + */ + @Override + public EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException { + try { + //search if metadata is already loaded + EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID); + + if (entityDesc != null) + return entityDesc; + else + Logger.info("No ms-specific eIDAS node: " + entityID + " Starting refresh process ..."); + + } catch (MetadataProviderException e) { + Logger.info("Access ms-specific eIDAS node: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ..."); + + } + + //(re)initialize ms-specific eIDAS node + internalInitialize(entityID); + + //search again after reload (re)initialization + try { + EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID); + if (entityDesc == null) { + Logger.error("MS-specific eIDAS node Client ERROR: No EntityID with "+ entityID); + throw new MetadataProviderException("No EntityID with "+ entityID); + } + + return entityDesc; + + } catch (MetadataProviderException e) { + Logger.error("MS-specific eIDAS node Client ERROR: Metadata extraction FAILED.", e); + throw new MetadataProviderException("Metadata extraction FAILED", e); + + } + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName) + */ + @Override + public List<RoleDescriptor> getRole(String entityID, QName roleName) throws MetadataProviderException { + try { + //search if metadata is already loaded + List<RoleDescriptor> role = metadataProvider.getRole(entityID, roleName); + + if (role != null) + return role; + else + Logger.info("No ms-specific eIDAS node: " + entityID + " Starting refresh process ..."); + + } catch (MetadataProviderException e) { + Logger.info("Access ms-specific eIDAS node: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ..."); + + } + + //(re)initialize ms-specific eIDAS node + internalInitialize(entityID); + + //search again after reload (re)initialization + return metadataProvider.getRole(entityID, roleName); + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName, java.lang.String) + */ + @Override + public RoleDescriptor getRole(String entityID, QName roleName, String supportedProtocol) + throws MetadataProviderException { + try { + //search if metadata is already loaded + RoleDescriptor role = metadataProvider.getRole(entityID, roleName, supportedProtocol); + + if (role != null) + return role; + else + Logger.info("No ms-specific eIDAS node: " + entityID + " Starting refresh process ..."); + + } catch (MetadataProviderException e) { + Logger.info("Access ms-specific eIDAS node: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ..."); + + } + + //(re)initialize ms-specific eIDAS node + internalInitialize(entityID); + + //search again after reload (re)initialization + return metadataProvider.getRole(entityID, roleName, supportedProtocol); + } + + private synchronized void internalInitialize(String metdataURL) throws MetadataProviderException { + + //check if metadata with EntityID already exists in chaining metadata provider + boolean addNewMetadata = true; + try { + addNewMetadata = (metadataProvider.getEntityDescriptor(metdataURL) == null); + + } catch (MetadataProviderException e) {} + + //switch between metadata refresh and add new metadata + if (addNewMetadata) { + //Metadata provider seems not loaded --> Add new metadata provider + Logger.info("Initialize PVP MetadataProvider:" + metdataURL + " to connect ms-specific eIDAS node"); + + String trustProfileID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_TRUSTPROFILEID); + if (MiscUtil.isEmpty(trustProfileID)) { + Logger.error("Create ms-specific eIDAS node Client FAILED: No trustProfileID to verify PVP metadata." ); + throw new MetadataProviderException("No trustProfileID to verify PVP metadata."); + } + + //initialize Timer if it is null + if (timer == null) + timer = new Timer(true); + + //create metadata validation filter chain + MetadataFilterChain filter = new MetadataFilterChain(); + filter.addFilter(new SchemaValidationFilter(true)); + filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID)); + + MetadataProvider idpMetadataProvider = createNewSimpleMetadataProvider(metdataURL, + filter, + EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING, + timer, + new BasicParserPool(), + createHttpClient(metdataURL)); + + if (idpMetadataProvider == null) { + Logger.error("Create ms-specific eIDAS node Client FAILED."); + throw new MetadataProviderException("Can not initialize 'ms-specific eIDAS node' metadata provider."); + + } + + idpMetadataProvider.setRequireValidMetadata(true); + metadataProvider.addMetadataProvider(idpMetadataProvider); + + } else { + //Metadata provider seems already loaded --> start refresh process + List<MetadataProvider> loadedProvider = metadataProvider.getProviders(); + for (MetadataProvider el : loadedProvider) { + if (el instanceof HTTPMetadataProvider) { + HTTPMetadataProvider prov = (HTTPMetadataProvider)el; + if (prov.getMetadataURI().equals(metdataURL)) + prov.refresh(); + + } else + Logger.warn("'ms-specific eIDAS node' Metadata provider is not of Type 'HTTPMetadataProvider'! Something is suspect!!!!"); + + } + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.IDestroyableObject#fullyDestroy() + */ + @Override + public void fullyDestroy() { + Logger.info("Destroy 'ms-specific eIDAS node' PVP metadata pool ... "); + + if (metadataProvider != null) { + metadataProvider.destroy(); + + } + + if (timer != null) + timer.cancel(); + + } + + private HttpClient createHttpClient(String metadataURL) { + MOAHttpClient httpClient = new MOAHttpClient(); + HttpClientParams httpClientParams = new HttpClientParams(); + httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT); + httpClient.setParams(httpClientParams); + + if (metadataURL.startsWith("https:")) { + try { + //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getTrustedCACertificates(), + null, + AuthConfiguration.DEFAULT_X509_CHAININGMODE, + moaAuthConfig.isTrustmanagerrevoationchecking(), + moaAuthConfig.getRevocationMethodOrder(), + moaAuthConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); + + httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) { + Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + + } + } + + return httpClient; + + } +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java new file mode 100644 index 000000000..642008726 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java @@ -0,0 +1,45 @@ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils; + +import java.util.List; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.logging.Logger; + +public class Utils { + + public static String getCentraleIDASNodeEntityId(ISPConfiguration spConfiguration, IConfiguration authConfig) { + //load from service-provider configuration + String msNodeEntityID = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL); + + if (StringUtils.isEmpty(msNodeEntityID)) { + Logger.debug("No SP-specific central eIDAS-node URL. Switch to general configuration ... "); + if (authConfig instanceof AuthConfiguration) { + AuthConfiguration moaAuthConfig = (AuthConfiguration)authConfig; + List<String> configuratedEntityIDs = KeyValueUtils.getListOfCSVValues( + moaAuthConfig.getConfigurationWithKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL)); + + if (configuratedEntityIDs.size() > 0) + msNodeEntityID = configuratedEntityIDs.get(0); + else + Logger.info("No central eIDAS-node URL in IDP configuration. Switch to backup configuration ... "); + + } else + Logger.info("Basic configuration is NOT of type '" + AuthConfiguration.class.getName() + + "' Switch to generic Type ... "); + + + if (StringUtils.isEmpty(msNodeEntityID)) + msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID); + + } + + return msNodeEntityID; + } +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..5954455a4 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthSpringResourceProvider
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/eIDAS_central_node_auth.process.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/eIDAS_central_node_auth.process.xml new file mode 100644 index 000000000..02bf7bcad --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/eIDAS_central_node_auth.process.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<pd:ProcessDefinition id="centrialEidasAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> + + <pd:Task id="createEidasAuthnRequest" class="CreateEidasCentrialAuthnRequestTask" /> + <pd:Task id="receiveEidasAuthnResponse" class="ReceiveEidasCentrialAuthnResponseTask" async="true" /> + <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> + + <pd:StartEvent id="start" /> + + <pd:Transition from="start" to="createEidasAuthnRequest" /> + <pd:Transition from="createEidasAuthnRequest" to="receiveEidasAuthnResponse"/> + <pd:Transition from="receiveEidasAuthnResponse" to="finalizeAuthentication"/> + <pd:Transition from="finalizeAuthentication" to="end" /> + + <pd:EndEvent id="end" /> + +</pd:ProcessDefinition>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml new file mode 100644 index 000000000..f57d4a94b --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml @@ -0,0 +1,43 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + +<!-- Federated authentication services --> + <bean id="EidasCentralAuthCredentialProvider" + class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider"/> + + <bean id="EidasCentralAuthMetadataController" + class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller.EidasCentralAuthMetadataController"/> + + <bean id="EidasCentralAuthModuleImpl" + class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthModuleImpl"> + <property name="priority" value="2" /> + </bean> + + <bean id="EidasCentralAuthSignalController" + class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller.EidasCentralAuthSignalController"/> + + <bean id="EidasCentralAuthMetadataProvider" + class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider" /> + + <bean id="pvpAuthnRequestBuilder" + class="at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder" /> + +<!-- Federated Authentication Process Tasks --> + <bean id="CreateEidasCentrialAuthnRequestTask" + class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.tasks.CreateAuthnRequestTask" + scope="prototype"/> + + <bean id="ReceiveEidasCentrialAuthnResponseTask" + class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.tasks.ReceiveAuthnResponseTask" + scope="prototype"/> + +</beans>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java index 0cef4cb41..b17f0c121 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java @@ -29,13 +29,13 @@ import javax.annotation.PostConstruct; import org.springframework.beans.factory.annotation.Autowired; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks.FirstBKAMobileAuthTask; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; -import at.gv.egovernment.moa.id.moduls.AuthenticationManager; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -45,19 +45,20 @@ import at.gv.egovernment.moa.util.MiscUtil; */ public class BKAMobileAuthModule implements AuthModule { - private int priority = 1; + private int priority = 2; @Autowired(required=true) protected AuthConfiguration authConfig; - @Autowired(required=true) private AuthenticationManager authManager; + @Autowired(required=true) private IAuthenticationManager authManager; private List<String> uniqueIDsDummyAuthEnabled = new ArrayList<String>(); + private String noAuthHeaderValue = null; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() */ @Override public int getPriority() { - return priority; + return priority; } /** @@ -67,11 +68,13 @@ public class BKAMobileAuthModule implements AuthModule { public void setPriority(int priority) { this.priority = priority; } - @PostConstruct public void initialDummyAuthWhiteList() { - String sensitiveSpIdentifier = authConfig.getBasicMOAIDConfiguration("modules.bkamobileAuth.entityID"); + String sensitiveSpIdentifier = authConfig.getBasicConfiguration("modules.bkamobileAuth.entityID"); + noAuthHeaderValue = authConfig.getBasicConfiguration("modules.bkamobileAuth.noAuthHeaderValue", "0"); + Logger.info("Dummy authentication is sensitive on 'X-MOA-VDA' value: " + noAuthHeaderValue); + if (MiscUtil.isNotEmpty(sensitiveSpIdentifier)) { uniqueIDsDummyAuthEnabled.addAll(KeyValueUtils.getListOfCSVValues(sensitiveSpIdentifier)); @@ -84,6 +87,8 @@ public class BKAMobileAuthModule implements AuthModule { //parameter to whiteList authManager.addParameterNameToWhiteList(FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW); +// authManager.addHeaderNameToWhiteList("SL2ClientType"); +// authManager.addHeaderNameToWhiteList("X-MOA-VDA"); } /* (non-Javadoc) @@ -91,13 +96,23 @@ public class BKAMobileAuthModule implements AuthModule { */ @Override public String selectProcess(ExecutionContext context) { - String spEntityID = (String) context.get(MOAIDAuthConstants.PROCESSCONTEXT_UNIQUE_OA_IDENTFIER); - if (MiscUtil.isNotEmpty(spEntityID)) { - if (uniqueIDsDummyAuthEnabled.contains(spEntityID)) { + String spEntityID = (String) context.get(EAAFConstants.PROCESS_ENGINE_SERVICE_PROVIDER_ENTITYID); + String sl20ClientTypeHeader = (String) context.get("SL2ClientType".toLowerCase()); + String sl20VDATypeHeader = (String) context.get("X-MOA-VDA".toLowerCase()); + if (MiscUtil.isNotEmpty(spEntityID)) { + Logger.trace("Check dummy-auth for SP: " + spEntityID); + + + if ( (uniqueIDsDummyAuthEnabled.contains(spEntityID))) { String eIDBlob = (String)context.get(FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW); if (eIDBlob != null && MiscUtil.isNotEmpty(eIDBlob.trim())) { return "BKAMobileAuthentication"; + } else if (MiscUtil.isNotEmpty(sl20ClientTypeHeader) + && MiscUtil.isNotEmpty(sl20VDATypeHeader) && sl20VDATypeHeader.equals(noAuthHeaderValue)) { + Logger.info("Find dummy-auth request for oe.gv.at demos ... "); + return "BKAMobileAuthentication"; + } else { Logger.debug("Dummy-auth are enabled for " + spEntityID + " but no '" + FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW + "' req. parameter available."); diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java index 43043ddd6..0cbf009ad 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java @@ -53,16 +53,16 @@ import com.google.gson.JsonObject; import com.google.gson.JsonParseException; import com.google.gson.JsonParser; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; @@ -88,9 +88,9 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { private static final String EIDCONTAINER_KEY_SALT = "salt"; private static final String EIDCONTAINER_KEY_IV = "iv"; private static final String EIDCONTAINER_EID = "eid"; - private static final String EIDCONTAINER_KEY_IDL = "idl"; + private static final String EIDCONTAINER_KEY_IDL = "idl"; private static final String EIDCONTAINER_KEY_BINDINGCERT = "cert"; - + public static final String REQ_PARAM_eID_BLOW = "eidToken"; @Autowired(required=true) private AuthConfiguration authConfig; @@ -111,7 +111,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { throw new MOAIDException("NO eID data blob included!", null); } - parseDemoValuesIntoMOASession(pendingReq, pendingReq.getMOASession(), eIDBlobRawB64); + parseDemoValuesIntoMOASession(pendingReq, eIDBlobRawB64); } catch (MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); @@ -133,7 +133,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { * @throws MOAIDException * @throws IOException */ - private void parseDemoValuesIntoMOASession(IRequest pendingReq, IAuthenticationSession moaSession, String eIDBlobRawB64) throws MOAIDException, IOException { + private void parseDemoValuesIntoMOASession(IRequest pendingReq, String eIDBlobRawB64) throws MOAIDException, IOException { Logger.debug("Check eID blob signature ... "); byte[] eIDBlobRaw = Base64Utils.decode(eIDBlobRawB64.trim(), false); @@ -201,14 +201,14 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { Logger.debug("Parse eID information into MOA-Session ..."); byte[] rawIDL = Base64Utils.decode(idlB64, false); IIdentityLink identityLink = new IdentityLinkAssertionParser(new ByteArrayInputStream(rawIDL)).parseIdentityLink(); + AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); moaSession.setIdentityLink(identityLink); moaSession.setUseMandates(false); moaSession.setForeigner(false); moaSession.setBkuURL("http://egiz.gv.at/BKA_MobileAuthTest"); - moaSession.setQAALevel(PVPConstants.STORK_QAA_1_3); + moaSession.setQAALevel(PVPConstants.EIDAS_QAA_SUBSTANTIAL); Logger.info("Session Restore completed"); - - + } catch (MOAIDException e) { throw e; @@ -243,7 +243,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { } private SecretKey generateDecryptionKey(byte[] salt) throws MOAIDException { - String decryptionPassPhrase = authConfig.getBasicMOAIDConfiguration(CONF_EID_TOKEN_ENCRYPTION_KEY, "DEFAULTPASSWORD"); + String decryptionPassPhrase = authConfig.getBasicConfiguration(CONF_EID_TOKEN_ENCRYPTION_KEY, "DEFAULTPASSWORD"); try { SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); KeySpec spec = new PBEKeySpec(decryptionPassPhrase.toCharArray(), salt, 2000, 128); @@ -276,7 +276,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { } SignerInfo signerInfos = verifySigResult.getSignerInfo(); DateTime date = new DateTime(signerInfos.getSigningTime().getTime()); - Integer signingTimeJitter = Integer.valueOf(authConfig.getBasicMOAIDConfiguration(CONF_SIGNING_TIME_JITTER, "5")); + Integer signingTimeJitter = Integer.valueOf(authConfig.getBasicConfiguration(CONF_SIGNING_TIME_JITTER, "5")); if (date.plusMinutes(signingTimeJitter).isBeforeNow()) { Logger.warn("CMS signature-time is before: " + date.plusMinutes(signingTimeJitter)); throw new MOAIDException("CMS signature-time is before: " + date.plusMinutes(signingTimeJitter), null); @@ -290,7 +290,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { cmsSigVerifyReq.setSignatories(VerifyCMSSignatureRequestImpl.ALL_SIGNATORIES); cmsSigVerifyReq.setExtended(false); cmsSigVerifyReq.setPDF(false); - cmsSigVerifyReq.setTrustProfileId(authConfig.getBasicMOAIDConfiguration(CONF_MOASPSS_TRUSTPROFILE, "!!NOT SET!!!")); + cmsSigVerifyReq.setTrustProfileId(authConfig.getBasicConfiguration(CONF_MOASPSS_TRUSTPROFILE, "!!NOT SET!!!")); cmsSigVerifyReq.setCMSSignature(new ByteArrayInputStream(eIDBlobRaw)); return cmsSigVerifyReq; } diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java index 4b18e7112..bb5700bd7 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java @@ -29,20 +29,23 @@ import java.net.URL; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; /** * @author tlenz @@ -50,17 +53,19 @@ import at.gv.egovernment.moa.util.FileUtils; */ @Component("SecondBKAMobileAuthTask") public class SecondBKAMobileAuthTask extends AbstractAuthServletTask { - + + @Autowired AuthConfiguration moaAuthConfig; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - + try { Logger.info("Add user credentials for BKA MobileAuth SAML2 test and finalize authentication"); - parseDemoValuesIntoMOASession(pendingReq, pendingReq.getMOASession()); + parseDemoValuesIntoMOASession(pendingReq); // store MOASession into database requestStoreage.storePendingRequest(pendingReq); @@ -78,27 +83,29 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask { * @param pendingReq * @param moaSession * @throws MOAIDException + * @throws EAAFStorageException */ - private void parseDemoValuesIntoMOASession(IRequest pendingReq, IAuthenticationSession moaSession) throws MOAIDException { + private void parseDemoValuesIntoMOASession(IRequest pendingReq) throws MOAIDException, EAAFStorageException { + AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); moaSession.setUseMandates(false); moaSession.setForeigner(false); moaSession.setBkuURL("http://egiz.gv.at/BKA_MobileAuthTest"); - moaSession.setQAALevel(PVPConstants.STORK_QAA_1_4); + moaSession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH); try { - String idlurl = FileUtils.makeAbsoluteURL(authConfig.getMonitoringTestIdentityLinkURL(), authConfig.getRootConfigFileDir()); + String idlurl = FileUtils.makeAbsoluteURL(moaAuthConfig.getMonitoringTestIdentityLinkURL(), moaAuthConfig.getRootConfigFileDir()); URL keystoreURL = new URL(idlurl); InputStream idlstream = keystoreURL.openStream(); IIdentityLink identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink(); moaSession.setIdentityLink(identityLink); - + } catch (ParseException | IOException e) { Logger.error("IdentityLink is not parseable.", e); throw new MOAIDException("IdentityLink is not parseable.", null); } - + } } diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml index 6f41f347a..07faeae88 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml @@ -5,17 +5,17 @@ STORK authentication both with C-PEPS supporting xml signatures and with C-PEPS not supporting xml signatures. --> <pd:Task id="firstStep" class="FirstBKAMobileAuthTask" /> - <pd:Task id="secondStep" class="SecondBKAMobileAuthTask" async="true" /> - <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> + <pd:Task id="secondStep" class="SecondBKAMobileAuthTask" /> + <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> <!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. --> <pd:StartEvent id="start" /> - <pd:Transition from="start" to="firstStep" /> - <!-- pd:Transition from="firstStep" to="secondStep"/> - <pd:Transition from="secondStep" to="finalizeAuthentication" /--> - - <pd:Transition from="firstStep" to="finalizeAuthentication" /> + <pd:Transition from="start" to="secondStep" /> + <pd:Transition from="secondStep" to="finalizeAuthentication" /> + +<!-- <pd:Transition from="firstStep" to="secondStep"/> --> + <!-- <pd:Transition from="firstStep" to="finalizeAuthentication" /> --> <pd:Transition from="finalizeAuthentication" to="end" /> diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml index ef13b0348..79f29e08c 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml @@ -10,7 +10,7 @@ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> <bean id="BKAMobileAuthModule" class="at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.BKAMobileAuthModule"> - <property name="priority" value="1" /> + <property name="priority" value="4" /> </bean> diff --git a/id/server/modules/moa-id-module-eIDAS-v2/pom.xml b/id/server/modules/moa-id-module-eIDAS-v2/pom.xml new file mode 100644 index 000000000..2ad14a24f --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/pom.xml @@ -0,0 +1,82 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-modules</artifactId> + <version>${moa-id-version}</version> + </parent> + <artifactId>moa-id-module-eIDAS-v2</artifactId> + <name>MOA-ID eIDAS module v2</name> + <description>eIDAS module based on eIDAS node reference implementation v2.x</description> + + <properties> + <repositoryPath>${basedir}/../../../../repository</repositoryPath> + + <eidas-commons.version>2.0.0</eidas-commons.version> + <eidas-light-commons.version>2.0.0</eidas-light-commons.version> + <eidas-specific-communication-definition.version>2.0.0</eidas-specific-communication-definition.version> + + </properties> + <profiles> + <profile> + <id>default</id> + <activation> + <activeByDefault>true</activeByDefault> + </activation> + <repositories> + <repository> + <id>local</id> + <name>local</name> + <url>file:${basedir}/../../../../repository</url> + </repository> + <repository> + <id>egiz-commons</id> + <url>https://demo.egiz.gv.at/int-repo/</url> + <releases> + <enabled>true</enabled> + </releases> + </repository> + </repositories> + </profile> + </profiles> + + <dependencies> + <dependency> + <groupId>MOA.id.server</groupId> + <artifactId>moa-id-lib</artifactId> + </dependency> + + + + <!-- eIDAS reference implemenation libs --> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-commons</artifactId> + <version>${eidas-commons.version}</version> + <!--scope>provided</scope--> + <exclusions> + <exclusion> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </exclusion> + <exclusion> + <artifactId>log4j-over-slf4j</artifactId> + <groupId>org.slf4j</groupId> + </exclusion> + </exclusions> + </dependency> + + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-light-commons</artifactId> + <version>${eidas-light-commons.version}</version> + </dependency> + + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-specific-communication-definition</artifactId> + <version>${eidas-specific-communication-definition.version}</version> + </dependency> + + </dependencies> +</project>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/Constants.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/Constants.java new file mode 100644 index 000000000..ca62319f3 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/Constants.java @@ -0,0 +1,44 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas_v2; + +import java.net.URI; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +public class Constants { + //TODO: update endpoints + + //configuration properties + public static final String CONIG_PROPS_EIDAS_PREFIX="moa.id.protocols.eIDAS"; + public static final String CONIG_PROPS_EIDAS_NODE= CONIG_PROPS_EIDAS_PREFIX + ".node_v2"; + public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = CONIG_PROPS_EIDAS_NODE + ".countrycode"; + + + //http endpoint descriptions + public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/light/sp/post"; + public static final String eIDAS_HTTP_ENDPOINT_SP_REDIRECT = "/eidas/light/sp/redirect"; + public static final String eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST = "/eidas/light/ColleagueRequest"; + public static final String eIDAS_HTTP_ENDPOINT_METADATA = "/eidas/light/metadata"; + + //eIDAS request parameters + public static final String eIDAS_REQ_NAMEID_FORMAT = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"; + + //eIDAS attribute names + public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier"; + public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth"; + public static final String eIDAS_ATTR_CURRENTGIVENNAME = "FirstName"; + public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName"; + public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier"; + public static final String eIDAS_ATTR_LEGALNAME = "LegalName"; + + public static final List<URI> NATURALPERSONMINIMUMDATASETLIST = Collections.unmodifiableList(new ArrayList<URI>() { + private static final long serialVersionUID = 1L; + { + //TODO: find correct location of attribute definitions +// add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_FAMILY_NAME.getNameUri()); +// add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_GIVEN_NAME.getNameUri()); +// add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.DATE_OF_BIRTH.getNameUri()); +// add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PERSON_IDENTIFIER.getNameUri()); + } + }); +} diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationModulImpl.java new file mode 100644 index 000000000..6883e0cb5 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationModulImpl.java @@ -0,0 +1,72 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidas_v2; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; + +/** + * @author tlenz + * + */ +public class eIDASAuthenticationModulImpl implements AuthModule { + + private int priority = 1; + + @Override + public int getPriority() { + return priority; + } + + /** + * Sets the priority of this module. Default value is {@code 0}. + * @param priority The priority. + */ + public void setPriority(int priority) { + this.priority = priority; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context) { + if (StringUtils.isNotBlank((String) context.get("ccc")) || + StringUtils.isNotBlank((String) context.get("CCC"))) + return "eIDASAuthentication_v2"; + else + return null; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDAS.Authentication.process.xml" }; + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationSpringResourceProvider.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationSpringResourceProvider.java new file mode 100644 index 000000000..fb3b7fc24 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationSpringResourceProvider.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas_v2; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +public class eIDASAuthenticationSpringResourceProvider implements SpringResourceProvider { + + @Override + public String getName() { + return "MOA-ID eIDAS-Authentication SpringResourceProvider"; + } + + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Resource[] getResourcesToLoad() { + ClassPathResource eIDASAuthConfig = new ClassPathResource("/moaid_eidas_v2_auth.beans", eIDASAuthenticationSpringResourceProvider.class); + + return new Resource[] {eIDASAuthConfig}; + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASSignalServlet.java new file mode 100644 index 000000000..9a98c1ae1 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASSignalServlet.java @@ -0,0 +1,88 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidas_v2; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringEscapeUtils; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Controller +public class eIDASSignalServlet extends AbstractProcessEngineSignalController { + + public eIDASSignalServlet() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + + " with mappings '"+ Constants.eIDAS_HTTP_ENDPOINT_SP_POST + + "' and '"+ Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT + "'."); + + } + + @RequestMapping(value = { Constants.eIDAS_HTTP_ENDPOINT_SP_POST, + Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT + }, + method = {RequestMethod.POST, RequestMethod.GET}) + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + signalProcessManagement(req, resp); + } + + @Override + /** + * Protocol specific implementation to get the pending-requestID + * from http request object + * + * @param request The http Servlet-Request object + * @return The Pending-request id + * + */ + public String getPendingRequestId(HttpServletRequest request) { + String sessionId = super.getPendingRequestId(request); + + try { + + // use SAML2 relayState + if (sessionId == null) { + sessionId = StringEscapeUtils.escapeHtml(request.getParameter("RelayState")); + } else + Logger.warn("No parameter 'SAMLResponse'. Unable to retrieve MOA session id."); + + } catch (Exception e) { + Logger.warn("Unable to retrieve moa session id.", e); + } + + return sessionId; + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/CreateIdentityLinkTask.java new file mode 100644 index 000000000..b0add27ba --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/CreateIdentityLinkTask.java @@ -0,0 +1,180 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidas_v2.tasks; + +import java.io.InputStream; +import java.text.SimpleDateFormat; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.joda.time.DateTime; +import org.springframework.stereotype.Component; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; +import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; +import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException; +import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; + +/** + * @author tlenz + * + */ +@Component("CreateIdentityLinkTask") +public class CreateIdentityLinkTask extends AbstractAuthServletTask { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, + HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try{ + defaultTaskInitialization(request, executionContext); + + //get eIDAS attributes from MOA-Session + ImmutableAttributeMap eIDASAttributes = moasession.getGenericDataFromSession( + AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, + ImmutableAttributeMap.class); + + IIdentityLink identityLink = null; + + //connect SZR-Gateway + //TODO: implement SZR-Gateway communication!!!! + if(true) { + + // create fake IdL + // - fetch IdL template from resources + InputStream s = CreateIdentityLinkTask.class.getResourceAsStream("/resources/xmldata/fakeIdL_IdL_template.xml"); + Element idlTemplate = DOMUtils.parseXmlValidating(s); + + identityLink = new IdentityLinkAssertionParser(idlTemplate).parseIdentityLink(); + + // replace data + Element idlassertion = identityLink.getSamlAssertion(); + + // - set fake baseID; + Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + + + Object eIdentifier = eIDASAttributes.getFirstValue( + SAMLEngineUtils.getMapOfAllAvailableAttributes().get( + Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); + if (eIdentifier == null || !(eIdentifier instanceof String)) + throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + prIdentification.getFirstChild().setNodeValue((String) eIdentifier); + + //build personal identifier which looks like a baseID +// String fakeBaseID = new BPKBuilder().buildBPK(eIdentifier, "baseID"); +// Logger.info("Map eIDAS eIdentifier:" + eIdentifier + " to fake baseID:" + fakeBaseID); +// prIdentification.getFirstChild().setNodeValue(fakeBaseID); + + // - set last name + Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH); + Object familyName = eIDASAttributes.getFirstValue( + SAMLEngineUtils.getMapOfAllAvailableAttributes().get( + Constants.eIDAS_ATTR_CURRENTFAMILYNAME)); + if (familyName == null || !(familyName instanceof String)) + throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); + prFamilyName.getFirstChild().setNodeValue((String) familyName); + + // - set first name + Node prGivenName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH); + Object givenName = eIDASAttributes.getFirstValue( + SAMLEngineUtils.getMapOfAllAvailableAttributes().get( + Constants.eIDAS_ATTR_CURRENTGIVENNAME)); + if (givenName == null || !(givenName instanceof String)) + throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); + prGivenName.getFirstChild().setNodeValue((String) givenName); + + // - set date of birth + Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH); + Object dateOfBirth = eIDASAttributes.getFirstValue( + SAMLEngineUtils.getMapOfAllAvailableAttributes().get( + Constants.eIDAS_ATTR_DATEOFBIRTH)); + if (dateOfBirth == null || !(dateOfBirth instanceof DateTime)) + throw new eIDASAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); + + String formatedDateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(((DateTime)dateOfBirth).toDate()); + prDateOfBirth.getFirstChild().setNodeValue(formatedDateOfBirth); + + identityLink = new IdentityLinkAssertionParser(idlassertion).parseIdentityLink(); + + //resign IDL + IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); + Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), authConfig.getStorkFakeIdLResigningKey()); + identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink(); + + } else { + //contact SZR Gateway + Logger.debug("Starting connecting SZR Gateway"); + + //TODO:!!!!!! + + } + + Logger.debug("SZR communication was successfull"); + + if (identityLink == null) { + Logger.error("SZR Gateway did not return an identity link."); + throw new MOAIDException("stork.10", null); + } + + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED); + moasession.setForeigner(true); + moasession.setIdentityLink(identityLink); + moasession.setBkuURL("Not applicable (eIDASAuthentication)"); + + //store MOA-session to database + requestStoreage.storePendingRequest(pendingReq); + + } catch (eIDASAttributeException e) { + throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e); + + } catch (MOAIDException | MOADatabaseException e) { + throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + + } catch (Exception e) { + Logger.error("IdentityLink generation for foreign person FAILED.", e); + throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + + } + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/GenerateAuthnRequestTask.java new file mode 100644 index 000000000..08496afcc --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/GenerateAuthnRequestTask.java @@ -0,0 +1,333 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidas_v2.tasks; + +import java.io.StringWriter; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; +import java.util.UUID; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.BooleanUtils; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; +import org.springframework.util.StringUtils; + +import com.google.common.net.MediaType; + +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; +import at.gv.egovernment.moa.id.auth.modules.eidas_v2.Constants; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.data.CPEPS; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; +import eu.eidas.auth.commons.EidasStringUtil; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.AttributeDefinition.Builder; +import eu.eidas.auth.commons.light.impl.LightRequest; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.protocol.IRequestMessage; +import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance; +import eu.eidas.auth.commons.protocol.eidas.LevelOfAssuranceComparison; +import eu.eidas.auth.commons.protocol.eidas.SpType; +import eu.eidas.auth.commons.protocol.eidas.impl.EidasAuthenticationRequest; + +/** + * @author tlenz + * + */ +@Component("GenerateAuthnRequestTask") +public class GenerateAuthnRequestTask extends AbstractAuthServletTask { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, + HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + + try{ + //get service-provider configuration + IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration(); + + // get target and validate citizen countryCode + String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC); + + if (StringUtils.isEmpty(citizenCountryCode)) { + // illegal state; task should not have been executed without a selected country + throw new AuthenticationException("eIDAS.03", new Object[] { "" }); + + } + CPEPS cpeps = authConfig.getStorkConfig().getCPEPSWithFullName(citizenCountryCode); + if(null == cpeps) { + Logger.error("PEPS unknown for country: " + citizenCountryCode); + throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode}); + } + Logger.debug("Found eIDaS Node/C-PEPS configuration for citizen of country: " + citizenCountryCode); + + + //TODO: load authnReq End-Point URL from configuration + SingleSignOnService authnReqEndpoint = null; + + + //TODO: switch to entityID and set new status codes +// revisionsLogger.logEvent(oaConfig, pendingReq, +// MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED, +// metadataUrl); + + // assemble requested attributes + Collection<StorkAttribute> attributesFromConfig = oaConfig.getRequestedSTORKAttributes(); + + // - prepare attribute list + + // - fill container + List<AttributeDefinition<?>> reqAttrList = new ArrayList<AttributeDefinition<?>>(); + //TODO: update requested attribute builder +// for (StorkAttribute current : attributesFromConfig) { +// AttributeDefinition<?> newAttribute = SAMLEngineUtils.getMapOfAllAvailableAttributes().get(current.getName()); +// +// if (newAttribute == null) { +// Logger.warn("eIDAS attribute with friendlyName:" + current.getName() + " is not supported."); +// +// } else { +// boolean globallyMandatory = false; +// for (StorkAttribute currentGlobalAttribute : authConfig.getStorkConfig().getStorkAttributes()) +// if (current.getName().equals(currentGlobalAttribute.getName())) { +// globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory()); +// break; +// } +// +// Builder<?> attrBuilder = AttributeDefinition.builder(newAttribute).required(current.getMandatory() || globallyMandatory); +// reqAttrList.add(attrBuilder.build()); +// +// } +// } + + //request +// if (reqAttrList.isEmpty()) { +// Logger.info("No attributes requested by OA:" + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() +// + " --> Request attr:" + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + " by default"); +// AttributeDefinition<?> newAttribute = SAMLEngineUtils.getMapOfAllAvailableAttributes().get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); +// Builder<?> attrBuilder = AttributeDefinition.builder(newAttribute).required(true); +// reqAttrList.add(attrBuilder.build()); +// +// } + + //build requested attribute set + ImmutableAttributeMap reqAttrMap = new ImmutableAttributeMap.Builder().putAll(reqAttrList).build(); + + //build eIDAS AuthnRequest + LightRequest.Builder authnRequestBuilder = LightRequest.builder(); + + authnRequestBuilder.id(UUID.randomUUID().toString()); + authnRequestBuilder.providerName(pendingReq.getAuthURL()); + String issur = pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA; + authnRequestBuilder.issuer(issur); + + //TODO: + //authnRequestBuilder.destination(authnReqEndpoint.getLocation()); + + + authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT); + + //set minimum required eIDAS LoA from OA config + String LoA = oaConfig.getQaaLevel(); + //TODO: +// if (MiscUtil.isNotEmpty(LoA)) +// authnRequestBuilder.levelOfAssurance(LevelOfAssurance.fromString(oaConfig.getQaaLevel())); +// else + authnRequestBuilder.levelOfAssurance(LevelOfAssurance.HIGH.getValue()); + + //TODO: check if required + //authnRequestBuilder.levelOfAssuranceComparison(LevelOfAssuranceComparison.MINIMUM); + + + //set correct SPType for this online application + if (oaConfig.hasBaseIdTransferRestriction()) + authnRequestBuilder.spType(SpType.PRIVATE.getValue()); + else + authnRequestBuilder.spType(SpType.PUBLIC.getValue()); + + + //TODO + //set service provider (eIDAS node) countryCode +// authnRequestBuilder.serviceProviderCountryCode( +// authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT")); + + //set citizen country code for foreign uses + authnRequestBuilder.citizenCountryCode(cpeps.getCountryCode()); + + //add requested attributes + authnRequestBuilder.requestedAttributes(reqAttrMap); + + + LightRequest lightAuthnReq = authnRequestBuilder.build(); + + + + //IRequestMessage authnRequest = engine.generateRequestMessage(authnRequestBuilder.build(), issur); + + //encode AuthnRequest +// byte[] token = authnRequest.getMessageBytes(); +// String SAMLRequest = EidasStringUtil.encodeToBase64(token); + + +// if (SAMLConstants.SAML2_POST_BINDING_URI.equals(authnReqEndpoint.getBinding())) +// buildPostBindingRequest(pendingReq, authnReqEndpoint, SAMLRequest, authnRequest, response); +// +// //TODO: redirect Binding is not completely implemented +// //else if (SAMLConstants.SAML2_REDIRECT_BINDING_URI.equals(authnReqEndpoint.getBinding())) +// //buildRedirecttBindingRequest(pendingReq, authnReqEndpoint, token, authnRequest, response); +// +// else { +// Logger.error("eIDAS-node use an unsupported binding (" +// + authnReqEndpoint.getBinding() + "). Request eIDAS node not possible."); +// throw new MOAIDException("eIDAS.02", new Object[]{"eIDAS-node use an unsupported binding"}); +// +// } + + + +// }catch (EIDASSAMLEngineException e){ +// throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", +// new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e)); + + } catch (MOAIDException e) { + throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", e); + + } catch (Exception e) { + Logger.error("eIDAS AuthnRequest generation FAILED.", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + } + + /** + * Encode the eIDAS request with POST binding + * + * @param pendingReq + * @param authnReqEndpoint + * @param SAMLRequest + * @param authnRequest + * @param response + * @throws MOAIDException + */ + private void buildPostBindingRequest(IRequest pendingReq, SingleSignOnService authnReqEndpoint, + String SAMLRequest, IRequestMessage authnRequest, HttpServletResponse response) + throws MOAIDException { + //send + try { + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/eidas_postbinding_template.vm"); + VelocityContext context = new VelocityContext(); + + String actionType = "SAMLRequest"; + context.put(actionType, SAMLRequest); + context.put("RelayState", pendingReq.getRequestID()); + context.put("action", authnReqEndpoint.getLocation()); + + Logger.debug("Using SingleSignOnService url as action: " + authnReqEndpoint.getLocation()); + Logger.debug("Encoded " + actionType + " original: " + SAMLRequest); + + Logger.trace("Starting template merge"); + StringWriter writer = new StringWriter(); + + Logger.trace("Doing template merge"); + template.merge(context, writer); + + Logger.trace("Template merge done"); + Logger.trace("Sending html content: " + writer.getBuffer().toString()); + + + byte[] content = writer.getBuffer().toString().getBytes("UTF-8"); + response.setContentType(MediaType.HTML_UTF_8.toString()); + response.setContentLength(content.length); + response.getOutputStream().write(content); + + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED, + authnRequest.getRequest().getId()); + + } catch (Exception e) { + Logger.error("Velocity general error: " + e.getMessage()); + throw new MOAIDException("eIDAS.02", new Object[]{e.getMessage()}, e); + + } + + } + + /** + * Select a SingleSignOnService endPoint from eIDAS node metadata. + * This endPoint receives the Authn. request + * + * @param idpEntity + * @return + */ + private SingleSignOnService selectSingleSignOnServiceFromMetadata(EntityDescriptor idpEntity) { + //select SingleSignOn Service endpoint from IDP metadata + SingleSignOnService endpoint = null; + if (idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) == null) { + return null; + + } + + for (SingleSignOnService sss : + idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { + + // use POST binding as default if it exists + if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) + endpoint = sss; + + //TODO: redirect Binding is not completely implemented + // use Redirect binding as backup +// else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) +// && endpoint == null ) +// endpoint = sss; + + } + + return endpoint; + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/ReceiveAuthnResponseTask.java new file mode 100644 index 000000000..03e345b43 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/ReceiveAuthnResponseTask.java @@ -0,0 +1,141 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas_v2.tasks; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.saml2.core.StatusCode; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; +import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; +import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; +import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; +import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASResponseNotSuccessException; +import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.protocols.eidas.validator.eIDASResponseValidator; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; +import eu.eidas.auth.commons.EidasStringUtil; +import eu.eidas.auth.commons.protocol.IAuthenticationResponse; +import eu.eidas.auth.engine.ProtocolEngineI; +import eu.eidas.engine.exceptions.EIDASSAMLEngineException; + +@Component("ReceiveAuthnResponseTask") +public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { + + @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { + + try{ + //get SAML Response + String base64SamlToken = request.getParameter("SAMLResponse"); + if (MiscUtil.isEmpty(base64SamlToken)) { + Logger.warn("No eIDAS SAMLReponse found in http request."); + throw new MOAIDException("HTTP request includes no eIDAS SAML-Response element.", null); + + } + + //get MOASession + defaultTaskInitialization(request, executionContext); + + //decode SAML response + byte[] decSamlToken = EidasStringUtil.decodeBytesFromBase64(base64SamlToken); + + //get eIDAS SAML-engine + ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider); + + //validate SAML token + IAuthenticationResponse samlResp = engine.unmarshallResponseAndValidate(decSamlToken, + request.getRemoteHost(), + Constants.CONFIG_PROPS_SKEWTIME_BEFORE, + Constants.CONFIG_PROPS_SKEWTIME_AFTER, + pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA); + + if (samlResp.isEncrypted()) { + Logger.info("Received encrypted eIDAS SAML-Response."); + //TODO: check if additional decryption operation is required + + } + + + //check response StatusCode + if (!samlResp.getStatusCode().equals(StatusCode.SUCCESS_URI)) { + Logger.info("Receice eIDAS Response with StatusCode:" + samlResp.getStatusCode() + + " Subcode:" + samlResp.getSubStatusCode() + " Msg:" + samlResp.getStatusMessage()); + throw new EIDASResponseNotSuccessException("eIDAS.11", new Object[]{samlResp.getStatusMessage()}); + + } + + // ********************************************************** + // ******* MOA-ID specific response validation ********** + // ********************************************************** + String spCountry = authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"); + eIDASResponseValidator.validateResponse(pendingReq, samlResp, spCountry); + + + // ********************************************************** + // ******* Store resonse infos into session object ********** + // ********************************************************** + + //update MOA-Session data with received information + Logger.debug("Store eIDAS response information into MOA-session."); + + moasession.setQAALevel(samlResp.getLevelOfAssurance()); + + moasession.setGenericDataToSession( + AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, + samlResp.getAttributes()); + + moasession.setGenericDataToSession( + AuthenticationSessionStorageConstants.eIDAS_RESPONSE, + decSamlToken); + + //set issuer nation as PVP attribute into MOASession + moasession.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry()); + + //store MOA-session to database + requestStoreage.storePendingRequest(pendingReq); + + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED, + samlResp.getId()); + + } catch (MOAIDException e) { + throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e); + + }catch (EIDASSAMLEngineException e) { + Logger.warn("eIDAS Response validation FAILED.", e); + Logger.debug("eIDAS response was: " + request.getParameter("SAMLResponse")); + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); + throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", + new EIDASEngineException("eIDAS.09", new Object[]{e.getMessage()}, e)); + + } catch (MOADatabaseException e) { + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); + throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", + new MOAIDException("init.04", new Object[]{""}, e)); + + } catch (Exception e) { + Logger.warn("eIDAS Response processing FAILED.", e); + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); + throw new TaskExecutionException(pendingReq, e.getMessage(), + new MOAIDException("eIDAS.10", new Object[]{e.getMessage()}, e)); + + } + + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..8b97063bd --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.eidas_v2.eIDASAuthenticationSpringResourceProvider
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDAS.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDAS.Authentication.process.xml new file mode 100644 index 000000000..94b23314a --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDAS.Authentication.process.xml @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="UTF-8"?> +<pd:ProcessDefinition id="eIDASAuthentication_v2" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> + + + <pd:Task id="createAuthnRequest" class="GenerateAuthnRequestTask" /> + <pd:Task id="receiveAuthnResponse" class="ReceiveAuthnResponseTask" async="true" /> + <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> + <pd:Task id="generateIdentityLink" class="CreateIdentityLinkTask" /> + + <pd:StartEvent id="start" /> + <pd:Transition from="start" to="createAuthnRequest" /> + <pd:Transition from="createAuthnRequest" to="receiveAuthnResponse" /> + <pd:Transition from="receiveAuthnResponse" to="generateIdentityLink" /> + <pd:Transition from="generateIdentityLink" to="finalizeAuthentication" /> + <pd:Transition from="finalizeAuthentication" to="end" /> + <pd:EndEvent id="end" /> + +</pd:ProcessDefinition> diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDAS.authmodule.beans.xml b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDAS.authmodule.beans.xml new file mode 100644 index 000000000..9cf22eae9 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDAS.authmodule.beans.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"> + + <context:annotation-config /> + + <bean id="eIDASAuthModule" class="at.gv.egovernment.moa.id.auth.modules.eidas_v2.eIDASAuthenticationModulImpl"> + <property name="priority" value="2" /> + </bean> + +</beans> diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/moaid_eidas_v2_auth.beans.xml b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/moaid_eidas_v2_auth.beans.xml new file mode 100644 index 000000000..1d851614e --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/moaid_eidas_v2_auth.beans.xml @@ -0,0 +1,36 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <bean id="eIDASSignalServlet" + class="at.gv.egovernment.moa.id.auth.modules.eidas.eIDASSignalServlet"/> +<!-- + <bean id="EIDASProtocol" + class="at.gv.egovernment.moa.id.protocols.eidas.EIDASProtocol"/> + + <bean id="eIDASMetadataProvider" + class="at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider"/> + --> + +<!-- Authentication Process Tasks --> + + <bean id="GenerateAuthnRequestTask" + class="at.gv.egovernment.moa.id.auth.modules.eidas_v2.tasks.GenerateAuthnRequestTask" + scope="prototype"/> + + <bean id="ReceiveAuthnResponseTask" + class="at.gv.egovernment.moa.id.auth.modules.eidas_v2.tasks.ReceiveAuthnResponseTask" + scope="prototype"/> + + <bean id="CreateIdentityLinkTask" + class="at.gv.egovernment.moa.id.auth.modules.eidas_v2.tasks.CreateIdentityLinkTask" + scope="prototype"/> + +</beans>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java index 74cf665ca..bad1f4e41 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java @@ -31,7 +31,7 @@ import org.apache.xml.security.signature.XMLSignature; import org.opensaml.xml.encryption.EncryptionConstants; import org.opensaml.xml.signature.SignatureConstants; -import at.gv.egovernment.moa.id.data.Trible; +import at.gv.egiz.eaaf.core.impl.data.Trible; /** * @author tlenz diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java index 78793d3fc..5e4745f7c 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java @@ -35,12 +35,12 @@ import java.util.List; import java.util.Map; import java.util.Properties; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.samlengineconfig.BinaryParameter; import eu.eidas.samlengineconfig.EngineInstance; @@ -131,7 +131,7 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends private Properties loadConfigurationFromExternalFile(String key) throws ConfigurationException { String configFile = - AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration(key); + AuthConfigurationProviderFactory.getInstance().getBasicConfiguration(key); if (MiscUtil.isEmpty(configFile)) { Logger.warn("No eIDAS SAML-engine configuration key: " + key + " found in MOA-ID properties configuration file."); @@ -150,7 +150,7 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends Properties inputProps = loadConfigurationFromExternalFile(configKey); String configFile = - AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration(configKey); + AuthConfigurationProviderFactory.getInstance().getBasicConfiguration(configKey); PropsParameter outputProps = new PropsParameter(); outputProps.setFileName(configFile); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java index 384d6be0b..f7a6ff495 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java @@ -34,10 +34,10 @@ import java.util.List; import java.util.Map.Entry; import java.util.Properties; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import eu.eidas.samlengineconfig.ConfigurationParameter; import eu.eidas.samlengineconfig.InstanceConfiguration; import eu.eidas.samlengineconfig.StringParameter; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java index 7b044522c..ec042949a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java @@ -24,8 +24,8 @@ package at.gv.egovernment.moa.id.auth.modules.eidas; import org.apache.commons.lang3.StringUtils; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; /** * @author tlenz @@ -37,7 +37,7 @@ public class eIDASAuthenticationModulImpl implements AuthModule { @Override public int getPriority() { - return priority; + return priority; } /** diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java index 16d909331..49d98ed33 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java @@ -32,7 +32,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java index a2ec47a45..aca818532 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java @@ -1,5 +1,6 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.engine; +import java.net.MalformedURLException; import java.util.ArrayList; import java.util.Date; import java.util.HashMap; @@ -11,6 +12,9 @@ import java.util.Timer; import javax.xml.namespace.QName; +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.MOAHttpClient; +import org.apache.commons.httpclient.params.HttpClientParams; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.RoleDescriptor; @@ -22,44 +26,39 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider; import org.opensaml.xml.XMLObject; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.IDestroyableObject; -import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing; -import at.gv.egovernment.moa.id.auth.IPostStartupInitializable; +import at.gv.egiz.eaaf.core.api.IDestroyableObject; +import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing; +import at.gv.egiz.eaaf.core.api.IPostStartupInitializable; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter; -import at.gv.egovernment.moa.id.saml2.MetadataFilterChain; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.engine.AbstractProtocolEngine; @Service("eIDASMetadataProvider") -public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider implements ObservableMetadataProvider, - IGarbageCollectorProcessing, IDestroyableObject, IMOARefreshableMetadataProvider, IPostStartupInitializable{ +public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider implements ObservableMetadataProvider, + IGarbageCollectorProcessing, IDestroyableObject, IRefreshableMetadataProvider, IPostStartupInitializable{ - private Timer timer = null; + @Autowired(required=true) IConfiguration basicConfig; + + private Timer timer = null; private MetadataProvider internalProvider; private Map<String, Date> lastAccess = null; - -// public static MOAeIDASChainingMetadataProvider getInstance() { -// if (instance == null) { -// synchronized (mutex) { -// if (instance == null) { -// instance = new MOAeIDASChainingMetadataProvider(); -// MOAGarbageCollector.addModulForGarbageCollection(instance); -// } -// } -// } -// return instance; -// } - - public MOAeIDASChainingMetadataProvider() { internalProvider = new ChainingMetadataProvider(); lastAccess = new HashMap<String, Date>(); @@ -71,23 +70,36 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider */ @Override public void executeAfterStartup() { - initializeEidasMetadataFromFileSystem(); + try { + initializeEidasMetadataFromFileSystem(); + + } catch (ConfigurationException e) { + Logger.error("Post start-up initialization of eIDAS Metadata-Provider FAILED.", e); + + } } - protected void initializeEidasMetadataFromFileSystem() { - Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX); - if (!metadataToLoad.isEmpty()) { - Logger.info("Load static configurated eIDAS metadata ... "); - for (String metaatalocation : metadataToLoad.values()) { - String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getRootConfigFileDir()); - Logger.info(" Load eIDAS metadata from: " + absMetadataLocation); - refreshMetadataProvider(absMetadataLocation); + protected void initializeEidasMetadataFromFileSystem() throws ConfigurationException { + try { + Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX); + if (!metadataToLoad.isEmpty()) { + Logger.info("Load static configurated eIDAS metadata ... "); + for (String metaatalocation : metadataToLoad.values()) { + String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getConfigurationRootDirectory()); + Logger.info(" Load eIDAS metadata from: " + absMetadataLocation); + refreshMetadataProvider(absMetadataLocation); + } + + Logger.info("Load static configurated eIDAS metadata finished "); } - Logger.info("Load static configurated eIDAS metadata finished "); - } + } catch (MalformedURLException e) { + Logger.warn("MOA-ID configuration error." , e); + throw new ConfigurationException("MOA-ID configuration error.", null, e); + + } } @@ -229,11 +241,12 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider //add Metadata filters MetadataFilterChain filter = new MetadataFilterChain(); filter.addFilter(new MOASPMetadataSignatureFilter( - authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE))); + authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE))); - return createNewMoaMetadataProvider(metadataURL, filter, + return createNewSimpleMetadataProvider(metadataURL, filter, "eIDAS metadata-provider", - timer, AbstractProtocolEngine.getSecuredParserPool()); + timer, AbstractProtocolEngine.getSecuredParserPool(), + createHttpClient(metadataURL)); } @@ -414,5 +427,40 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider if (observer != null) observer.onEvent(this); } + + private HttpClient createHttpClient(String metadataURL) { + MOAHttpClient httpClient = new MOAHttpClient(); + HttpClientParams httpClientParams = new HttpClientParams(); + httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT); + httpClient.setParams(httpClientParams); + + if (metadataURL.startsWith("https:")) { + try { + if (basicConfig instanceof AuthConfiguration) { + AuthConfiguration moaAuthConfig = (AuthConfiguration) basicConfig; + //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getTrustedCACertificates(), + null, + AuthConfiguration.DEFAULT_X509_CHAININGMODE, + moaAuthConfig.isTrustmanagerrevoationchecking(), + moaAuthConfig.getRevocationMethodOrder(), + moaAuthConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); + + httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); + + } + + } catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) { + Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + + } + } + + return httpClient; + + } } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java index 9adc221e5..3851ead2d 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java @@ -31,7 +31,7 @@ import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataProviderException; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; import eu.eidas.auth.engine.ProtocolEngineI; import eu.eidas.auth.engine.metadata.MetadataFetcherI; import eu.eidas.auth.engine.metadata.MetadataSignerI; @@ -65,8 +65,8 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataFetcherI { * @return true if refresh was successful, otherwise false */ public boolean refreshMetadata(String entityId) { - if (this.metadataprovider instanceof IMOARefreshableMetadataProvider ) - return ((IMOARefreshableMetadataProvider)this.metadataprovider).refreshMetadataProvider(entityId); + if (this.metadataprovider instanceof IRefreshableMetadataProvider ) + return ((IRefreshableMetadataProvider)this.metadataprovider).refreshMetadataProvider(entityId); else return false; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java index cf3a13e32..3dea62ec4 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java @@ -29,26 +29,29 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.joda.time.DateTime; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.w3c.dom.Element; import org.w3c.dom.Node; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; /** @@ -58,18 +61,19 @@ import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; @Component("CreateIdentityLinkTask") public class CreateIdentityLinkTask extends AbstractAuthServletTask { + @Autowired private AuthConfiguration moaAuthConfig; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ + */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - try{ - defaultTaskInitialization(request, executionContext); - + throws TaskExecutionException { + try{ //get eIDAS attributes from MOA-Session - ImmutableAttributeMap eIDASAttributes = moasession.getGenericDataFromSession( + AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + ImmutableAttributeMap eIDASAttributes = moaSession.getGenericDataFromSession( AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, ImmutableAttributeMap.class); @@ -138,7 +142,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { //resign IDL IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); - Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), authConfig.getStorkFakeIdLResigningKey()); + Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), moaAuthConfig.getStorkFakeIdLResigningKey()); identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink(); } else { @@ -156,11 +160,12 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { throw new MOAIDException("stork.10", null); } - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED); - moasession.setForeigner(true); - moasession.setIdentityLink(identityLink); - moasession.setBkuURL("Not applicable (eIDASAuthentication)"); - + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED); + moaSession.setForeigner(true); + moaSession.setIdentityLink(identityLink); + moaSession.setBkuURL("Not applicable (eIDASAuthentication)"); + + //store MOA-session to database requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java index d21334faf..0e8bf2a5a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java @@ -44,23 +44,24 @@ import org.springframework.util.StringUtils; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.CPEPS; import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.EidasStringUtil; @@ -87,14 +88,14 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try{ //get service-provider configuration - IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaConfig = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); // get target and validate citizen countryCode String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC); @@ -104,7 +105,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { throw new AuthenticationException("eIDAS.03", new Object[] { "" }); } - CPEPS cpeps = authConfig.getStorkConfig().getCPEPSWithFullName(citizenCountryCode); + CPEPS cpeps = ((AuthConfiguration)authConfig).getStorkConfig().getCPEPSWithFullName(citizenCountryCode); if(null == cpeps) { Logger.error("PEPS unknown for country: " + citizenCountryCode); throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode}); @@ -161,7 +162,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { } //TODO: switch to entityID - revisionsLogger.logEvent(oaConfig, pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED, metadataUrl); @@ -181,7 +182,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { } else { boolean globallyMandatory = false; - for (StorkAttribute currentGlobalAttribute : authConfig.getStorkConfig().getStorkAttributes()) + for (StorkAttribute currentGlobalAttribute : ((AuthConfiguration)authConfig).getStorkConfig().getStorkAttributes()) if (current.getName().equals(currentGlobalAttribute.getName())) { globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory()); break; @@ -195,7 +196,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { //request if (reqAttrList.isEmpty()) { - Logger.info("No attributes requested by OA:" + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() + Logger.info("No attributes requested by OA:" + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier() + " --> Request attr:" + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + " by default"); AttributeDefinition<?> newAttribute = SAMLEngineUtils.getMapOfAllAvailableAttributes().get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); Builder<?> attrBuilder = AttributeDefinition.builder(newAttribute).required(true); @@ -235,7 +236,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { //set service provider (eIDAS node) countryCode authnRequestBuilder.serviceProviderCountryCode( - authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT")); + authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT")); //set citizen country code for foreign uses authnRequestBuilder.citizenCountryCode(cpeps.getCountryCode()); @@ -302,7 +303,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { String actionType = "SAMLRequest"; context.put(actionType, SAMLRequest); - context.put("RelayState", pendingReq.getRequestID()); + context.put("RelayState", pendingReq.getPendingRequestId()); context.put("action", authnReqEndpoint.getLocation()); Logger.debug("Using SingleSignOnService url as action: " + authnReqEndpoint.getLocation()); @@ -323,7 +324,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { response.setContentLength(content.length); response.getOutputStream().write(content); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED, authnRequest.getRequest().getId()); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java index 5e83f0a3f..1788facf0 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java @@ -7,18 +7,20 @@ import org.opensaml.saml2.core.StatusCode; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASResponseNotSuccessException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; +import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.eidas.validator.eIDASResponseValidator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; @@ -36,7 +38,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - try{ + try{ //get SAML Response String base64SamlToken = request.getParameter("SAMLResponse"); if (MiscUtil.isEmpty(base64SamlToken)) { @@ -46,7 +48,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { } //get MOASession - defaultTaskInitialization(request, executionContext); + //defaultTaskInitialization(request, executionContext); //decode SAML response byte[] decSamlToken = EidasStringUtil.decodeBytesFromBase64(base64SamlToken); @@ -79,7 +81,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { // ********************************************************** // ******* MOA-ID specific response validation ********** // ********************************************************** - String spCountry = authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"); + String spCountry = authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"); eIDASResponseValidator.validateResponse(pendingReq, samlResp, spCountry); @@ -88,25 +90,23 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { // ********************************************************** //update MOA-Session data with received information - Logger.debug("Store eIDAS response information into MOA-session."); - - moasession.setQAALevel(samlResp.getLevelOfAssurance()); - - moasession.setGenericDataToSession( + Logger.debug("Store eIDAS response information into MOA-session."); + AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + session.setGenericDataToSession(AuthProzessDataConstants.VALUE_QAALEVEL, samlResp.getLevelOfAssurance()); + session.setGenericDataToSession( AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, - samlResp.getAttributes()); - - moasession.setGenericDataToSession( + samlResp.getAttributes()); + session.setGenericDataToSession( AuthenticationSessionStorageConstants.eIDAS_RESPONSE, decSamlToken); //set issuer nation as PVP attribute into MOASession - moasession.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry()); - + session.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry()); + //store MOA-session to database requestStoreage.storePendingRequest(pendingReq); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED, samlResp.getId()); @@ -116,20 +116,20 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { }catch (EIDASSAMLEngineException e) { Logger.warn("eIDAS Response validation FAILED.", e); Logger.debug("eIDAS response was: " + request.getParameter("SAMLResponse")); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", new EIDASEngineException("eIDAS.09", new Object[]{e.getMessage()}, e)); } catch (MOADatabaseException e) { - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", new MOAIDException("init.04", new Object[]{""}, e)); } catch (Exception e) { Logger.warn("eIDAS Response processing FAILED.", e); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); throw new TaskExecutionException(pendingReq, e.getMessage(), new MOAIDException("eIDAS.10", new Object[]{e.getMessage()}, e)); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAWhiteListConfigurator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAWhiteListConfigurator.java index a2c6a3ad9..9d1ec6d98 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAWhiteListConfigurator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAWhiteListConfigurator.java @@ -29,7 +29,7 @@ import org.apache.commons.lang.StringUtils; import com.google.common.collect.ImmutableSet; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; /** * @author tlenz diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java index 02a5df098..6d20caa4b 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java @@ -32,6 +32,7 @@ import org.opensaml.common.xml.SAMLSchemaBuilder; import org.opensaml.xml.ConfigurationException; import org.opensaml.xml.XMLConfigurator; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAExtendedSWSigner; import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl; @@ -41,7 +42,6 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProvid import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.AttributeRegistries; @@ -82,7 +82,7 @@ public class SAMLEngineUtils { //load additional eIDAS attribute definitions String additionalAttributeConfigFile = - AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration( + AuthConfigurationProviderFactory.getInstance().getBasicConfiguration( Constants.CONIG_PROPS_EIDAS_SAMLENGINE_ATTIONAL_ATTRIBUTE_DEFINITIONS); AttributeRegistry addAttrDefinitions = AttributeRegistries.empty(); if (MiscUtil.isNotEmpty(additionalAttributeConfigFile)) { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java index d43fa1622..e3b58d259 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java @@ -22,7 +22,7 @@ */ package at.gv.egovernment.moa.id.auth.modules.eidas.utils; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; /** * @author tlenz @@ -37,7 +37,7 @@ public class SimpleEidasAttributeGenerator implements IAttributeGenerator<String public String buildStringAttribute(String friendlyName, String name, String value) { return value; - } + } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int) diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java index f148421bd..200215308 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java @@ -30,14 +30,16 @@ import java.util.ServiceLoader; import com.google.common.collect.ImmutableSet; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.attribute.AttributeDefinition; @@ -52,7 +54,7 @@ import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException; */ public class eIDASAttributeBuilder extends PVPAttributeBuilder { private static IAttributeGenerator<String> generator = new SimpleEidasAttributeGenerator(); - + private static List<String> listOfSupportedeIDASAttributes; private static ServiceLoader<IeIDASAttribute> eIDASAttributLoader = ServiceLoader.load(IeIDASAttribute.class); @@ -66,8 +68,12 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder { while (moduleLoaderInterator.hasNext()) { try { IeIDASAttribute modul = moduleLoaderInterator.next(); - Logger.info("Loading eIDAS attribut-builder Modul Information: " + modul.getName()); - supportAttrList.add(modul.getName()); + if (modul.getClass().isAnnotationPresent(eIDASMetadata.class)) { + Logger.info("Loading eIDAS attribut-builder Modul Information: " + modul.getName()); + supportAttrList.add(modul.getName()); + + } else + Logger.trace(modul.getName() + " is not an eIDAS metadata attribute"); } catch(Throwable e) { Logger.error("Check configuration! " + "Some attribute-builder modul" + @@ -99,7 +105,7 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder { * @param authData Authentication data that contains user information for attribute generation * @return eIDAS attribute response {@link Pair} or null if the attribute generation FAILES */ - public static Pair<AttributeDefinition<?>,ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, IOAAuthParameters onlineApplicationConfiguration, + public static Pair<AttributeDefinition<?>,ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, ISPConfiguration onlineApplicationConfiguration, IAuthData authData) { String attrName = attr.getNameUri().toString(); @@ -110,11 +116,15 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder { if (attrBuilder != null) { try { String attrValue = attrBuilder.build(onlineApplicationConfiguration, authData, generator); + boolean isMandatesUsed = false; + if (authData instanceof IMOAAuthData) + isMandatesUsed = ((IMOAAuthData)authData).isUseMandate(); + if (MiscUtil.isNotEmpty(attrValue)) { //set uniqueIdentifier attribute, because eIDAS SAMLEngine use this flag to select the // Subject->NameID value from this attribute Builder<?> eIDASAttrBuilder = AttributeDefinition.builder(attr); - eIDASAttrBuilder.uniqueIdentifier(evaluateUniqueID(attrName, authData.isUseMandate())); + eIDASAttrBuilder.uniqueIdentifier(evaluateUniqueID(attrName, isMandatesUsed)); AttributeDefinition<?> returnAttr = eIDASAttrBuilder.build(); //unmarshal attribute value into eIDAS attribute @@ -135,7 +145,7 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder { } - } catch (AttributeException e) { + } catch (AttributeBuilderException e) { Logger.debug("Attribute can not generate requested attribute:" + attr.getNameUri().toString() + " Reason:" + e.getMessage()); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java index 30e1e4505..3075ab9cf 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java @@ -25,8 +25,8 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.utils; import java.util.regex.Matcher; import java.util.regex.Pattern; +import at.gv.egiz.eaaf.core.impl.data.Trible; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; -import at.gv.egovernment.moa.id.data.Trible; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java index 694efab80..a9a3ef01f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java @@ -1,13 +1,10 @@ package at.gv.egovernment.moa.id.protocols.eidas; -import java.util.Collection; - -import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.protocol.IAuthenticationRequest; @@ -30,13 +27,7 @@ public class EIDASData extends RequestImpl { private String remoteIPAddress; private String remoteRelayState; - - @Override - public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { - // TODO Auto-generated method stub - return null; - } - + /** * Gets the eidas requested attributes. * diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index 2948c0d53..d268dd2f6 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -43,8 +43,14 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IModulInfo; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator; @@ -54,12 +60,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.MOAIDConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.EidasStringUtil; @@ -80,11 +81,13 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException; * * @author tlenz */ -@Controller -public class EIDASProtocol extends AbstractAuthProtocolModulController { +@Controller +public class EIDASProtocol extends AbstractAuthProtocolModulController implements IModulInfo { + public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE"; + public static final String NAME = EIDASProtocol.class.getName(); - public static final String PATH = "eidas"; + public static final String PATH = "id_eidas"; @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; @@ -102,17 +105,18 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { return NAME; } - public String getPath() { - return PATH; - } + @Override + public String getAuthProtocolIdentifier() { + return PATH; + } //eIDAS metadata end-point @RequestMapping(value = "/eidas/metadata", method = {RequestMethod.GET}) - public void eIDASMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { + public void eIDASMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException { //create pendingRequest object EIDASData pendingReq = applicationContext.getBean(EIDASData.class); - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(NAME); pendingReq.setNeedAuthentication(false); pendingReq.setAuthenticated(false); @@ -137,11 +141,11 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { //PVP2.x IDP POST-Binding end-point @RequestMapping(value = "/eidas/ColleagueRequest", method = {RequestMethod.POST}) - public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { + public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { //create pending-request object EIDASData pendingReq = applicationContext.getBean(EIDASData.class); - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(NAME); revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); @@ -191,7 +195,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider); String cititzenCountryCode = - authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, + authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, MOAIDAuthConstants.COUNTRYCODE_AUSTRIA); @@ -221,7 +225,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { } //check eIDAS node configuration - IOAAuthParameters oaConfig = authConfig.getOnlineApplicationParameter(samlReq.getIssuer()); + ISPConfiguration oaConfig = authConfig.getServiceProviderConfiguration(samlReq.getIssuer()); if (oaConfig == null) throw new EIDASAuthnRequestProcessingException("eIDAS.08", new Object[]{samlReq.getIssuer()}); @@ -346,15 +350,15 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { pendingReq.setRemoteRelayState(relayState); //store level of assurance - pendingReq.setGenericDataToSession(RequestImpl.eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE, + pendingReq.setRawDataToTransaction(eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE, eIDASSamlReq.getEidasLevelOfAssurance().stringValue()); //set flag if transiend identifier is requested if (MiscUtil.isNotEmpty(eIDASSamlReq.getNameIdFormat()) && eIDASSamlReq.getNameIdFormat().equals(SamlNameIdFormat.TRANSIENT.getNameIdFormat())) - pendingReq.setGenericDataToSession(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, true); + pendingReq.setRawDataToTransaction(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, true); else - pendingReq.setGenericDataToSession(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, false); + pendingReq.setRawDataToTransaction(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, false); // - memorize requested attributes pendingReq.setEidasRequestedAttributes(eIDASSamlReq.getRequestedAttributes()); @@ -363,7 +367,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { pendingReq.setEidasRequest(eIDASSamlReq); // - memorize OA url - pendingReq.setOAURL(samlReq.getIssuer()); + pendingReq.setSPEntityId(samlReq.getIssuer()); // - memorize OA config pendingReq.setOnlineApplicationConfiguration(oaConfig); @@ -486,7 +490,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { private boolean iseIDASTargetAValidOrganisation(String reqCC, String bPKTargetArea) { if (MiscUtil.isNotEmpty(reqCC)) { List<String> allowedOrganisations = KeyValueUtils.getListOfCSVValues( - authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROPS_EIDAS_BPK_TARGET_PREFIX + reqCC.toLowerCase())); + authConfig.getBasicConfiguration(Constants.CONFIG_PROPS_EIDAS_BPK_TARGET_PREFIX + reqCC.toLowerCase())); if (allowedOrganisations.contains(bPKTargetArea)) { Logger.debug(bPKTargetArea + " is a valid OrganisationIdentifier for request-country: "+ reqCC); return true; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java index cc9b09107..bfdb46a11 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java @@ -28,6 +28,12 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; @@ -35,13 +41,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.utils.NewMoaEidasMetadata; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.engine.ProtocolEngineI; import eu.eidas.auth.engine.metadata.ContactData; @@ -56,9 +56,10 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException; */ @Service("EidasMetaDataRequest") public class EidasMetaDataRequest implements IAction { - + @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; @Autowired(required=true) AuthConfiguration authConfig; + @Autowired(required=true) IPVP2BasicConfiguration pvpConfiguration; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData) @@ -136,7 +137,7 @@ public class EidasMetaDataRequest implements IAction { metadataConfigBuilder.authnRequestsSigned(true); metadataConfigBuilder.wantAssertionsSigned(true); metadataConfigBuilder.assuranceLevel( - authConfig.getBasicMOAIDConfiguration( + authConfig.getBasicConfiguration( Constants.CONIG_PROPS_EIDAS_NODE_LoA, MOAIDAuthConstants.eIDAS_LOA_HIGH)); @@ -150,10 +151,10 @@ public class EidasMetaDataRequest implements IAction { //add organisation information from PVP metadata information Organization pvpOrganisation = null; try { - pvpOrganisation = PVPConfiguration.getInstance().getIDPOrganisation(); + pvpOrganisation = pvpConfiguration.getIDPOrganisation(); eu.eidas.auth.engine.metadata.ContactData.Builder technicalContact = ContactData.builder(); - List<ContactPerson> contacts = PVPConfiguration.getInstance().getIDPContacts(); + List<ContactPerson> contacts = pvpConfiguration.getIDPContacts(); if (contacts != null && contacts.size() >= 1) { ContactPerson contact = contacts.get(0); technicalContact.givenName(contact.getGivenName().getName()); @@ -172,7 +173,7 @@ public class EidasMetaDataRequest implements IAction { if (pvpOrganisation != null) { eu.eidas.auth.engine.metadata.OrganizationData.Builder organizationConfig = OrganizationData.builder(); organizationConfig.url(pvpOrganisation.getURLs().get(0).getURL().getLocalString()); - organizationConfig.name(authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRY, "Austria")); + organizationConfig.name(authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRY, "Austria")); //TODO: add display name and maybe update name @@ -187,7 +188,7 @@ public class EidasMetaDataRequest implements IAction { metadataConfigBuilder.supportContact(ContactData.builder(technicalContact.build()).build()); - } catch (ConfigurationException | NullPointerException e) { + } catch (NullPointerException | EAAFException e) { Logger.warn("Can not load Organisation or Contact from Configuration", e); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java index 15060fb52..84b68f91a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java @@ -22,12 +22,12 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; /** * @author tlenz * */ -public interface IeIDASAttribute extends IAttributeBuilder{ +public interface IeIDASAttribute extends IAttributeBuilder{ } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java index 64e5ae770..2f42cc43e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java @@ -22,14 +22,15 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.BirthdateAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BirthdateAttributeBuilder; /** * @author tlenz * */ +@eIDASMetadata public class eIDASAttrDateOfBirth extends BirthdateAttributeBuilder implements IeIDASAttribute { - + @Override public String getName() { return eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.DATE_OF_BIRTH.getNameUri().toString(); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java index 4195eeeef..9505a0a62 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java @@ -22,21 +22,22 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; /** * @author tlenz * */ +@eIDASMetadata public class eIDASAttrFamilyName implements IeIDASAttribute{ /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#getName() */ - @Override + @Override public String getName() { return eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_FAMILY_NAME.getNameUri().toString(); } @@ -45,8 +46,8 @@ public class eIDASAttrFamilyName implements IeIDASAttribute{ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator) */ @Override - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) - throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { return g.buildStringAttribute(null, getName(), authData.getFamilyName()); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java index 2a654ac44..7307b4f2a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java @@ -22,15 +22,16 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; /** * @author tlenz * */ +@eIDASMetadata public class eIDASAttrGivenName implements IeIDASAttribute{ /* (non-Javadoc) @@ -45,8 +46,8 @@ public class eIDASAttrGivenName implements IeIDASAttribute{ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator) */ @Override - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) - throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { return g.buildStringAttribute(null, getName(), authData.getGivenName()); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java index 63a4e89d5..1ac4560b0 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java @@ -29,6 +29,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF * */ @Deprecated +@eIDASMetadata public class eIDASAttrLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute { @Override diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java index 4d89aec3d..66359e240 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java @@ -22,11 +22,12 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -35,27 +36,30 @@ import at.gv.egovernment.moa.util.MiscUtil; * */ @Deprecated +@eIDASMetadata public class eIDASAttrLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute { @Override - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - if(authData.isUseMandate()) { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + + if (authData instanceof IMOAAuthData) { + if(((IMOAAuthData)authData).isUseMandate()) { - //extract eIDAS unique Id prefix from naturalPerson bPK identifier - if (MiscUtil.isEmpty(authData.getBPKType()) + //extract eIDAS unique Id prefix from naturalPerson bPK identifier + if (MiscUtil.isEmpty(authData.getBPKType()) || !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { - Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); - throw new AttributeException("Suspect bPKType for eIDAS identifier generation"); + Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); + throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation"); - } - - //add eIDAS eID prefix to legal person identifier - String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1); - String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(authData); - return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, - MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID); + } + //add eIDAS eID prefix to legal person identifier + String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1); + String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(((IMOAAuthData)authData)); + return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID); + } } return null; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java index cb659c2b1..76ca3a94d 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java @@ -24,14 +24,14 @@ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; import java.security.MessageDigest; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Trible; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -40,6 +40,7 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ +@eIDASMetadata public class eIDASAttrNaturalPersonalIdentifier implements IeIDASAttribute{ /* (non-Javadoc) @@ -54,8 +55,8 @@ public class eIDASAttrNaturalPersonalIdentifier implements IeIDASAttribute{ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator) */ @Override - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) - throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { String personalID = authData.getBPK(); //generate eIDAS conform 'PersonalIdentifier' attribute @@ -64,7 +65,7 @@ public class eIDASAttrNaturalPersonalIdentifier implements IeIDASAttribute{ if (MiscUtil.isEmpty(authData.getBPKType()) || !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); - throw new AttributeException("Suspect bPKType for eIDAS identifier generation"); + throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation"); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeDateOfBirth.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeDateOfBirth.java index 43d2f96c2..ed86d6e4b 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeDateOfBirth.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeDateOfBirth.java @@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPerso * @author tlenz * */ +@eIDASMetadata public class eIDASAttrRepresentativeDateOfBirth extends MandateNaturalPersonBirthDateAttributeBuilder implements IeIDASAttribute { @Override diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeFamilyName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeFamilyName.java index 924a275b1..5db88e71e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeFamilyName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeFamilyName.java @@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPerso * @author tlenz * */ +@eIDASMetadata public class eIDASAttrRepresentativeFamilyName extends MandateNaturalPersonFamilyNameAttributeBuilder implements IeIDASAttribute{ /* (non-Javadoc) diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeGivenName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeGivenName.java index 2de585918..0a7c514aa 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeGivenName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeGivenName.java @@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPerso * @author tlenz * */ +@eIDASMetadata public class eIDASAttrRepresentativeGivenName extends MandateNaturalPersonGivenNameAttributeBuilder implements IeIDASAttribute{ /* (non-Javadoc) diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java index 92456d202..638b01bb1 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java @@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF * @author tlenz * */ +@eIDASMetadata public class eIDASAttrRepresentativeLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute { @Override diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java index 47cc71e01..fd245c3eb 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java @@ -22,11 +22,12 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -34,27 +35,31 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ +@eIDASMetadata public class eIDASAttrRepresentativeLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute { @Override - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - if(authData.isUseMandate()) { - - //extract eIDAS unique Id prefix from naturalPerson bPK identifier - if (MiscUtil.isEmpty(authData.getBPKType()) - || !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { - Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); - throw new AttributeException("Suspect bPKType for eIDAS identifier generation"); + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + + if (authData instanceof IMOAAuthData) { + if(((IMOAAuthData)authData).isUseMandate()) { + + //extract eIDAS unique Id prefix from naturalPerson bPK identifier + if (MiscUtil.isEmpty(authData.getBPKType()) + || !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { + Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); + throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation"); + + } + + //add eIDAS eID prefix to legal person identifier + String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1); + String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(((IMOAAuthData)authData)); + return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID); - } - - //add eIDAS eID prefix to legal person identifier - String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1); - String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(authData); - return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, - MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID); - + } } return null; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java index 52396ae90..f7e135bae 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java @@ -24,16 +24,16 @@ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; import java.security.MessageDigest; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.data.Trible; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -42,6 +42,7 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ +@eIDASMetadata public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNaturalPersonBPKAttributeBuilder implements IeIDASAttribute{ /* (non-Javadoc) @@ -56,8 +57,8 @@ public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNat * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator) */ @Override - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) - throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { try { Pair<String, String> calcResult = internalBPKGenerator(oaParam, authData); @@ -71,7 +72,7 @@ public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNat if (MiscUtil.isEmpty(type) || !type.startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); - throw new AttributeException("Suspect bPKType for eIDAS identifier generation"); + throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation"); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java new file mode 100644 index 000000000..db072203d --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java @@ -0,0 +1,5 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; + +public @interface eIDASMetadata { + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java index ee0f72f34..f6a67db9d 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java @@ -36,19 +36,20 @@ import org.springframework.stereotype.Service; import com.google.common.collect.ImmutableSet; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl; +import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeBuilder; import at.gv.egovernment.moa.id.commons.MOAIDConstants; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.commons.EidasStringUtil; import eu.eidas.auth.commons.attribute.AttributeDefinition; @@ -71,9 +72,9 @@ import eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils; */ @Service("eIDASAuthenticationRequest") -public class eIDASAuthenticationRequest implements IAction { +public class eIDASAuthenticationRequest implements IAction { - @Autowired protected MOAReversionLogger revisionsLogger; + @Autowired protected IRevisionLogger revisionsLogger; @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; @@ -93,7 +94,8 @@ public class eIDASAuthenticationRequest implements IAction { ImmutableAttributeMap reqAttributeList = (ImmutableAttributeMap) eidasRequest.getEidasRequestedAttributes(); //add mandate attr. to requested attributes of eMandates are used an no mandate attr. are requested - if (authData.isUseMandate()) { + if (authData instanceof IMOAAuthData + && ((IMOAAuthData)authData).isUseMandate()) { Logger.trace("eMandates are used. Starting eIDAS requsted attr. update process ...."); Builder reqAttrWithMandates = ImmutableAttributeMap.builder(reqAttributeList); @@ -154,7 +156,7 @@ public class eIDASAuthenticationRequest implements IAction { //add attributes responseBuilder.attributes(eIDASAttrbutMap); - //set success statuscode + //set success statuscode responseBuilder.statusCode(StatusCode.SUCCESS_URI); //build response @@ -246,7 +248,7 @@ public class eIDASAuthenticationRequest implements IAction { private void buildAndAddAttribute(ImmutableAttributeMap.Builder attrMapBuilder, AttributeDefinition<?> attr, IRequest req, IAuthData authData) throws MOAIDException { Pair<AttributeDefinition<?>, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute( - attr, req.getOnlineApplicationConfiguration(), authData); + attr, req.getServiceProviderConfiguration(), authData); if(eIDASAttr == null) { if (attr.isRequired()) { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java index f0527bc5e..5dcd9499e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java @@ -22,12 +22,13 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.validator; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.data.Trible; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils; -import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.Trible; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.protocol.IAuthenticationResponse; @@ -46,7 +47,7 @@ public class eIDASResponseValidator { * validate received LoA against minimum required LoA | *_____________________________________________________| */ - LevelOfAssurance reqLoA = LevelOfAssurance.fromString(pendingReq.getOnlineApplicationConfiguration().getQaaLevel()); + LevelOfAssurance reqLoA = LevelOfAssurance.fromString(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getQaaLevel()); LevelOfAssurance respLoA = LevelOfAssurance.fromString(samlResp.getLevelOfAssurance()); if (respLoA.numericValue() < reqLoA.numericValue()) { Logger.error("eIDAS Response LevelOfAssurance is lower than the required! " diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index 3c11c725d..3c11c725d 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java index 7ca4590bb..72c95d9c7 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java @@ -26,7 +26,7 @@ import java.util.ArrayList; import java.util.Collections; import java.util.List; -import at.gv.egovernment.moa.id.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; /** diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java index f14ffb111..0d460f293 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java @@ -25,10 +25,10 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates; import org.springframework.beans.factory.annotation.Autowired; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.util.MiscUtil; /** @@ -40,14 +40,14 @@ import at.gv.egovernment.moa.util.MiscUtil; public class ELGAMandatesAuthModuleImpl extends DefaultCitizenCardAuthModuleImpl { @Autowired private AuthConfiguration authConfig; - + private int priority = 0; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() */ @Override - public int getPriority() { + public int getPriority() { return priority; } diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java index 5743590f9..482d8ef85 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java @@ -33,14 +33,14 @@ import org.opensaml.saml2.metadata.Organization; import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.xml.security.credential.Credential; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.logging.Logger; /** @@ -51,11 +51,12 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon private String authURL; private ELGAMandatesCredentialProvider credentialProvider; + private IPVP2BasicConfiguration pvpConfiguration; - public ELGAMandatesMetadataConfiguration(String authURL, ELGAMandatesCredentialProvider credentialProvider) { + public ELGAMandatesMetadataConfiguration(String authURL, ELGAMandatesCredentialProvider credentialProvider, IPVP2BasicConfiguration pvpConfiguration) { this.authURL = authURL; this.credentialProvider = credentialProvider; - + this.pvpConfiguration = pvpConfiguration; } @@ -118,9 +119,9 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon @Override public List<ContactPerson> getContactPersonInformation() { try { - return PVPConfiguration.getInstance().getIDPContacts(); + return pvpConfiguration.getIDPContacts(); - } catch (ConfigurationException e) { + } catch (EAAFException e) { Logger.warn("Can not load Metadata entry: Contect Person", e); return null; @@ -134,9 +135,9 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon @Override public Organization getOrgansiationInformation() { try { - return PVPConfiguration.getInstance().getIDPOrganisation(); + return pvpConfiguration.getIDPOrganisation(); - } catch (ConfigurationException e) { + } catch (EAAFException e) { Logger.warn("Can not load Metadata entry: Organisation", e); return null; diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java index b67d263fc..6548f9fcf 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java @@ -22,6 +22,8 @@ */ package at.gv.egovernment.moa.id.auth.modules.elgamandates.config; +import java.util.List; + import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; @@ -38,9 +40,10 @@ import org.opensaml.xml.security.credential.Credential; import org.w3c.dom.Document; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; /** @@ -298,6 +301,22 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest } + + @Override + public List<EAAFRequestedAttribute> getRequestedAttributes() { + return null; + + } + + @Override + public String getProviderName() { + return null; + } + + @Override + public String getScopeRequesterId() { + return null; + } } diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java index ca7401ab7..d52cd750a 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java @@ -34,14 +34,15 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesMetadataConfiguration; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; -import at.gv.egovernment.moa.id.auth.servlet.AbstractController; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; -import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; /** @@ -54,6 +55,7 @@ public class ELGAMandateMetadataController extends AbstractController { @Autowired PVPMetadataBuilder metadatabuilder; @Autowired AuthConfiguration authConfig; @Autowired ELGAMandatesCredentialProvider credentialProvider; + @Autowired IPVP2BasicConfiguration pvpConfiguration; public ELGAMandateMetadataController() { super(); @@ -76,7 +78,7 @@ public class ELGAMandateMetadataController extends AbstractController { } else { //initialize metadata builder configuration IPVPMetadataBuilderConfiguration metadataConfig = - new ELGAMandatesMetadataConfiguration(authURL, credentialProvider); + new ELGAMandatesMetadataConfiguration(authURL, credentialProvider, pvpConfiguration); //build metadata String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig); diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java index 585e72c2f..503884edd 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java @@ -32,8 +32,8 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; -import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java index f05446771..5c1f8e7bb 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java @@ -28,14 +28,14 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -50,7 +50,7 @@ public class EvaluateMandateServiceTask extends AbstractAuthServletTask { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { @@ -68,7 +68,7 @@ public class EvaluateMandateServiceTask extends AbstractAuthServletTask { if (useELGA) { //validate service-provider again if (!ELGAMandateUtils.checkServiceProviderAgainstELGAModulConfigration(authConfig, pendingReq)) { - Logger.info("Service-Provider: " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() + Logger.info("Service-Provider: " + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier() + " does not fulfill requirements to use ELGA-MandateService."); throw new MOAIDException("service.10", new Object[]{ ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java index 81c3322c9..b1db1564e 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java @@ -37,30 +37,31 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnResponseValidationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -70,7 +71,7 @@ import at.gv.egovernment.moa.util.MiscUtil; */ @Component("ReceiveElgaMandateResponseTask") public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { - + @Autowired SAMLVerificationEngineSP samlVerificationEngine; @Autowired ELGAMandatesCredentialProvider credentialProvider; @Autowired ELGAMandateServiceMetadataProvider metadataProvider; @@ -78,24 +79,24 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { InboundMessage msg = null; try { IDecoder decoder = null; - MOAURICompare comperator = null; + EAAFURICompare comperator = null; //select Response Binding if (request.getMethod().equalsIgnoreCase("POST")) { decoder = new PostBinding(); - comperator = new MOAURICompare(pendingReq.getAuthURL() + comperator = new EAAFURICompare(pendingReq.getAuthURL() + ELGAMandatesAuthConstants.ENDPOINT_POST); Logger.debug("Receive PVP Response from ELGA mandate-service, by using POST-Binding."); } else if (request.getMethod().equalsIgnoreCase("GET")) { decoder = new RedirectBinding(); - comperator = new MOAURICompare(pendingReq.getAuthURL() + comperator = new EAAFURICompare(pendingReq.getAuthURL() + ELGAMandatesAuthConstants.ENDPOINT_REDIRECT); Logger.debug("Receive PVP Response from ELGA mandate-service, by using Redirect-Binding."); @@ -130,7 +131,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { //validate assertion - MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg); + PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg); //write ELGA mandate information into MOASession AssertionAttributeExtractor extractor = @@ -144,12 +145,6 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { } - - - //load MOASession object - defaultTaskInitialization(request, executionContext); - - /** * Mandate Reference-Value is generated from ELGA MandateServie --> * MOA-ID generated reference value is not equal to reference-value from ELGA MandateService @@ -168,8 +163,11 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { Logger.debug("Validation of PVP Response from ELGA mandate-service is complete."); Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames(); + + AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); for (String el : includedAttrNames) { - moasession.setGenericDataToSession(el, extractor.getSingleAttributeValue(el)); + session.setGenericDataToSession(el, extractor.getSingleAttributeValue(el)); + //pendingReq.setGenericDataToSession(el, extractor.getSingleAttributeValue(el)); Logger.debug("Add PVP-attribute " + el + " into MOASession"); } @@ -186,11 +184,13 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { extractor.getSingleAttributeValue(PVPConstants.MANDATE_TYPE_NAME)); revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE, MOAReversionLogger.NAT_PERSON); - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH, - revisionsLogger.buildPersonInformationHash( - extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME), - extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME), - extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME))); + + //TODO!!!! +// revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH, +// revisionsLogger.buildPersonInformationHash( +// extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME), +// extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME), +// extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME))); Logger.info("Receive a valid assertion from ELGA mandate-service " + msg.getEntityID()); @@ -220,7 +220,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { } catch (AssertionValidationExeption | AuthnResponseValidationException e) { Logger.info("ELGA mandate-service: PVP response validation FAILED. Msg:" + e.getMessage()); - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getMessageId()); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getErrorId()); throw new TaskExecutionException(pendingReq, "ELGA mandate-service: PVP response validation FAILED.", e); } catch (Exception e) { @@ -242,13 +242,13 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { * @throws AssertionValidationExeption * @throws AuthnResponseValidationException */ - private MOAResponse preProcessAuthResponse(MOAResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException { + private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException { Logger.debug("Start PVP-2.1 assertion processing... "); Response samlResp = (Response) msg.getResponse(); //validate 'inResponseTo' attribute - String authnReqID = pendingReq.getGenericData( - PVPTargetConfiguration.DATAID_INTERFEDERATION_REQUESTID, String.class); + String authnReqID = pendingReq.getRawData( + MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID, String.class); String inResponseTo = samlResp.getInResponseTo(); if (MiscUtil.isEmpty(authnReqID) || MiscUtil.isEmpty(inResponseTo) || diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java index 76108cafe..625623f4a 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java @@ -28,13 +28,13 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils; import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; /** @@ -45,7 +45,7 @@ import at.gv.egovernment.moa.logging.Logger; public class RedirectToMandateSelectionTask extends AbstractAuthServletTask { @Autowired IGUIFormBuilder guiBuilder; - + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java index 299eb442e..50fb2cb4a 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java @@ -35,23 +35,24 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesRequestBuilderConfiguration; import at.gv.egovernment.moa.id.auth.modules.elgamandates.exceptions.ELGAMetadataException; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; @@ -67,7 +68,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { @Autowired ELGAMandatesCredentialProvider credential; @Autowired AuthConfiguration authConfig; @Autowired ELGAMandateServiceMetadataProvider metadataService; - + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @@ -76,7 +77,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { throws TaskExecutionException { try{ // get IDP entityID from Online Application configuration - String elgaMandateServiceEntityID = pendingReq.getOnlineApplicationConfiguration().getConfigurationValue(ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID); + String elgaMandateServiceEntityID = pendingReq.getServiceProviderConfiguration().getConfigurationValue(ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID); // use first ELGA Mandate-Service from general MOA-ID configuration, of no OA specific exists if (MiscUtil.isEmpty(elgaMandateServiceEntityID)) { @@ -100,7 +101,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { } //load metadata with metadataURL, as backup - String metadataURL = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATAURL); + String metadataURL = authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATAURL); if (MiscUtil.isNotEmpty(metadataURL)) { Logger.warn("Use not recommended metadata-provider initialization!" + " SAML2 'Well-Known-Location' is the preferred methode."); @@ -113,7 +114,8 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { EntityDescriptor entityDesc = metadataService.getEntityDescriptor(elgaMandateServiceEntityID); //load MOASession from database - defaultTaskInitialization(request, executionContext); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + //setup AuthnRequestBuilder configuration ELGAMandatesRequestBuilderConfiguration authnReqConfig = new ELGAMandatesRequestBuilderConfiguration(); @@ -125,7 +127,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { //set bPK of representative String representativeBPK = null; - String configTarget = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_SUBJECTNAMEID_TARGET); + String configTarget = authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_SUBJECTNAMEID_TARGET); if (MiscUtil.isEmpty(configTarget)) { Logger.warn("Connect ELGA Mandate-Service FAILED -> No bPK-Type for SubjectNameID found."); throw new MOAIDException("service.10", @@ -190,8 +192,8 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { //set MandateReferenceValue as RequestID authnReqConfig.setRequestID(moasession.getMandateReferenceValue()); - pendingReq.setGenericDataToSession( - PVPTargetConfiguration.DATAID_INTERFEDERATION_REQUESTID, + pendingReq.setRawDataToTransaction( + MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID, authnReqConfig.getRequestID()); //set SubjectConformationDate diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java index 52970e240..854f9d2bb 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java @@ -28,18 +28,18 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad; -import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils; import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; /** @@ -51,7 +51,7 @@ public class SelectMandateServiceTask extends AbstractAuthServletTask { @Autowired IGUIFormBuilder guiBuilder; - /* (non-Javadoc) + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override @@ -67,7 +67,7 @@ public class SelectMandateServiceTask extends AbstractAuthServletTask { ELGAMandatesAuthConstants.TEMPLATE_MANDATE_SERVICE_SELECTION, MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL, GeneralProcessEngineSignalController.ENDPOINT_GENERIC, - authConfig.getRootConfigFileDir()); + authConfig.getConfigurationRootDirectory().toURL().toString()); guiBuilder.build(response, config, "Mandate-Service selection"); diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java index adc2a310b..e8cfae10a 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java @@ -22,11 +22,15 @@ */ package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils; +import java.net.MalformedURLException; import java.util.List; import java.util.Timer; import javax.xml.namespace.QName; +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.MOAHttpClient; +import org.apache.commons.httpclient.params.HttpClientParams; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.RoleDescriptor; @@ -37,14 +41,19 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.xml.XMLObject; import org.opensaml.xml.parse.BasicParserPool; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.IDestroyableObject; +import at.gv.egiz.eaaf.core.api.IDestroyableObject; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter; -import at.gv.egovernment.moa.id.saml2.MetadataFilterChain; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -54,9 +63,10 @@ import at.gv.egovernment.moa.util.MiscUtil; */ @Service("ELGAMandate_MetadataProvider") -public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvider +public class ELGAMandateServiceMetadataProvider extends SimpleMetadataProvider implements IDestroyableObject { - + @Autowired(required=true) AuthConfiguration moaAuthConfig; + private ChainingMetadataProvider metadataProvider = new ChainingMetadataProvider(); private Timer timer = null; @@ -238,7 +248,7 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide //Metadata provider seems not loaded --> Add new metadata provider Logger.info("Initialize PVP MetadataProvider:" + metdataURL + " to connect ELGA Mandate-Service"); - String trustProfileID = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATA_TRUSTPROFILE); + String trustProfileID = authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATA_TRUSTPROFILE); if (MiscUtil.isEmpty(trustProfileID)) { Logger.error("Create ELGA Mandate-Service Client FAILED: No trustProfileID to verify PVP metadata." ); throw new MetadataProviderException("No trustProfileID to verify PVP metadata."); @@ -253,11 +263,12 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide filter.addFilter(new SchemaValidationFilter(true)); filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID)); - MetadataProvider idpMetadataProvider = createNewMoaMetadataProvider(metdataURL, + MetadataProvider idpMetadataProvider = createNewSimpleMetadataProvider(metdataURL, filter, ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, timer, - new BasicParserPool()); + new BasicParserPool(), + createHttpClient(metdataURL)); if (idpMetadataProvider == null) { Logger.error("Create ELGA Mandate-Service Client FAILED."); @@ -300,4 +311,35 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide timer.cancel(); } + + private HttpClient createHttpClient(String metadataURL) { + MOAHttpClient httpClient = new MOAHttpClient(); + HttpClientParams httpClientParams = new HttpClientParams(); + httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT); + httpClient.setParams(httpClientParams); + + if (metadataURL.startsWith("https:")) { + try { + //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getTrustedCACertificates(), + null, + AuthConfiguration.DEFAULT_X509_CHAININGMODE, + moaAuthConfig.isTrustmanagerrevoationchecking(), + moaAuthConfig.getRevocationMethodOrder(), + moaAuthConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); + + httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) { + Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + + } + } + + return httpClient; + + } } diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java index 03f8fa195..6fa9c5a77 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java @@ -24,10 +24,11 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils; import java.util.List; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; -import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; /** * @author tlenz @@ -39,11 +40,11 @@ public class ELGAMandateUtils { * * @return true, if ELGA mandateservice is allowed, otherwise false */ - public static boolean checkServiceProviderAgainstELGAModulConfigration(AuthConfiguration authConfig, IRequest pendingReq) { + public static boolean checkServiceProviderAgainstELGAModulConfigration(IConfiguration authConfig, IRequest pendingReq) { String allowedMandateTypesCSV = - authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES); + authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES); List<String> allowedMandateTypes = KeyValueUtils.getListOfCSVValues(allowedMandateTypesCSV); - List<String> spMandateProfiles = pendingReq.getOnlineApplicationConfiguration().getMandateProfiles(); + List<String> spMandateProfiles = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getMandateProfiles(); boolean isELGAMandateServiceAllowed = false; if (spMandateProfiles != null) { diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java index f5bcdb70b..dd4e5d340 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java @@ -25,10 +25,11 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider; -import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; /** * @author tlenz @@ -43,9 +44,9 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath() */ @Override - public String getKeyStoreFilePath() { + public String getKeyStoreFilePath() throws ConfigurationException { return FileUtils.makeAbsoluteURL( - authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_KEYSTORE), + authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_KEYSTORE), authConfig.getRootConfigFileDir()); } @@ -54,7 +55,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getKeyStorePassword() { - return authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim(); + return authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim(); } @@ -63,7 +64,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getMetadataKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD).trim(); } @@ -72,7 +73,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getMetadataKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD).trim(); } @@ -81,7 +82,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getSignatureKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD).trim(); } @@ -90,7 +91,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getSignatureKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD).trim(); } @@ -99,7 +100,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getEncryptionKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD).trim(); } @@ -108,7 +109,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getEncryptionKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD).trim(); } diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml index d41e8a017..60fd120d0 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml @@ -17,6 +17,8 @@ <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> <pd:Task id="getForeignID" class="GetForeignIDTask" async="true" /> + <pd:Task id="userRestrictionTask" class="UserRestrictionTask" /> + <!-- ELGA Mandate-Service Tasks --> <pd:Task id="redirectToMandateSelectionTask" class="RedirectToMandateSelectionTask" /> <pd:Task id="selectMandateServiceTask" class="SelectMandateServiceTask" async="true"/> @@ -47,7 +49,7 @@ <pd:Transition from="verifyCertificate" to="getForeignID" /> <pd:Transition from="verifyAuthBlock" to="redirectToMandateSelectionTask" conditionExpression="ctx['useMandate']" /> - <pd:Transition from="verifyAuthBlock" to="finalizeAuthentication" /> + <pd:Transition from="verifyAuthBlock" to="userRestrictionTask" /> <pd:Transition from="redirectToMandateSelectionTask" to="prepareGetMISMandate" conditionExpression="ctx['useMISMandate']" /> <pd:Transition from="redirectToMandateSelectionTask" to="selectMandateServiceTask" /> @@ -60,13 +62,14 @@ <pd:Transition from="requestELGAMandateTask" to="receiveElgaMandateResponseTask" /> - <pd:Transition from="receiveElgaMandateResponseTask" to="finalizeAuthentication" /> + <pd:Transition from="receiveElgaMandateResponseTask" to="userRestrictionTask" /> <pd:Transition from="prepareGetMISMandate" to="getMISMandate" /> - <pd:Transition from="getMISMandate" to="finalizeAuthentication" /> - - <pd:Transition from="getForeignID" to="finalizeAuthentication" /> + <pd:Transition from="getMISMandate" to="userRestrictionTask" /> + <pd:Transition from="getForeignID" to="userRestrictionTask" /> + + <pd:Transition from="userRestrictionTask" to="finalizeAuthentication" /> <pd:Transition from="finalizeAuthentication" to="end" /> <pd:EndEvent id="end" /> diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml index 971751e9e..9a8dbb236 100644 --- a/id/server/modules/moa-id-module-openID/pom.xml +++ b/id/server/modules/moa-id-module-openID/pom.xml @@ -6,9 +6,7 @@ <version>${moa-id-version}</version> </parent> - <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-module-openID</artifactId> - <version>${moa-id-version}</version> <packaging>jar</packaging> <name>MOA ID-Module OpenID Connect</name> @@ -34,7 +32,6 @@ <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> - <version>${junit.version}</version> <scope>test</scope> </dependency> diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java index 9060f35c5..76e7f0901 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java @@ -24,9 +24,9 @@ package at.gv.egovernment.moa.id.protocols.oauth20; import java.util.Properties; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.util.FileUtils; public class OAuth20Configuration { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java index 9b19e0a4d..19fdb3fee 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -30,23 +30,25 @@ import org.apache.commons.lang.StringUtils; import com.google.gson.JsonObject; import com.google.gson.JsonPrimitive; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIssuingNationAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIssuingNationAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSectorForIDAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePIN; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePINType; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder; @@ -61,8 +63,6 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepOIDAt import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder; import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; public final class OAuth20AttributeBuilder { @@ -70,7 +70,7 @@ public final class OAuth20AttributeBuilder { private OAuth20AttributeBuilder() { throw new InstantiationError(); } - + private static IAttributeGenerator<Pair<String, JsonPrimitive>> generator = new IAttributeGenerator<Pair<String, JsonPrimitive>>() { public Pair<String, JsonPrimitive> buildStringAttribute(final String friendlyName, final String name, final String value) { @@ -206,7 +206,7 @@ public final class OAuth20AttributeBuilder { } private static void addAttibutes(final List<IAttributeBuilder> builders, final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) { + final ISPConfiguration oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) { for (IAttributeBuilder b : builders) { try { //TODO: better solution requires more refactoring :( @@ -222,40 +222,40 @@ public final class OAuth20AttributeBuilder { jsonObject.add(attribute.getFirst(), attribute.getSecond()); } } - catch (AttributeException e) { + catch (AttributeBuilderException e) { Logger.info("Cannot add attribute " + b.getName()); } } } public static void addScopeOpenId(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData, + final ISPConfiguration oaParam, final IAuthData authData, final OAuth20AuthRequest oAuthRequest) { addAttibutes(buildersOpenId, jsonObject, oaParam, authData, oAuthRequest); } public static void addScopeProfile(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersProfile, jsonObject, oaParam, authData, null); } public static void addScopeEID(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersEID, jsonObject, oaParam, authData, null); } public static void addScopeEIDGov(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersEIDGov, jsonObject, oaParam, authData, null); } public static void addScopeMandate(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersMandate, jsonObject, oaParam, authData, null); } public static void addScopeSTORK(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersSTORK, jsonObject, oaParam, authData, null); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java index a43c8fce9..b3586245b 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdAudiencesAttribute implements IAttributeBuilder { @@ -35,9 +34,9 @@ public class OpenIdAudiencesAttribute implements IAttributeBuilder { return "aud"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - return g.buildStringAttribute(this.getName(), "", oaParam.getPublicURLPrefix()); + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + return g.buildStringAttribute(this.getName(), "", oaParam.getUniqueIdentifier()); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java index c6775b692..933ee8904 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder { @@ -35,9 +34,9 @@ public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder { return "auth_time"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - return g.buildLongAttribute(this.getName(), "", ((long) (authData.getIssueInstant().getTime() / 1000))); + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + return g.buildLongAttribute(this.getName(), "", ((long) (authData.getAuthenticationIssueInstant().getTime() / 1000))); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java index 5f32e32a2..04efa3979 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java @@ -24,12 +24,11 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; import java.util.Date; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdExpirationTimeAttribute implements IAttributeBuilder { @@ -39,8 +38,8 @@ public class OpenIdExpirationTimeAttribute implements IAttributeBuilder { return "exp"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000 + expirationTime)); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java index 04f38faf6..459d2b1cd 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java @@ -24,12 +24,11 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; import java.util.Date; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdIssueInstantAttribute implements IAttributeBuilder { @@ -37,8 +36,8 @@ public class OpenIdIssueInstantAttribute implements IAttributeBuilder { return "iat"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000)); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java index ff19a618a..2f4124c32 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdIssuerAttribute implements IAttributeBuilder { @@ -35,9 +34,9 @@ public class OpenIdIssuerAttribute implements IAttributeBuilder { return "iss"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - return g.buildStringAttribute(this.getName(), "", authData.getIssuer()); + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + return g.buildStringAttribute(this.getName(), "", authData.getAuthenticationIssuer()); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java index eda276df2..66b6a2518 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java @@ -22,27 +22,27 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.util.MiscUtil; public class OpenIdNonceAttribute implements IAttributeBuilder { - public String getName() { + public String getName() { return "nonce"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", null); } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { if (MiscUtil.isNotEmpty(oAuthRequest.getNonce())) return g.buildStringAttribute(this.getName(), "", oAuthRequest.getNonce()); else diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java index 7de90e98e..e3e717ec3 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder { @@ -35,8 +34,8 @@ public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder { return "sub"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", authData.getBPK()); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java index 3ebadba52..d23877395 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class ProfileDateOfBirthAttribute implements IAttributeBuilder { @@ -35,8 +34,8 @@ public class ProfileDateOfBirthAttribute implements IAttributeBuilder { return "birthdate"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", authData.getFormatedDateOfBirth()); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java index 89209b062..540962a29 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class ProfileFamilyNameAttribute implements IAttributeBuilder { @@ -35,8 +34,8 @@ public class ProfileFamilyNameAttribute implements IAttributeBuilder { return "family_name"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", authData.getFamilyName()); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java index 895037b2e..f6f774a46 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class ProfileGivenNameAttribute implements IAttributeBuilder { @@ -35,8 +34,8 @@ public class ProfileGivenNameAttribute implements IAttributeBuilder { return "given_name"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", authData.getGivenName()); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java index cd7b8312d..17ed6b40d 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java @@ -34,11 +34,11 @@ import java.security.interfaces.RSAPublicKey; import org.apache.commons.lang.StringUtils; import org.opensaml.xml.security.x509.BasicX509Credential; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Configuration; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20CertificateErrorException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.KeyStoreUtils; public final class OAuth20SignatureUtil { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index b7c54203f..b00675e7c 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -33,16 +33,18 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder; @@ -53,21 +55,19 @@ import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorE import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; @Service("OAuth20AuthAction") class OAuth20AuthAction implements IAction { - @Autowired protected MOAReversionLogger revisionsLogger; + @Autowired protected IRevisionLogger revisionsLogger; @Autowired protected ITransactionStorage transactionStorage; public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req; - String responseType = oAuthRequest.getResponseType(); + String responseType = oAuthRequest.getResponseType(); revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST); @@ -111,7 +111,7 @@ class OAuth20AuthAction implements IAction { //TODO: maybe add bPK / wbPK to SLO information - SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), req.getOnlineApplicationConfiguration().getPublicURLPrefix(), accessToken, null, null, req.requestedModule()); + SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), req.getServiceProviderConfiguration().getUniqueIdentifier(), accessToken, null, null, req.requestedModule()); return sloInformation; } @@ -156,9 +156,9 @@ class OAuth20AuthAction implements IAction { private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, IAuthData authData) throws MOAIDException, SignatureException { - IOAAuthParameters oaParam = oAuthRequest.getOnlineApplicationConfiguration(); + ISPConfiguration oaParam = oAuthRequest.getServiceProviderConfiguration(); - OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer()); + OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getAuthenticationIssuer()); OAuthJsonToken token = new OAuthJsonToken(signer); StringBuilder resultScopes = new StringBuilder(); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index 258b77b98..0350a113c 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -22,30 +22,23 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; -import java.util.Collection; -import java.util.HashMap; -import java.util.Map; - import javax.servlet.http.HttpServletRequest; -import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; -import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.logging.Logger; @Component("OAuth20AuthRequest") @@ -102,7 +95,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { * the state to set */ public void setState(String state) { - this.state = state; + this.state = state; } /** @@ -167,7 +160,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { } @Override - protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception { + protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception { this.setResponseType(this.getParam(request, OAuth20Constants.PARAM_RESPONSE_TYPE, true)); this.setState(this.getParam(request, OAuth20Constants.PARAM_STATE, true)); this.setRedirectUri(this.getParam(request, OAuth20Constants.PARAM_REDIRECT_URI, true)); @@ -188,7 +181,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { // check if client id and redirect uri are ok try { // OAOAUTH20 cannot be null at this point. check was done in base request - IOAAuthParameters oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL()); + ISPConfiguration oAuthConfig = authConfig.getServiceProviderConfiguration(this.getSPEntityId()); if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) @@ -200,46 +193,46 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID); - } catch (ConfigurationException e) { + } catch (EAAFConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() - */ - @Override - public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { - Map<String, String> reqAttr = new HashMap<String, String>(); - for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION) - reqAttr.put(el, ""); - - for (String s : scope.split(" ")) { - if (s.equalsIgnoreCase("profile")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("eID")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("eID_gov")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("mandate")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("stork")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork()) - reqAttr.put(el.getName(), ""); - - } - } - - //return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator()); - return reqAttr.keySet(); - } +// /* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() +// */ +// @Override +// public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { +// Map<String, String> reqAttr = new HashMap<String, String>(); +// for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION) +// reqAttr.put(el, ""); +// +// for (String s : scope.split(" ")) { +// if (s.equalsIgnoreCase("profile")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile()) +// reqAttr.put(el.getName(), ""); +// +// } else if (s.equalsIgnoreCase("eID")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid()) +// reqAttr.put(el.getName(), ""); +// +// } else if (s.equalsIgnoreCase("eID_gov")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov()) +// reqAttr.put(el.getName(), ""); +// +// } else if (s.equalsIgnoreCase("mandate")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate()) +// reqAttr.put(el.getName(), ""); +// +// } else if (s.equalsIgnoreCase("stork")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork()) +// reqAttr.put(el.getName(), ""); +// +// } +// } +// +// //return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator()); +// return reqAttr.keySet(); +// } } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java index 3ab283db5..118de861c 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java @@ -31,11 +31,11 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang.StringUtils; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException; @@ -48,7 +48,7 @@ abstract class OAuth20BaseRequest extends RequestImpl { private static final long serialVersionUID = 1L; protected Set<String> allowedParameters = new HashSet<String>(); - + protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception { String param = request.getParameter(name); Logger.debug("Reading param " + name + " from HttpServletRequest with value " + param); @@ -62,7 +62,7 @@ abstract class OAuth20BaseRequest extends RequestImpl { return param; } - protected void populateParameters(final HttpServletRequest request) throws OAuth20Exception { + protected void populateParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception { // moa id - load oa with client id! try { @@ -70,8 +70,8 @@ abstract class OAuth20BaseRequest extends RequestImpl { if (!ParamValidatorUtils.isValidOA(oaURL)) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } - this.setOAURL(oaURL); - IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL); + this.setSPEntityId(oaURL); + ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaURL); if (oaParam == null) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); @@ -83,12 +83,12 @@ abstract class OAuth20BaseRequest extends RequestImpl { throw new OAuth20OANotSupportedException(); } } - catch (ConfigurationException e) { + catch (EAAFConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } // oAuth - this.populateSpecialParameters(request); + this.populateSpecialParameters(request, authConfig); // cleanup parameters this.checkAllowedParameters(request); @@ -112,6 +112,6 @@ abstract class OAuth20BaseRequest extends RequestImpl { } - protected abstract void populateSpecialParameters(final HttpServletRequest request) throws OAuth20Exception; + protected abstract void populateSpecialParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception; } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index d72fe9686..9f4174bf0 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -17,24 +17,24 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.gson.JsonObject; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IModulInfo; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.util.ErrorResponseUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @Controller -public class OAuth20Protocol extends AbstractAuthProtocolModulController { +public class OAuth20Protocol extends AbstractAuthProtocolModulController implements IModulInfo { public static final String NAME = OAuth20Protocol.class.getName(); public static final String PATH = "id_oauth20"; @@ -48,15 +48,16 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController { PVPConstants.BPK_NAME }); - public String getName() { + public String getName() { return NAME; } - - public String getPath() { + + @Override + public String getAuthProtocolIdentifier() { return PATH; } - /** + /** * */ public OAuth20Protocol() { @@ -67,22 +68,22 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController { //OpenID Connect auth request @RequestMapping(value = "/oauth2/auth", method = {RequestMethod.POST, RequestMethod.GET}) - public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { - if (!authConfig.getAllowedProtocols().isOAUTHActive()) { - Logger.info("OpenID-Connect is deaktivated!"); - throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); - - } + public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException { +// if (!authConfig.getAllowedProtocols().isOAUTHActive()) { +// Logger.info("OpenID-Connect is deaktivated!"); +// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); +// +// } OAuth20AuthRequest pendingReq = applicationContext.getBean(OAuth20AuthRequest.class); try { - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(OAuth20Protocol.NAME); - pendingReq.populateParameters(req); + pendingReq.populateParameters(req, authConfig); - } catch (OAuth20Exception e) { + } catch (EAAFException e) { Logger.info("OpenID-Connect request has a validation error: " + e.getMessage()); - throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e); + throw new InvalidProtocolRequestException(e.getErrorId(), e.getParams(), e); } @@ -101,22 +102,22 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController { //openID Connect tokken request @RequestMapping(value = "/oauth2/token", method = {RequestMethod.POST, RequestMethod.GET}) - public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { - if (!authConfig.getAllowedProtocols().isOAUTHActive()) { - Logger.info("OpenID-Connect is deaktivated!"); - throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); - - } + public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException { +// if (!authConfig.getAllowedProtocols().isOAUTHActive()) { +// Logger.info("OpenID-Connect is deaktivated!"); +// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); +// +// } OAuth20TokenRequest pendingReq = applicationContext.getBean(OAuth20TokenRequest.class); try { - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(OAuth20Protocol.NAME); - pendingReq.populateParameters(req); + pendingReq.populateParameters(req, authConfig); - } catch (OAuth20Exception e) { + } catch (EAAFException e) { Logger.info("OpenID-Connect request has a validation error: " + e.getMessage()); - throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e); + throw new InvalidProtocolRequestException(e.getErrorId(), e.getParams(), e); } @@ -148,18 +149,16 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController { String errorUri = protocolRequest.getAuthURL() +"/" + OAuth20Constants.ERRORPAGE; String moaError = null; - - ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); - + if (e instanceof OAuth20Exception) { errorCode = ((OAuth20Exception) e).getErrorCode(); errorDescription = URLEncoder.encode(((OAuth20Exception) e).getMessageId() + ": " + e.getMessage(), "UTF-8"); - moaError = errorUtils.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId()); + moaError = statusMessager.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId()); } else { errorCode = OAuth20Constants.ERROR_SERVER_ERROR; errorDescription = URLEncoder.encode(e.getMessage(), "UTF-8"); - moaError = errorUtils.getResponseErrorCode(e); + moaError = statusMessager.getResponseErrorCode(e); } String paramRedirect = null; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java index 2117e2ab8..f3dcbd295 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java @@ -31,31 +31,31 @@ import org.springframework.stereotype.Service; import com.google.gson.JsonObject; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20UnauthorizedClientException; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.logging.Logger; @Service("OAuth20TokenAction") class OAuth20TokenAction implements IAction { - @Autowired protected MOAReversionLogger revisionsLogger; + @Autowired protected IRevisionLogger revisionsLogger; @Autowired protected ITransactionStorage transactionStorage; public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { - + OAuth20SessionObject auth20SessionObject = null; try { OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java index 50638ebf8..89e4252b1 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -22,19 +22,17 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; -import java.util.Collection; - import javax.servlet.http.HttpServletRequest; -import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; @@ -127,7 +125,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { } @Override - protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception { + protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception { this.setCode(this.getParam(request, OAuth20Constants.RESPONSE_CODE, true)); this.setGrantType(this.getParam(request, OAuth20Constants.PARAM_GRANT_TYPE, true)); this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true)); @@ -141,7 +139,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { // check if client id and secret are ok try { // OAOAUTH20 cannot be null at this point. check was done in base request - IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL()); + ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(this.getSPEntityId()); if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) { throw new OAuth20AccessDeniedException(); @@ -154,7 +152,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { this.setOnlineApplicationConfiguration(oaParam); } - catch (ConfigurationException e) { + catch (EAAFConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } @@ -165,11 +163,11 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { this.allowedParameters.add(OAuth20Constants.PARAM_REDIRECT_URI); } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() - */ - @Override - public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { - return null; - } +// /* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() +// */ +// @Override +// public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { +// return null; +// } } diff --git a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java index 35bbac6e7..824d64171 100644 --- a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java +++ b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java @@ -30,10 +30,9 @@ import org.opensaml.xml.security.x509.BasicX509Credential; import org.testng.Assert; import org.testng.annotations.Test; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Signer; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Verifier; -import at.gv.egovernment.moa.util.KeyStoreUtils; - import net.oauth.jsontoken.crypto.Signer; import net.oauth.jsontoken.crypto.Verifier; diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml new file mode 100644 index 000000000..74aa6682b --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml @@ -0,0 +1,80 @@ +<?xml version="1.0"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-modules</artifactId> + <version>${moa-id-version}</version> + </parent> + <artifactId>moa-id-module-sl20_authentication</artifactId> + <name>moa-id-module-sl20_authentication</name> + <url>http://maven.apache.org</url> + + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + <repositoryPath>${basedir}/../../../../repository</repositoryPath> + </properties> + + <profiles> + <profile> + <id>default</id> + <activation> + <activeByDefault>true</activeByDefault> + </activation> + <repositories> + <repository> + <id>local</id> + <name>local</name> + <url>file:${basedir}/../../../../repository</url> + </repository> + <repository> + <id>egiz-commons</id> + <url>https://demo.egiz.gv.at/int-repo/</url> + <releases> + <enabled>true</enabled> + </releases> + </repository> + </repositories> + </profile> + </profiles> + + + <dependencies> + <dependency> + <groupId>MOA.id.server</groupId> + <artifactId>moa-id-lib</artifactId> + </dependency> + + <dependency> + <groupId>com.google.code.gson</groupId> + <artifactId>gson</artifactId> + <version>2.8.2</version> + </dependency> + <dependency> + <groupId>org.bitbucket.b_c</groupId> + <artifactId>jose4j</artifactId> + <version>0.6.3</version> + </dependency> + + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk15on</artifactId> + <version>1.52</version> + <!-- <scope>provided</scope> --> +</dependency> + + + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> + </dependencies> + +</project> diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java new file mode 100644 index 000000000..f474461bf --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java @@ -0,0 +1,55 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +public class Constants { + + public static final String HTTP_ENDPOINT_DATAURL = "/sl20/dataUrl"; + public static final String HTTP_ENDPOINT_RESUME = "/sl20/resume"; + + public static final String CONFIG_PROP_PREFIX = "modules.sl20"; + public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID = CONFIG_PROP_PREFIX + ".vda.urls.qualeID.endpoint."; + public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT = "default"; + public static final String CONFIG_PROP_VDA_AUTHBLOCK_ID = CONFIG_PROP_PREFIX + ".vda.authblock.id"; + public static final String CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID = CONFIG_PROP_PREFIX + ".vda.authblock.transformation.id"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_PATH = CONFIG_PROP_PREFIX + ".security.keystore.path"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD = CONFIG_PROP_PREFIX + ".security.keystore.password"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS = CONFIG_PROP_PREFIX + ".security.sign.alias"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD = CONFIG_PROP_PREFIX + ".security.sign.password"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS = CONFIG_PROP_PREFIX + ".security.encryption.alias";; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD = CONFIG_PROP_PREFIX + ".security.encryption.password"; + + public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST = CONFIG_PROP_VDA_ENDPOINT_QUALeID; + public static final String CONFIG_PROP_SP_LIST = CONFIG_PROP_PREFIX + ".sp.entityIds."; + + public static final String CONFIG_PROP_DISABLE_EID_VALIDATION = CONFIG_PROP_PREFIX + ".security.eID.validation.disable"; + public static final String CONFIG_PROP_ENABLE_EID_ENCRYPTION = CONFIG_PROP_PREFIX + ".security.eID.encryption.enabled"; + public static final String CONFIG_PROP_FORCE_EID_ENCRYPTION = CONFIG_PROP_PREFIX + ".security.eID.encryption.required"; + public static final String CONFIG_PROP_FORCE_EID_SIGNED_RESULT = CONFIG_PROP_PREFIX + ".security.eID.signed.result.required"; + + public static final String CONFIG_PROP_IPC_RETURN_URL = CONFIG_PROP_PREFIX + ".ipc.return.url"; + + public static final String PENDING_REQ_STORAGE_PREFIX = "SL20_AUTH_"; + + /** + * Only dummy data for development!!!!!! + */ + public static final String DUMMY_SIGNING_CERT = + "MIIC9zCCAd8CBFretWcwDQYJKoZIhvcNAQEOBQAwQDELMAkGA1UEBhMCQVQxDTAL\n" + + "BgNVBAoMBEVHSVoxIjAgBgNVBAMMGW93biBkdW1teSBtZXRhZGF0YSBzaWduZXIw\n" + + "HhcNMTgwNDI0MDQ0MTExWhcNMjEwMTE3MDQ0MTExWjBAMQswCQYDVQQGEwJBVDEN\n" + + "MAsGA1UECgwERUdJWjEiMCAGA1UEAwwZb3duIGR1bW15IG1ldGFkYXRhIHNpZ25l\n" + + "cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvN3l1pjzlnmoW5trHH\n" + + "Rb1s60QtGNp2v1nfMg1R6h7SzygtmO869v5bqrVBBVGmujslr7W8cZ2DLmJoQx1N\n" + + "WwhccjXTHpNPw0B70qHGch2uRNkqkizSOlwth0Ll2DJtzxTolbajYdg+xppXScUq\n" + + "WNlNZndauPSnB2CESgNkaUou4x4YVSDInugAtLvdLx8rf2YcuidI6UIXxeSZr3VO\n" + + "Z12YtddzcJ+lwh7OX8B0UvLsdYjKjefjEudyuNBmVwLv4K2LsFhSqgE1CAzk3oCb\n" + + "V2A84klaWVPiXoBiOucyouvX781WVp1aCBp0QA8gpJH7/2wRsdPQ90tjMzM7dcgY\n" + + "LDkCAwEAATANBgkqhkiG9w0BAQ4FAAOCAQEAQuYRQcCNLDYU1ItliYz9f28+KDyU\n" + + "8WjF3NDZrlJbGSKQ4n7wkBfxdK3zprmpHadWDB+aZaPt/+voE2FduzPiLUDlpazN\n" + + "60JJ5/YHZ3q9MZvdoNg6rjkpioWatoj/smUkT6oUWL/gp8tH12fOd2oJygBqXMve\n" + + "3y3qVCghnjRaMYuXcScTZcjH9yebkTLygirtw34oGVb7t+HwbtcN65fUIBly6Rcl\n" + + "8NV3pwOKhXFKDAqXUpvhebL4+tWOqPdqfIfGaE6rELfTf3icGY3CQCzDz5Gp0Ptc\n" + + "TfQqm64xnhtAruXNJXWg2ptg+GuQgWnJUgQ8wLNMxw9XdeEwlQo5dL6xmg=="; + + public static final String DUMMY_SIGNING_CERT_FINGERPRINT = "IwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvN3l1pjzlnmoW"; + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java new file mode 100644 index 000000000..9c2d47ca7 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java @@ -0,0 +1,127 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +import java.util.Arrays; +import java.util.List; + +import javax.annotation.PostConstruct; + +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class SL20AuthenticationModulImpl implements AuthModule { + private int priority = 3; + public static final List<String> VDA_TYPE_IDS = Arrays.asList("1", "2", "3", "4"); + + @Autowired(required=true) protected AuthConfiguration authConfig; + @Autowired(required=true) private AuthenticationManager authManager; + + @Override + public int getPriority() { + return priority; + } + + /** + * Sets the priority of this module. Default value is {@code 0}. + * @param priority The priority. + */ + public void setPriority(int priority) { + this.priority = priority; + } + + @PostConstruct + protected void initalSL20Authentication() { + //parameter to whiteList + authManager.addHeaderNameToWhiteList(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE); + authManager.addHeaderNameToWhiteList(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE); + + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context) { + ISPConfiguration spConfig = (ISPConfiguration) context.get(EAAFConstants.PROCESSCONTEXT_SP_CONFIG); +// if (spConfigObj != null && spConfigObj instanceof IOAAuthParameters) +// spConfig = (IOAAuthParameters)spConfigObj; + + String sl20ClientTypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase()); + String sl20VDATypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase()); + + if (spConfig != null && + MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED)) && + Boolean.valueOf(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED))) { + Logger.debug("SL2.0 is enabled for " + spConfig.getUniqueIdentifier()); + Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + ": " + sl20ClientTypeHeader); + Logger.trace(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE + ": " + sl20VDATypeHeader); + return "SL20Authentication"; + + } else { + Logger.trace("SL2.0 is NOT enabled for " + spConfig.getUniqueIdentifier()); + return null; + + } + + +// if ( StringUtils.isNotBlank(sl20ClientTypeHeader) +//// && ( +//// StringUtils.isNotBlank(sl20VDATypeHeader) +//// //&& VDA_TYPE_IDS.contains(sl20VDATypeHeader.trim()) +//// ) +// ) { +// Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found"); +// return "SL20Authentication"; +// +// } else { +// Logger.trace("No '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found"); +// return null; +// +// } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:sl20.Authentication.process.xml" }; + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationSpringResourceProvider.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationSpringResourceProvider.java new file mode 100644 index 000000000..2658a363d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationSpringResourceProvider.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +public class SL20AuthenticationSpringResourceProvider implements SpringResourceProvider { + + @Override + public String getName() { + return "MOA-ID Security-Layer 2.0 Authentication SpringResourceProvider"; + } + + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Resource[] getResourcesToLoad() { + ClassPathResource sl20AuthConfig = new ClassPathResource("/moaid_sl20_auth.beans.xml", SL20AuthenticationSpringResourceProvider.class); + + return new Resource[] {sl20AuthConfig}; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java index 71c5a46a4..87e9e933d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java @@ -1,4 +1,4 @@ -/******************************************************************************* +/* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. @@ -19,26 +19,43 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + */ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +import java.io.IOException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.opensaml.common.binding.decoding.URIComparator; -import org.opensaml.saml2.metadata.provider.MetadataProvider; -import org.opensaml.ws.message.decoder.MessageDecodingException; -import org.opensaml.xml.security.SecurityException; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; +/** + * @author tlenz + * + */ +@Controller +public class SL20SignalServlet extends AbstractProcessEngineSignalController { -public interface IDecoder { - public InboundMessageInterface decode(HttpServletRequest req, - HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) - throws MessageDecodingException, SecurityException, PVP2Exception; + public SL20SignalServlet() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + + " with mappings '"+ Constants.HTTP_ENDPOINT_DATAURL + + " and " + Constants.HTTP_ENDPOINT_RESUME + + "'."); - public boolean handleDecode(String action, HttpServletRequest req); + } + + @RequestMapping(value = { Constants.HTTP_ENDPOINT_DATAURL, + Constants.HTTP_ENDPOINT_RESUME + }, + method = {RequestMethod.POST, RequestMethod.GET}) + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + signalProcessManagement(req, resp); + } - public String getSAML2BindingName(); } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/data/VerificationResult.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/data/VerificationResult.java new file mode 100644 index 000000000..2a24096f9 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/data/VerificationResult.java @@ -0,0 +1,39 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.data; + +import java.security.cert.X509Certificate; +import java.util.List; + +import com.google.gson.JsonObject; + +public class VerificationResult { + + private Boolean validSigned = null; + private List<X509Certificate> certs = null; + private JsonObject payload = null; + + public VerificationResult(JsonObject payload) { + this.payload = payload; + + } + + public VerificationResult(JsonObject string, List<X509Certificate> certs, boolean wasValidSigned) { + this.payload = string; + this.certs = certs; + this.validSigned = wasValidSigned; + + } + + public Boolean isValidSigned() { + return validSigned; + } + public List<X509Certificate> getCertChain() { + return certs; + } + public JsonObject getPayload() { + return payload; + } + + + + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20Exception.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20Exception.java new file mode 100644 index 000000000..898bd7097 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20Exception.java @@ -0,0 +1,19 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions; + +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; + +public class SL20Exception extends MOAIDException { + + private static final long serialVersionUID = 1L; + + public SL20Exception(String messageId, Object[] parameters) { + super(messageId, parameters); + + } + + public SL20Exception(String messageId, Object[] parameters, Throwable wrapped) { + super(messageId, parameters, wrapped); + + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20SecurityException.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20SecurityException.java new file mode 100644 index 000000000..3bea12cb1 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20SecurityException.java @@ -0,0 +1,20 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions; + +public class SL20SecurityException extends SL20Exception { + + private static final long serialVersionUID = 3281385988027147449L; + + public SL20SecurityException(Object[] parameters) { + super("sl20.05", parameters); + } + + public SL20SecurityException(String parameter) { + super("sl20.05", new Object[] {parameter}); + } + + public SL20SecurityException(Object[] parameters, Throwable wrapped) { + super("sl20.05", parameters, wrapped); + + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20eIDDataValidationException.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20eIDDataValidationException.java new file mode 100644 index 000000000..957ace0fb --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20eIDDataValidationException.java @@ -0,0 +1,16 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions; + +public class SL20eIDDataValidationException extends SL20Exception { + private static final long serialVersionUID = 1L; + + public SL20eIDDataValidationException(Object[] parameters) { + super("sl20.07", parameters); + + } + + public SL20eIDDataValidationException(Object[] parameters, Throwable e) { + super("sl20.07", parameters, e); + + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoBuildException.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoBuildException.java new file mode 100644 index 000000000..35cf728f6 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoBuildException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions; + +public class SLCommandoBuildException extends SL20Exception { + + private static final long serialVersionUID = 1L; + + + public SLCommandoBuildException(String msg) { + super("sl20.01", new Object[]{msg}); + + } + + public SLCommandoBuildException(String msg, Throwable e) { + super("sl20.01", new Object[]{msg}, e); + + } +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoParserException.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoParserException.java new file mode 100644 index 000000000..f36e8ad82 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoParserException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions; + +public class SLCommandoParserException extends SL20Exception { + + private static final long serialVersionUID = 1L; + + + public SLCommandoParserException(String msg) { + super("sl20.02", new Object[]{msg}); + + } + + public SLCommandoParserException(String msg, Throwable e) { + super("sl20.02", new Object[]{msg}, e); + + } +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/IJOSETools.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/IJOSETools.java new file mode 100644 index 000000000..6fd1c3c4d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/IJOSETools.java @@ -0,0 +1,49 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; + +import java.security.cert.X509Certificate; + +import com.google.gson.JsonElement; + +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20SecurityException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoBuildException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; + +public interface IJOSETools { + + /** + * Create a JWS signature + * + * @param payLoad Payload to sign + * @throws SLCommandoBuildException + */ + public String createSignature(String payLoad) throws SLCommandoBuildException; + + /** + * Validates a JWS signature + * + * @param serializedContent + * @return + * @throws SLCommandoParserException + * @throws SL20Exception + */ + public VerificationResult validateSignature(String serializedContent) throws SL20Exception; + + /** + * Get the encryption certificate for SL2.0 End-to-End encryption + * + * @return + */ + public X509Certificate getEncryptionCertificate(); + + /** + * Decrypt a serialized JWE token + * + * @param compactSerialization Serialized JWE token + * @return decrypted payload + * @throws SL20Exception + */ + public JsonElement decryptPayload(String compactSerialization) throws SL20Exception; + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java new file mode 100644 index 000000000..42783468d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java @@ -0,0 +1,359 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; + +import java.io.IOException; +import java.security.Key; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Enumeration; +import java.util.List; + +import javax.annotation.PostConstruct; + +import org.jose4j.jwa.AlgorithmConstraints; +import org.jose4j.jwa.AlgorithmConstraints.ConstraintType; +import org.jose4j.jwe.JsonWebEncryption; +import org.jose4j.jws.AlgorithmIdentifiers; +import org.jose4j.jws.JsonWebSignature; +import org.jose4j.jwx.JsonWebStructure; +import org.jose4j.keys.X509Util; +import org.jose4j.keys.resolvers.X509VerificationKeyResolver; +import org.jose4j.lang.JoseException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import com.google.gson.JsonElement; +import com.google.gson.JsonParser; +import com.google.gson.JsonSyntaxException; + +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20SecurityException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoBuildException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.utils.X509Utils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; + +@Service +public class JsonSecurityUtils implements IJOSETools{ + + @Autowired(required=true) AuthConfiguration authConfig; + private Key signPrivKey = null; + private X509Certificate[] signCertChain = null; + + private Key encPrivKey = null; + private X509Certificate[] encCertChain = null; + + private List<X509Certificate> trustedCerts = new ArrayList<X509Certificate>(); + + @PostConstruct + protected void initalize() { + Logger.info("Initialize SL2.0 authentication security constrains ... "); + try { + KeyStore keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), + getKeyStorePassword()); + + //load signing key + signPrivKey = keyStore.getKey(getSigningKeyAlias(), getSigningKeyPassword().toCharArray()); + Certificate[] certChainSigning = keyStore.getCertificateChain(getSigningKeyAlias()); + signCertChain = new X509Certificate[certChainSigning.length]; + for (int i=0; i<certChainSigning.length; i++) { + if (certChainSigning[i] instanceof X509Certificate) { + signCertChain[i] = (X509Certificate)certChainSigning[i]; + } else + Logger.warn("NO X509 certificate for signing: " + certChainSigning[i].getType()); + + } + + //load encryption key + try { + encPrivKey = keyStore.getKey(getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray()); + if (encPrivKey != null) { + Certificate[] certChainEncryption = keyStore.getCertificateChain(getEncryptionKeyAlias()); + encCertChain = new X509Certificate[certChainEncryption.length]; + for (int i=0; i<certChainEncryption.length; i++) { + if (certChainEncryption[i] instanceof X509Certificate) { + encCertChain[i] = (X509Certificate)certChainEncryption[i]; + } else + Logger.warn("NO X509 certificate for encryption: " + certChainEncryption[i].getType()); + } + } else + Logger.info("No encryption key for SL2.0 found. End-to-End encryption is not used."); + + } catch (Exception e) { + Logger.warn("No encryption key for SL2.0 found. End-to-End encryption is not used. Reason: " + e.getMessage(), e); + + } + + //load trusted certificates + Enumeration<String> aliases = keyStore.aliases(); + while(aliases.hasMoreElements()) { + String el = aliases.nextElement(); + Logger.trace("Process TrustStoreEntry: " + el); + if (keyStore.isCertificateEntry(el)) { + Certificate cert = keyStore.getCertificate(el); + if (cert != null && cert instanceof X509Certificate) + trustedCerts.add((X509Certificate) cert); + else + Logger.info("Can not process entry: " + el + ". Reason: " + cert.toString()); + + } + } + + //some short validation + if (signPrivKey == null || !(signPrivKey instanceof PrivateKey)) { + Logger.info("Can NOT open privateKey for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); + throw new SL20Exception("sl20.03", new Object[]{"Can NOT open private key for signing"}); + + } + + if (signCertChain == null || signCertChain.length == 0) { + Logger.info("NO certificate for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); + throw new SL20Exception("sl20.03", new Object[]{"NO certificate for SL2.0 signing"}); + + } + + Logger.info("SL2.0 authentication security constrains initialized."); + + } catch ( Exception e) { + Logger.error("SL2.0 security constrains initialization FAILED.", e); + + } + + } + + + @Override + public String createSignature(String payLoad) throws SLCommandoBuildException { + try { + JsonWebSignature jws = new JsonWebSignature(); + + //set payload + jws.setPayload(payLoad); + + //set basic header + jws.setContentTypeHeaderValue(SL20Constants.SL20_CONTENTTYPE_SIGNED_COMMAND); + + //set signing information + jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); + jws.setKey(signPrivKey); + + //TODO: + jws.setCertificateChainHeaderValue(signCertChain); + jws.setX509CertSha256ThumbprintHeaderValue(signCertChain[0]); + + return jws.getCompactSerialization(); + + } catch (JoseException e) { + Logger.warn("Can NOT sign SL2.0 command.", e); + throw new SLCommandoBuildException("Can NOT sign SL2.0 command.", e); + + } + + } + + @Override + public VerificationResult validateSignature(String serializedContent) throws SL20Exception { + try { + JsonWebSignature jws = new JsonWebSignature(); + //set payload + jws.setCompactSerialization(serializedContent); + + //set security constrains + jws.setAlgorithmConstraints(new AlgorithmConstraints(ConstraintType.WHITELIST, + SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING.toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING.size()]))); + + //load signinc certs + Key selectedKey = null; + List<X509Certificate> x5cCerts = jws.getCertificateChainHeaderValue(); + String x5t256 = jws.getX509CertSha256ThumbprintHeaderValue(); + if (x5cCerts != null) { + Logger.debug("Found x509 certificate in JOSE header ... "); + Logger.trace("Sorting received X509 certificates ... "); + List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); + + if (trustedCerts.contains(sortedX5cCerts.get(0))) { + selectedKey = sortedX5cCerts.get(0).getPublicKey(); + + } else { + Logger.info("Can NOT find JOSE certificate in truststore."); + Logger.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString()); + try { + Logger.debug("Cert: " + Base64Utils.encode(sortedX5cCerts.get(0).getEncoded())); + } catch (CertificateEncodingException | IOException e) { + e.printStackTrace(); + } + + } + + } else if (MiscUtil.isNotEmpty(x5t256)) { + Logger.debug("Found x5t256 fingerprint in JOSE header .... "); + X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(trustedCerts); + selectedKey = x509VerificationKeyResolver.resolveKey(jws, Collections.<JsonWebStructure>emptyList()); + + } else { + Logger.info("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint"); + throw new SLCommandoParserException("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint"); + + } + + if (selectedKey == null) { + Logger.info("Can NOT select verification key for JWS. Signature verification FAILED."); + throw new SLCommandoParserException("Can NOT select verification key for JWS. Signature verification FAILED"); + + } + + //set verification key + jws.setKey(selectedKey); + + //validate signature + boolean valid = jws.verifySignature(); + if (!valid) { + Logger.info("JWS signature invalide. Stopping authentication process ..."); + Logger.debug("Received JWS msg: " + serializedContent); + throw new SL20SecurityException("JWS signature invalide."); + + } + + + //load payLoad + Logger.debug("SL2.0 commando signature validation sucessfull"); + JsonElement sl20Req = new JsonParser().parse(jws.getPayload()); + + return new VerificationResult(sl20Req.getAsJsonObject(), null, valid) ; + + } catch (JoseException e) { + Logger.warn("SL2.0 commando signature validation FAILED", e); + throw new SL20SecurityException(new Object[]{e.getMessage()}, e); + + } + + } + + + @Override + public JsonElement decryptPayload(String compactSerialization) throws SL20Exception { + try { + JsonWebEncryption receiverJwe = new JsonWebEncryption(); + + //set security constrains + receiverJwe.setAlgorithmConstraints( + new AlgorithmConstraints(ConstraintType.WHITELIST, + SL20Constants.SL20_ALGORITHM_WHITELIST_KEYENCRYPTION.toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_KEYENCRYPTION.size()]))); + receiverJwe.setContentEncryptionAlgorithmConstraints( + new AlgorithmConstraints(ConstraintType.WHITELIST, + SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION.toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION.size()]))); + + //set payload + receiverJwe.setCompactSerialization(compactSerialization); + + + //validate key from header against key from config + List<X509Certificate> x5cCerts = receiverJwe.getCertificateChainHeaderValue(); + String x5t256 = receiverJwe.getX509CertSha256ThumbprintHeaderValue(); + if (x5cCerts != null) { + Logger.debug("Found x509 certificate in JOSE header ... "); + Logger.trace("Sorting received X509 certificates ... "); + List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); + + if (!sortedX5cCerts.get(0).equals(encCertChain[0])) { + Logger.info("Certificate from JOSE header does NOT match encryption certificate"); + Logger.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString()); + + try { + Logger.debug("Cert: " + Base64Utils.encode(sortedX5cCerts.get(0).getEncoded())); + } catch (CertificateEncodingException | IOException e) { + e.printStackTrace(); + } + throw new SL20Exception("sl20.05", new Object[]{"Certificate from JOSE header does NOT match encryption certificate"}); + } + + } else if (MiscUtil.isNotEmpty(x5t256)) { + Logger.debug("Found x5t256 fingerprint in JOSE header .... "); + String certFingerPrint = X509Util.x5tS256(encCertChain[0]); + if (!certFingerPrint.equals(x5t256)) { + Logger.info("X5t256 from JOSE header does NOT match encryption certificate"); + Logger.debug("X5t256 from JOSE header: " + x5t256 + " Encrytption cert: " + certFingerPrint); + throw new SL20Exception("sl20.05", new Object[]{"X5t256 from JOSE header does NOT match encryption certificate"}); + + } + + } else { + Logger.info("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint"); + throw new SLCommandoParserException("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint"); + + } + + //set key + receiverJwe.setKey(encPrivKey); + + + //decrypt payload + return new JsonParser().parse(receiverJwe.getPlaintextString()); + + } catch (JoseException e) { + Logger.warn("SL2.0 result decryption FAILED", e); + throw new SL20SecurityException(new Object[]{e.getMessage()}, e); + + } catch ( JsonSyntaxException e) { + Logger.warn("Decrypted SL2.0 result is NOT a valid JSON.", e); + throw new SLCommandoParserException("Decrypted SL2.0 result is NOT a valid JSON.", e); + + } + + } + + + + @Override + public X509Certificate getEncryptionCertificate() { + //TODO: maybe update after SL2.0 update on encryption certificate parts + if (encCertChain !=null && encCertChain.length > 0) + return encCertChain[0]; + else + return null; + } + + private String getKeyStoreFilePath() throws ConfigurationException { + return FileUtils.makeAbsoluteURL( + authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH), + authConfig.getRootConfigFileDir()); + } + + private String getKeyStorePassword() { + return authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD).trim(); + + } + + private String getSigningKeyAlias() { + return authConfig.getBasicConfiguration( + Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS).trim(); + } + + private String getSigningKeyPassword() { + return authConfig.getBasicConfiguration( + Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD).trim(); + } + + private String getEncryptionKeyAlias() { + return authConfig.getBasicConfiguration( + Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS).trim(); + } + + private String getEncryptionKeyPassword() { + return authConfig.getBasicConfiguration( + Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD).trim(); + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java new file mode 100644 index 000000000..645b043ce --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java @@ -0,0 +1,232 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; + +import java.util.Arrays; +import java.util.List; + +import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers; +import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers; +import org.jose4j.jws.AlgorithmIdentifiers; + +public class SL20Constants { + public static final int CURRENT_SL20_VERSION = 10; + + //http binding parameters + public static final String PARAM_SL20_REQ_COMMAND_PARAM = "slcommand"; + public static final String PARAM_SL20_REQ_COMMAND_PARAM_OLD = "sl2command"; + + public static final String PARAM_SL20_REQ_ICP_RETURN_URL_PARAM = "slIPCReturnUrl"; + public static final String PARAM_SL20_REQ_TRANSACTIONID = "slTransactionID"; + + public static final String HTTP_HEADER_SL20_CLIENT_TYPE = "SL2ClientType"; + public static final String HTTP_HEADER_SL20_VDA_TYPE = "X-MOA-VDA"; + public static final String HTTP_HEADER_VALUE_NATIVE = "nativeApp"; + + + //******************************************************************************************* + //JSON signing and encryption headers + public static final String JSON_ALGORITHM = "alg"; + public static final String JSON_CONTENTTYPE = "cty"; + public static final String JSON_X509_CERTIFICATE = "x5c"; + public static final String JSON_X509_FINGERPRINT = "x5t#S256"; + public static final String JSON_ENCRYPTION_PAYLOAD = "enc"; + + public static final String JSON_ALGORITHM_SIGNING_RS256 = AlgorithmIdentifiers.RSA_USING_SHA256; + public static final String JSON_ALGORITHM_SIGNING_RS512 = AlgorithmIdentifiers.RSA_USING_SHA512; + public static final String JSON_ALGORITHM_SIGNING_ES256 = AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256; + public static final String JSON_ALGORITHM_SIGNING_ES512 = AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512; + public static final String JSON_ALGORITHM_SIGNING_PS256 = AlgorithmIdentifiers.RSA_PSS_USING_SHA256; + public static final String JSON_ALGORITHM_SIGNING_PS512 = AlgorithmIdentifiers.RSA_PSS_USING_SHA512; + + public static final List<String> SL20_ALGORITHM_WHITELIST_SIGNING = Arrays.asList( + JSON_ALGORITHM_SIGNING_RS256, + JSON_ALGORITHM_SIGNING_RS512, + JSON_ALGORITHM_SIGNING_ES256, + JSON_ALGORITHM_SIGNING_ES512, + JSON_ALGORITHM_SIGNING_PS256, + JSON_ALGORITHM_SIGNING_PS512 + ); + + public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP = KeyManagementAlgorithmIdentifiers.RSA_OAEP; + public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP256 = KeyManagementAlgorithmIdentifiers.RSA_OAEP_256; + + public static final List<String> SL20_ALGORITHM_WHITELIST_KEYENCRYPTION = Arrays.asList( + JSON_ALGORITHM_ENC_KEY_RSAOAEP, + JSON_ALGORITHM_ENC_KEY_RSAOAEP256 + ); + + public static final String JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256 = ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256; + public static final String JSON_ALGORITHM_ENC_PAYLOAD_A256CBCHS512 = ContentEncryptionAlgorithmIdentifiers.AES_256_CBC_HMAC_SHA_512; + public static final String JSON_ALGORITHM_ENC_PAYLOAD_A128GCM = ContentEncryptionAlgorithmIdentifiers.AES_128_GCM; + public static final String JSON_ALGORITHM_ENC_PAYLOAD_A256GCM = ContentEncryptionAlgorithmIdentifiers.AES_256_GCM; + + public static final List<String> SL20_ALGORITHM_WHITELIST_ENCRYPTION = Arrays.asList( + JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256, + JSON_ALGORITHM_ENC_PAYLOAD_A256CBCHS512, + JSON_ALGORITHM_ENC_PAYLOAD_A128GCM, + JSON_ALGORITHM_ENC_PAYLOAD_A256GCM + ); + + + //********************************************************************************************* + //Object identifier for generic transport container + public static final String SL20_CONTENTTYPE_SIGNED_COMMAND ="application/sl2.0;command"; + public static final String SL20_CONTENTTYPE_ENCRYPTED_RESULT ="application/sl2.0;result"; + + public static final String SL20_VERSION = "v"; + public static final String SL20_REQID = "reqID"; + public static final String SL20_RESPID = "respID"; + public static final String SL20_INRESPTO = "inResponseTo"; + public static final String SL20_TRANSACTIONID = "transactionID"; + public static final String SL20_PAYLOAD = "payload"; + public static final String SL20_SIGNEDPAYLOAD = "signedPayload"; + + //Generic Object identifier for commands + public static final String SL20_COMMAND_CONTAINER_NAME = "name"; + public static final String SL20_COMMAND_CONTAINER_PARAMS = "params"; + public static final String SL20_COMMAND_CONTAINER_RESULT = "result"; + public static final String SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT = "encryptedResult"; + + //COMMAND Object identifier + public static final String SL20_COMMAND_IDENTIFIER_REDIRECT = "redirect"; + public static final String SL20_COMMAND_IDENTIFIER_CALL = "call"; + public static final String SL20_COMMAND_IDENTIFIER_ERROR = "error"; + public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDEID = "qualifiedeID"; + //public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDSIG = "qualifiedSig"; + + public static final String SL20_COMMAND_IDENTIFIER_GETCERTIFICATE = "getCertificate"; + public static final String SL20_COMMAND_IDENTIFIER_CREATE_SIG_CADES = "createCAdES"; + + + public static final String SL20_COMMAND_IDENTIFIER_BINDING_CREATE_KEY = "createBindingKey"; + public static final String SL20_COMMAND_IDENTIFIER_BINDING_STORE_CERT = "storeBindingCert"; + + public static final String SL20_COMMAND_IDENTIFIER_AUTH_IDANDPASSWORD = "idAndPassword"; + public static final String SL20_COMMAND_IDENTIFIER_AUTH_JWSTOKENFACTOR = "jwsTokenAuth"; + public static final String SL20_COMMAND_IDENTIFIER_AUTH_QRCODEFACTOR = "qrCodeFactor"; + + //*****COMMAND parameter identifier****** + //general Identifier + public static final String SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_VALUE = "value"; + public static final String SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_KEY = "key"; + public static final String SL20_COMMAND_PARAM_GENERAL_DATAURL = "dataUrl"; + public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE = "x5cEnc"; + public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONJWK = "jwkEnc"; + + //Redirect command + public static final String SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL = "url"; + public static final String SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND = "command"; + public static final String SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND = "signedCommand"; + public static final String SL20_COMMAND_PARAM_GENERAL_REDIRECT_IPCREDIRECT = "IPCRedirect"; + + //Call command + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_URL = SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL; + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD = "method"; + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET = "get"; + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_POST = "post"; + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID = "includeTransactionID"; + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_REQPARAMETER = "reqParams"; + + //error command + public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE = "errorCode"; + public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE = "errorMessage"; + + //qualified eID command + public static final String SL20_COMMAND_PARAM_EID_AUTHBLOCKID = "authBlockTemplateID"; + public static final String SL20_COMMAND_PARAM_EID_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES = "attributes"; + public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE = "MANDATE-REFERENCE-VALUE"; + public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID = "SP-UNIQUEID"; + public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME = "SP-FRIENDLYNAME"; + public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPCOUNTRYCODE = "SP-COUNTRYCODE"; + public static final String SL20_COMMAND_PARAM_EID_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; + public static final String SL20_COMMAND_PARAM_EID_JWKCENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONJWK; + public static final String SL20_COMMAND_PARAM_EID_RESULT_IDL = "EID-IDENTITY-LINK"; + public static final String SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK = "EID-AUTH-BLOCK"; + public static final String SL20_COMMAND_PARAM_EID_RESULT_CCSURL = "EID-CCS-URL"; + public static final String SL20_COMMAND_PARAM_EID_RESULT_LOA = "EID-CITIZEN-QAA-LEVEL"; + + //qualified Signature comamnd +// public static final String SL20_COMMAND_PARAM_QUALSIG_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; +// public static final String SL20_COMMAND_PARAM_QUALSIG_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; + + + //getCertificate + public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_KEYID = "keyId"; + public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; + public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_JWKCENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONJWK; + public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_RESULT_CERTIFICATE = "x5c"; + + //createCAdES Signture + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_KEYID = "keyId"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT = "content"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_MIMETYPE = "mimeType"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_PADES_COMBATIBILTY = "padesComatibility"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE = "excludedByteRange"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL = "cadesLevel"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_JWKCENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONJWK; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_RESULT_SIGNATURE = "signature"; + + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_BASIC = "cAdES"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_T = "cAdES-T"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_C = "cAdES-C"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_X = "cAdES-X"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_XL = "cAdES-X-L"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_A = "cAdES-A"; + + + + //create binding key command + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID = "kontoID"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_SN = "SN"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYLENGTH = "keyLength"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG = "keyAlg"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES = "policies"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_X5CVDATRUST = "x5cVdaTrust"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD = "reqUserPassword"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; + + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG_RSA = "RSA"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG_SECPR256R1 = "secp256r1"; + + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_LIFETIME = "lifeTime"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_USESECUREELEMENT = "useSecureElement"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_KEYTIMEOUT = "keyTimeout"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_NEEDUSERAUTH = "needUserAuth"; + + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_APPID = "appID"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_CSR = "csr"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE = "attCert"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD = "encodedPass"; + + + //store binding certificate command + public static final String SL20_COMMAND_PARAM_BINDING_STORE_CERTIFICATE = "x5c"; + public static final String SL20_COMMAND_PARAM_BINDING_STORE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS = "success"; + public static final String SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS_VALUE = "OK"; + + // Username and password authentication + public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG = "keyAlg"; + public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG_VALUE_PLAIN = "plain"; + public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG_VALUE_PBKDF2 = "PBKDF2"; + public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; + public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_KONTOID = SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID; + public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_USERPASSWORD = SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD; + + //JWS Token authentication + public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE = "nonce"; + public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYDATA = "displayData"; + public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYURL = "displayUrl"; + public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_RESULT_NONCE = SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE; + + //QR-Code authentication + public static final String SL20_COMMAND_PARAM_AUTH_QRCODE_QRCODE = "qrCode"; + public static final String SL20_COMMAND_PARAM_AUTH_QRCODE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java new file mode 100644 index 000000000..169cb8e73 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java @@ -0,0 +1,45 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; + +import java.io.IOException; +import java.io.StringWriter; +import java.net.URISyntaxException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.http.client.utils.URIBuilder; +import org.apache.http.entity.ContentType; +import org.jose4j.base64url.Base64Url; + +import com.google.gson.JsonObject; + +import at.gv.egovernment.moaspss.logging.Logger; + +public class SL20HttpBindingUtils { + + public static void writeIntoResponse(HttpServletRequest request, HttpServletResponse response, JsonObject sl20Forward, String redirectURL) throws IOException, URISyntaxException { + //forward SL2.0 command + if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && + request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { + Logger.debug("Client request containts 'native client' header ... "); + StringWriter writer = new StringWriter(); + writer.write(sl20Forward.toString()); + final byte[] content = writer.toString().getBytes("UTF-8"); + response.setStatus(HttpServletResponse.SC_OK); + response.setContentLength(content.length); + response.setContentType(ContentType.APPLICATION_JSON.toString()); + response.getOutputStream().write(content); + + } else { + Logger.debug("Client request containts is no native client ... "); + URIBuilder clientRedirectURI = new URIBuilder(redirectURL); + clientRedirectURI.addParameter( + SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, + Base64Url.encode(sl20Forward.toString().getBytes())); + response.setStatus(307); + response.setHeader("Location", clientRedirectURI.build().toString()); + + } + + } +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java new file mode 100644 index 000000000..d5dec1fe1 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java @@ -0,0 +1,617 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; + +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Base64; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; + +import com.google.gson.JsonArray; +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; + +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoBuildException; + +public class SL20JSONBuilderUtils { + + /** + * Create command request + * @param name + * @param params + * @throws SLCommandoBuildException + * @return + */ + public static JsonObject createCommand(String name, JsonElement params) throws SLCommandoBuildException { + JsonObject command = new JsonObject(); + addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); + addSingleJSONElement(command, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, params, true); + return command; + + } + + /** + * Create signed command request + * + * @param name + * @param params + * @param signer + * @return + * @throws SLCommandoBuildException + */ + public static String createSignedCommand(String name, JsonElement params, IJOSETools signer) throws SLCommandoBuildException { + JsonObject command = new JsonObject(); + addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); + addSingleJSONElement(command, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, params, true); + return signer.createSignature(command.toString()); + + } + + + /** + * Create encrypted command result + * + * @param result + * @param encrypter + * @return + * @throws SLCommandoBuildException + */ + public static String createEncryptedCommandoResult(JsonObject result, JsonSecurityUtils encrypter) throws SLCommandoBuildException { + //TODO: add real implementation + //create header and footer + String dummyHeader = createJsonEncryptionHeader(encrypter).toString(); + String payLoad = result.toString(); + String dummyFooter = createJsonSignedFooter(encrypter); + + return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes()) + "." + + Base64.getUrlEncoder().encodeToString(payLoad.getBytes()) + "." + + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes()); + + } + + + /** + * Create command result + * + * @param name + * @param result + * @param encryptedResult + * @throws SLCommandoBuildException + * @return + */ + public static JsonObject createCommandResponse(String name, JsonElement result, String encryptedResult) throws SLCommandoBuildException { + JsonObject command = new JsonObject(); + addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); + addOnlyOnceOfTwo(command, + SL20Constants.SL20_COMMAND_CONTAINER_RESULT, SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT, + result, encryptedResult); + return command; + + } + + /** + * Create command result + * + * @param name + * @param result + * @param encryptedResult + * @throws SLCommandoBuildException + * @return + */ + public static String createSignedCommandResponse(String name, JsonElement result, String encryptedResult, JsonSecurityUtils signer) throws SLCommandoBuildException { + JsonObject command = new JsonObject(); + addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); + addOnlyOnceOfTwo(command, + SL20Constants.SL20_COMMAND_CONTAINER_RESULT, SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT, + result, encryptedResult); + String encodedCommand = command.toString(); + + //TODO: add real implementation + //create header and footer + String dummyHeader = createJsonSignedHeader(signer).toString(); + String dummyFooter = createJsonSignedFooter(signer); + + return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes()) + "." + + Base64.getUrlEncoder().encodeToString(encodedCommand.getBytes()) + "." + + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes()); + + } + + /** + * Create parameters for Redirect command + * + * @param url + * @param command + * @param signedCommand + * @param ipcRedirect + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createRedirectCommandParameters(String url, JsonElement command, JsonElement signedCommand, Boolean ipcRedirect) throws SLCommandoBuildException{ + JsonObject redirectReqParams = new JsonObject(); + addOnlyOnceOfTwo(redirectReqParams, + SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, + command, signedCommand); + addSingleStringElement(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL, url, false); + addSingleBooleanElement(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_IPCREDIRECT, ipcRedirect, false); + return redirectReqParams; + + } + + /** + * Create parameters for Call command + * + * @param url + * @param method + * @param includeTransactionId + * @param reqParameters + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createCallCommandParameters(String url, String method, Boolean includeTransactionId, Map<String, String> reqParameters) throws SLCommandoBuildException { + JsonObject callReqParams = new JsonObject(); + addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_URL, url, true); + addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD, method, true); + addSingleBooleanElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID, includeTransactionId, false); + addArrayOfStringElements(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_REQPARAMETER, reqParameters); + return callReqParams; + + } + + /** + * Create result for Error command + * + * @param errorCode + * @param errorMsg + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createErrorCommandResult(String errorCode, String errorMsg) throws SLCommandoBuildException { + JsonObject result = new JsonObject(); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, errorCode, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, errorMsg, true); + return result; + + } + + + /** + * Create parameters for qualifiedeID command + * + * @param authBlockId + * @param dataUrl + * @param additionalReqParameters + * @param x5cEnc + * @return + * @throws CertificateEncodingException + * @throws SLCommandoBuildException + */ + public static JsonObject createQualifiedeIDCommandParameters(String authBlockId, String dataUrl, + Map<String, String> additionalReqParameters, X509Certificate x5cEnc) throws CertificateEncodingException, SLCommandoBuildException { + JsonObject params = new JsonObject(); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_AUTHBLOCKID, authBlockId, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_DATAURL, dataUrl, true); + addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES, additionalReqParameters); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_X5CENC, x5cEnc, false); + return params; + + } + + /** + * Create result for qualifiedeID command + * + * @param idl + * @param authBlock + * @param ccsURL + * @param LoA + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createQualifiedeIDCommandResult(byte[] idl, byte[] authBlock, String ccsURL, String LoA) throws SLCommandoBuildException { + JsonObject result = new JsonObject(); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, idl, true); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, authBlock, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, ccsURL, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, LoA, true); + return result; + + } + + + /** + * Create Binding-Key command parameters + * + * @param kontoId + * @param subjectName + * @param keySize + * @param keyAlg + * @param policies + * @param dataUrl + * @param x5cVdaTrust + * @param reqUserPassword + * @param x5cEnc + * @return + * @throws SLCommandoBuildException + * @throws CertificateEncodingException + */ + public static JsonObject createBindingKeyCommandParams(String kontoId, String subjectName, int keySize, String keyAlg, + Map<String, String> policies, String dataUrl, X509Certificate x5cVdaTrust, Boolean reqUserPassword, X509Certificate x5cEnc) throws SLCommandoBuildException, CertificateEncodingException { + JsonObject params = new JsonObject(); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID, kontoId, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_SN, subjectName, true); + addSingleNumberElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYLENGTH, keySize, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG, keyAlg, true); + addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES, policies); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL, dataUrl, true); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CVDATRUST, x5cVdaTrust, false); + addSingleBooleanElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD, reqUserPassword, false); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CENC, x5cEnc, false); + return params; + + } + + /** + * Create Binding-Key command result + * + * @param appId + * @param csr + * @param attCert + * @param password + * @return + * @throws SLCommandoBuildException + * @throws CertificateEncodingException + */ + public static JsonObject createBindingKeyCommandResult(String appId, byte[] csr, X509Certificate attCert, byte[] password) throws SLCommandoBuildException, CertificateEncodingException { + JsonObject result = new JsonObject(); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_APPID, appId, true); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_CSR, csr, true); + addSingleCertificateElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE, attCert, false); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD, password, false); + return result; + + } + + /** + * Create Store Binding-Certificate command parameters + * + * @param cert + * @param dataUrl + * @return + * @throws CertificateEncodingException + * @throws SLCommandoBuildException + */ + public static JsonObject createStoreBindingCertCommandParams(X509Certificate cert, String dataUrl) throws CertificateEncodingException, SLCommandoBuildException { + JsonObject params = new JsonObject(); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_CERTIFICATE, cert, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_DATAURL, dataUrl, true); + return params; + + } + + /** + * Create Store Binding-Certificate command result + * + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createStoreBindingCertCommandSuccessResult() throws SLCommandoBuildException { + JsonObject result = new JsonObject(); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS, + SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS_VALUE, true); + return result; + + } + + + /** + * Create idAndPassword command parameters + * + * @param keyAlg + * @param dataUrl + * @param x5cEnc + * @return + * @throws SLCommandoBuildException + * @throws CertificateEncodingException + */ + public static JsonObject createIdAndPasswordCommandParameters(String keyAlg, String dataUrl, X509Certificate x5cEnc) throws SLCommandoBuildException, CertificateEncodingException { + JsonObject params = new JsonObject(); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG, keyAlg, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_DATAURL, dataUrl, true); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_X5CENC, x5cEnc, false); + return params; + + } + + /** + * Create idAndPassword command result + * + * @param kontoId + * @param password + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createIdAndPasswordCommandResult(String kontoId, byte[] password) throws SLCommandoBuildException { + JsonObject result = new JsonObject(); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_KONTOID, kontoId, true); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_USERPASSWORD, password, true); + return result; + + } + + /** + * Create JWS Token Authentication command + * + * @param nonce + * @param dataUrl + * @param displayData + * @param displayUrl + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createJwsTokenAuthCommandParams(String nonce, String dataUrl, List<String> displayData, List<String> displayUrl) throws SLCommandoBuildException { + JsonObject params = new JsonObject(); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE, nonce, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL, dataUrl, true); + addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYDATA, displayData); + addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYURL, displayUrl); + return params; + + } + + /** + * Create JWS Token Authentication command result + * + * @param nonce + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createJwsTokenAuthCommandResult(String nonce) throws SLCommandoBuildException { + JsonObject result = new JsonObject(); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_RESULT_NONCE, nonce, true); + return result; + + } + + + /** + * Create Generic Request Container + * + * @param reqId + * @param transactionId + * @param payLoad + * @param signedPayload + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createGenericRequest(String reqId, String transactionId, JsonElement payLoad, String signedPayload) throws SLCommandoBuildException { + JsonObject req = new JsonObject(); + addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true); + addSingleStringElement(req, SL20Constants.SL20_REQID, reqId, true); + addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false); + addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, + payLoad, signedPayload); + return req; + + } + + /** + * Create Generic Response Container + * + * @param respId + * @param inResponseTo + * @param transactionId + * @param payLoad + * @param signedPayload + * @return + * @throws SLCommandoBuildException + */ + public static final JsonObject createGenericResponse(String respId, String inResponseTo, String transactionId, + JsonElement payLoad, String signedPayload) throws SLCommandoBuildException { + + JsonObject req = new JsonObject(); + addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true); + addSingleStringElement(req, SL20Constants.SL20_RESPID, respId, true); + addSingleStringElement(req, SL20Constants.SL20_INRESPTO, inResponseTo, true); + addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false); + addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, + payLoad, signedPayload); + return req; + + } + + /** + * Add one element of two possible elements <br> + * This method adds either the first element or the second element to parent JSON, but never both. + * + * @param parent Parent JSON element + * @param firstKeyId first element Id + * @param secondKeyId second element Id + * @param first first element + * @param second second element + * @throws SLCommandoBuildException + */ + public static void addOnlyOnceOfTwo(JsonObject parent, String firstKeyId, String secondKeyId, JsonElement first, String second) throws SLCommandoBuildException { + if (first == null && (second == null || second.isEmpty())) + throw new SLCommandoBuildException(firstKeyId + " and " + secondKeyId + " is NULL"); + + else if (first != null && second != null) + throw new SLCommandoBuildException(firstKeyId + " and " + secondKeyId + " can not SET TWICE"); + + else if (first != null) + parent.add(firstKeyId, first); + + else if (second != null && !second.isEmpty()) + parent.addProperty(secondKeyId, second); + + else + throw new SLCommandoBuildException("Internal build error"); + } + + + + //TODO!!!! + private static JsonObject createJsonSignedHeader(JsonSecurityUtils signer) throws SLCommandoBuildException { + JsonObject header = new JsonObject(); + addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, SL20Constants.JSON_ALGORITHM_SIGNING_RS256, true); + addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, SL20Constants.SL20_CONTENTTYPE_SIGNED_COMMAND, true); + addArrayOfStrings(header, SL20Constants.JSON_X509_CERTIFICATE, Arrays.asList(Constants.DUMMY_SIGNING_CERT)); + + return header; + } + + //TODO!!!! + private static JsonObject createJsonEncryptionHeader(JsonSecurityUtils signer) throws SLCommandoBuildException { + JsonObject header = new JsonObject(); + addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, SL20Constants.JSON_ALGORITHM_ENC_KEY_RSAOAEP, true); + addSingleStringElement(header, SL20Constants.JSON_ENCRYPTION_PAYLOAD, SL20Constants.JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256, true); + addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, SL20Constants.SL20_CONTENTTYPE_ENCRYPTED_RESULT, true); + addSingleStringElement(header, SL20Constants.JSON_X509_FINGERPRINT, Constants.DUMMY_SIGNING_CERT_FINGERPRINT, true); + + return header; + } + + //TODO!!!! + private static String createJsonSignedFooter(JsonSecurityUtils signer) { + return "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7\n" + + " AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4\n" + + " BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K\n" + + " 0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv\n" + + " hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB\n" + + " p0igcN_IoypGlUPQGe77Rw"; + } + + + + private static void addArrayOfStrings(JsonObject parent, String keyId, List<String> values) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + if (values != null) { + JsonArray callReqParamsArray = new JsonArray(); + parent.add(keyId, callReqParamsArray ); + for(String el : values) + callReqParamsArray.add(el); + + } + } + + + private static void addArrayOfStringElements(JsonObject parent, String keyId, Map<String, String> keyValuePairs) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + if (keyValuePairs != null) { + JsonArray callReqParamsArray = new JsonArray(); + parent.add(keyId, callReqParamsArray ); + + for(Entry<String, String> el : keyValuePairs.entrySet()) { + JsonObject callReqParams = new JsonObject(); + //callReqParams.addProperty(SL20Constants.SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_KEY, el.getKey()); + //callReqParams.addProperty(SL20Constants.SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_VALUE, el.getValue()); + callReqParams.addProperty(el.getKey(), el.getValue()); + callReqParamsArray.add(callReqParams); + + } + } + } + + private static void addSingleCertificateElement(JsonObject parent, String keyId, X509Certificate cert, boolean isRequired) throws CertificateEncodingException, SLCommandoBuildException { + if (cert != null) + addSingleByteElement(parent, keyId, cert.getEncoded(), isRequired); + + else if (isRequired) + throw new SLCommandoBuildException(keyId + " is marked as REQUIRED"); + + } + + + + private static void addSingleByteElement(JsonObject parent, String keyId, byte[] value, boolean isRequired) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + + if (isRequired && value == null) + throw new SLCommandoBuildException(keyId + " has NULL value"); + + else if (value != null) + parent.addProperty(keyId, Base64.getEncoder().encodeToString(value)); + + } + + private static void addSingleBooleanElement(JsonObject parent, String keyId, Boolean value, boolean isRequired) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + + if (isRequired && value == null) + throw new SLCommandoBuildException(keyId + " has a NULL value"); + + else if (value != null) + parent.addProperty(keyId, value); + + } + + private static void addSingleNumberElement(JsonObject parent, String keyId, Integer value, boolean isRequired) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + + if (isRequired && value == null) + throw new SLCommandoBuildException(keyId + " has a NULL value"); + + else if (value != null) + parent.addProperty(keyId, value);; + + } + + private static void addSingleStringElement(JsonObject parent, String keyId, String value, boolean isRequired) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + + if (isRequired && (value == null || value.isEmpty())) + throw new SLCommandoBuildException(keyId + " has an empty value"); + + else if (value != null && !value.isEmpty()) + parent.addProperty(keyId, value); + + } + + private static void addSingleIntegerElement(JsonObject parent, String keyId, Integer value, boolean isRequired) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + + if (isRequired && value == null) + throw new SLCommandoBuildException(keyId + " has an empty value"); + + else if (value != null) + parent.addProperty(keyId, value); + + } + + private static void addSingleJSONElement(JsonObject parent, String keyId, JsonElement element, boolean isRequired) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + + if (isRequired && element == null) + throw new SLCommandoBuildException("No commando name included"); + + else if (element != null) + parent.add(keyId, element); + + } + + private static void addOnlyOnceOfTwo(JsonObject parent, String firstKeyId, String secondKeyId, JsonElement first, JsonElement second) throws SLCommandoBuildException { + if (first == null && second == null) + throw new SLCommandoBuildException(firstKeyId + " and " + secondKeyId + " is NULL"); + + else if (first != null && second != null) + throw new SLCommandoBuildException(firstKeyId + " and " + secondKeyId + " can not SET TWICE"); + + else if (first != null) + parent.add(firstKeyId, first); + + else if (second != null) + parent.add(secondKeyId, second); + + else + throw new SLCommandoBuildException("Internal build error"); + } + + private static void validateParentAndKey(JsonObject parent, String keyId) throws SLCommandoBuildException { + if (parent == null) + throw new SLCommandoBuildException("NO parent JSON element"); + + if (keyId == null || keyId.isEmpty()) + throw new SLCommandoBuildException("NO JSON element identifier"); + } +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java new file mode 100644 index 000000000..759d9c838 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java @@ -0,0 +1,350 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; + +import java.io.InputStreamReader; +import java.util.ArrayList; +import java.util.Base64; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; + +import org.apache.http.Header; +import org.apache.http.HttpEntity; +import org.apache.http.HttpResponse; +import org.apache.http.client.utils.URIBuilder; +import org.apache.log4j.Logger; +import org.jose4j.base64url.Base64Url; + +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; + +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; + +public class SL20JSONExtractorUtils { + private static final Logger log = Logger.getLogger(SL20JSONExtractorUtils.class); + + /** + * Extract String value from JSON + * + * @param input + * @param keyID + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static String getStringValue(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { + try { + JsonElement internal = getAndCheck(input, keyID, isRequired); + + if (internal != null) + return internal.getAsString(); + else + return null; + + } catch (SLCommandoParserException e) { + throw e; + + } catch (Exception e) { + throw new SLCommandoParserException("Can not extract String value with keyId: " + keyID, e); + + } + } + + /** + * Extract Boolean value from JSON + * + * @param input + * @param keyID + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static boolean getBooleanValue(JsonObject input, String keyID, boolean isRequired, boolean defaultValue) throws SLCommandoParserException { + try { + JsonElement internal = getAndCheck(input, keyID, isRequired); + + if (internal != null) + return internal.getAsBoolean(); + else + return defaultValue; + + } catch (SLCommandoParserException e) { + throw e; + + } catch (Exception e) { + throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e); + + } + } + + /** + * Extract JSONObject value from JSON + * + * @param input + * @param keyID + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static JsonObject getJSONObjectValue(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { + try { + JsonElement internal = getAndCheck(input, keyID, isRequired); + + if (internal != null) + return internal.getAsJsonObject(); + else + return null; + + } catch (SLCommandoParserException e) { + throw e; + + } catch (Exception e) { + throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e); + + } + } + + /** + * Extract a List of String elements from a JSON element + * + * @param input + * @return + * @throws SLCommandoParserException + */ + public static List<String> getListOfStringElements(JsonElement input) throws SLCommandoParserException { + List<String> result = new ArrayList<String>(); + if (input != null) { + if (input.isJsonArray()) { + Iterator<JsonElement> arrayIterator = input.getAsJsonArray().iterator(); + while(arrayIterator.hasNext()) { + JsonElement next = arrayIterator.next(); + if (next.isJsonPrimitive()) + result.add(next.getAsString()); + } + + } else if (input.isJsonPrimitive()) { + result.add(input.getAsString()); + + } else { + log.warn("JSON Element IS NOT a JSON array or a JSON Primitive"); + throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON Primitive"); + + } + } + + return result; + } + + /** + * Extract Map of Key/Value pairs from a JSON Element + * + * @param input parent JSON object + * @param keyID KeyId of the child that should be parsed + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static Map<String, String> getMapOfStringElements(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { + JsonElement internal = getAndCheck(input, keyID, isRequired); + return getMapOfStringElements(internal); + + } + + /** + * Extract Map of Key/Value pairs from a JSON Element + * + * @param input + * @return + * @throws SLCommandoParserException + */ + public static Map<String, String> getMapOfStringElements(JsonElement input) throws SLCommandoParserException { + Map<String, String> result = new HashMap<String, String>(); + + if (input != null) { + if (input.isJsonArray()) { + Iterator<JsonElement> arrayIterator = input.getAsJsonArray().iterator(); + while(arrayIterator.hasNext()) { + JsonElement next = arrayIterator.next(); + Iterator<Entry<String, JsonElement>> entry = next.getAsJsonObject().entrySet().iterator(); + entitySetToMap(result, entry); + + } + + } else if (input.isJsonObject()) { + Iterator<Entry<String, JsonElement>> objectKeys = input.getAsJsonObject().entrySet().iterator(); + entitySetToMap(result, objectKeys); + + } else + throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON object"); + + } + + return result; + } + + private static void entitySetToMap(Map<String, String> result, Iterator<Entry<String, JsonElement>> entry) { + while (entry.hasNext()) { + Entry<String, JsonElement> el = entry.next(); + if (result.containsKey(el.getKey())) + log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... "); + + result.put(el.getKey(), el.getValue().getAsString()); + + } + + } + + + public static JsonElement extractSL20Result(JsonObject command, IJOSETools decrypter, boolean mustBeEncrypted) throws SL20Exception { + JsonElement result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT); + JsonElement encryptedResult = command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT); + + if (result == null && encryptedResult == null) + throw new SLCommandoParserException("NO result OR encryptedResult FOUND."); + + else if (encryptedResult == null && mustBeEncrypted) + throw new SLCommandoParserException("result MUST be signed."); + + else if (encryptedResult != null && encryptedResult.isJsonPrimitive()) { + try { + return decrypter.decryptPayload(encryptedResult.getAsString()); + + } catch (Exception e) { + log.info("Can NOT decrypt SL20 result. Reason:" + e.getMessage()); + if (!mustBeEncrypted) { + log.warn("Decrypted results are disabled by configuration. Parse result in plain if it is possible"); + + //dummy code + try { + String[] signedPayload = encryptedResult.toString().split("\\."); + JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode(signedPayload[1]))); + return payLoad; + + } catch (Exception e1) { + log.debug("DummyCode FAILED, Reason: " + e1.getMessage() + " Ignore it ..."); + throw new SL20Exception(e.getMessage(), null, e); + + } + + } else + throw e; + + } + + } else if (result != null) { + return result; + + } else + throw new SLCommandoParserException("Internal build error"); + + + } + + /** + * Extract payLoad from generic transport container + * + * @param container + * @param joseTools + * @return + * @throws SLCommandoParserException + */ + public static VerificationResult extractSL20PayLoad(JsonObject container, IJOSETools joseTools, boolean mustBeSigned) throws SL20Exception { + + JsonElement sl20Payload = container.get(SL20Constants.SL20_PAYLOAD); + JsonElement sl20SignedPayload = container.get(SL20Constants.SL20_SIGNEDPAYLOAD); + + if (mustBeSigned && joseTools == null) + throw new SLCommandoParserException("'joseTools' MUST be set if 'mustBeSigned' is 'true'"); + + if (sl20Payload == null && sl20SignedPayload == null) + throw new SLCommandoParserException("NO payLoad OR signedPayload FOUND."); + + else if (sl20SignedPayload == null && mustBeSigned) + throw new SLCommandoParserException("payLoad MUST be signed."); + + else if (joseTools != null && sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive()) { + return joseTools.validateSignature(sl20SignedPayload.getAsString()); + + } else if (sl20Payload != null) + return new VerificationResult(sl20Payload.getAsJsonObject()); + + else + throw new SLCommandoParserException("Internal build error"); + + + } + + + /** + * Extract generic transport container from httpResponse + * + * @param httpResp + * @return + * @throws SLCommandoParserException + */ + public static JsonObject getSL20ContainerFromResponse(HttpResponse httpResp) throws SLCommandoParserException { + try { + JsonObject sl20Resp = null; + if (httpResp.getStatusLine().getStatusCode() == 307) { + Header[] locationHeader = httpResp.getHeaders("Location"); + if (locationHeader == null) + throw new SLCommandoParserException("Find Redirect statuscode but not Location header"); + + String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue(); + sl20Resp = new JsonParser().parse(Base64Url.encode((sl20RespString.getBytes()))).getAsJsonObject(); + + } else if (httpResp.getStatusLine().getStatusCode() == 200) { + if (!httpResp.getEntity().getContentType().getValue().startsWith("application/json")) + throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue()); + sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); + + } else if ( (httpResp.getStatusLine().getStatusCode() == 500) || + (httpResp.getStatusLine().getStatusCode() == 401) || + (httpResp.getStatusLine().getStatusCode() == 400) ) { + log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() + + ". Search for error message"); + sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); + + + } else + throw new SLCommandoParserException("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode()); + + log.info("Find JSON object in http response"); + return sl20Resp; + + } catch (Exception e) { + throw new SLCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e); + + } + } + + private static JsonObject parseSL20ResultFromResponse(HttpEntity resp) throws Exception { + if (resp != null && resp.getContent() != null) { + JsonElement sl20Resp = new JsonParser().parse(new InputStreamReader(resp.getContent())); + if (sl20Resp != null && sl20Resp.isJsonObject()) { + return sl20Resp.getAsJsonObject(); + + } else + throw new SLCommandoParserException("SL2.0 can NOT parse to a JSON object"); + + + } else + throw new SLCommandoParserException("Can NOT find content in http response"); + + } + + + private static JsonElement getAndCheck(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { + JsonElement internal = input.get(keyID); + + if (internal == null && isRequired) + throw new SLCommandoParserException("REQUIRED Element with keyId: " + keyID + " does not exist"); + + return internal; + + } +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java new file mode 100644 index 000000000..599a67dfd --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java @@ -0,0 +1,221 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.util.Date; +import java.util.List; + +import org.opensaml.Configuration; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.io.Unmarshaller; +import org.opensaml.xml.io.UnmarshallerFactory; +import org.w3c.dom.Element; +import org.xml.sax.SAXException; + +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils; +import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20eIDDataValidationException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; +import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; +import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; +import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder; +import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil; +import at.gv.egovernment.moa.util.Base64Utils; + + +public class QualifiedeIDVerifier { + public static void verifyIdentityLink(IIdentityLink idl, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException { + // validates the identity link + IdentityLinkValidator.getInstance().validate(idl); + + // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP + Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() + .build(idl, authConfig.getMoaSpIdentityLinkTrustProfileID(oaParam.isUseIDLTestTrustStore())); + + // invokes the call + Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance() + .verifyXMLSignature(domVerifyXMLSignatureRequest); + + // parses the <VerifyXMLSignatureResponse> + IVerifiyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData(); + + // validates the <VerifyXMLSignatureResponse> + VerifyXMLSignatureResponseValidator.getInstance().validate( + verifyXMLSignatureResponse, + authConfig.getIdentityLinkX509SubjectNames(), + VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, + oaParam, + authConfig); + + + } + + public static IVerifiyXMLSignatureResponse verifyAuthBlock(String authBlockB64, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException, IOException { + String trustProfileId = authConfig.getMoaSpAuthBlockTrustProfileID(oaParam.isUseAuthBlockTestTestStore()); + List<String> verifyTransformsInfoProfileID = + KeyValueUtils.getListOfCSVValues( + KeyValueUtils.normalizeCSVValueString( + authConfig.getBasicConfiguration( + at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID))); + + SignatureVerificationUtils sigVerify = new SignatureVerificationUtils(); + IVerifiyXMLSignatureResponse sigVerifyResult = sigVerify.verify(Base64Utils.decode(authBlockB64, false), trustProfileId , verifyTransformsInfoProfileID); + + // validates the <VerifyXMLSignatureResponse> + VerifyXMLSignatureResponseValidator.getInstance().validate(sigVerifyResult, + null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, oaParam, authConfig); + + return sigVerifyResult; + + } + + public static boolean checkConsistencyOfeIDData(String sl20ReqId, IIdentityLink idl, AssertionAttributeExtractor authBlockExtractor, IVerifiyXMLSignatureResponse sigVerifyResult) throws SL20eIDDataValidationException { + + try { + // compares the public keys from the identityLink with the AuthBlock + VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(sigVerifyResult, idl); + + //compare requestId from SL20 qualifiedeID command to ID from SAML2 assertion + String authBlockId = authBlockExtractor.getAssertionID(); + if (MiscUtil.isEmpty(authBlockId)) { + Logger.info("AuthBlock containts no ID, but ID MUST be included"); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "AuthBlock containts no ID, but ID MUST be included" + }); + } + + if (!authBlockId.equals(sl20ReqId)) { + Logger.info("SL20 'requestId' does NOT match to AuthBlock Id." + + " Expected : " + sl20ReqId + + " Authblock: " + authBlockId); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "SL20 'requestId' does NOT match to AuthBlock Id." + }); + } + + + // Compare AuthBlock Data with information stored in session, especially + // date and time + validateSigningDateTime(sigVerifyResult, authBlockExtractor); + + } catch ( Exception e) { + Logger.warn("Validation of eID information FAILED. ", e); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, + e.getMessage() + }); + + } + + + return false; + + } + + public static Assertion parseAuthBlockToSaml2Assertion(String authblockB64) throws SL20eIDDataValidationException { + try { + //parse authBlock into SAML2 Assertion + byte[] authBlockBytes = Base64Utils.decode(authblockB64, false); + Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authBlockBytes)); + + UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); + Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDOM); + XMLObject samlAssertion = unmarshaller.unmarshall(authBlockDOM); + + //validate SAML2 Assertion + SAML2Utils.schemeValidation(samlAssertion); + + if (samlAssertion instanceof Assertion) + return (Assertion) samlAssertion; + else + throw new SL20eIDDataValidationException( + new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "AuthBlock is NOT of type SAML2 Assertion" + }); + + } catch (SL20eIDDataValidationException e) { + throw e; + + } catch (SAXException e) { + Logger.info("Scheme validation of SAML2 AuthBlock FAILED. Reason: " + e.getMessage()); + throw new SL20eIDDataValidationException( + new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + e.getMessage() + }, + e); + + } catch (Exception e) { + Logger.info("Can not parse AuthBlock. Reason: " + e.getMessage()); + Logger.trace("FullAuthBlock: " + authblockB64); + throw new SL20eIDDataValidationException( + new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + e.getMessage() + }, + e); + + } + + } + + private static void validateSigningDateTime( IVerifiyXMLSignatureResponse sigVerifyResult, AssertionAttributeExtractor authBlockExtractor) throws SL20eIDDataValidationException { + Date signingDate = sigVerifyResult.getSigningDateTime(); + Date notBefore = authBlockExtractor.getAssertionNotBefore(); + Date notOrNotAfter = authBlockExtractor.getAssertionNotOnOrAfter(); + + if (signingDate == null) { + Logger.info("AuthBlock signature contains NO signing data"); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "AuthBlock signature contains NO signing data" + }); + + } + + Logger.debug("AuthBlock signing data: " + signingDate.toString()); + + if (notBefore == null || notOrNotAfter == null) { + Logger.info("AuthBlock contains NO 'notBefore' or 'notOrNotAfter' dates"); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "AuthBlock contains NO 'notBefore' or 'notOrNotAfter' dates" + }); + + } + + Logger.debug("AuthBlock valid period." + + " NotBefore:" + notBefore.toString() + + " NotOrNotAfter:" + notOrNotAfter.toString()); + + if ((signingDate.after(notBefore) || signingDate.equals(notBefore)) + && signingDate.before(notOrNotAfter)) + Logger.debug("Signing date validation successfull"); + + + else { + Logger.info("AuthBlock signing date does NOT match to AuthBlock constrains"); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "AuthBlock signing date does NOT match to AuthBlock constrains" + }); + + } + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java new file mode 100644 index 000000000..3408cf538 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java @@ -0,0 +1,243 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks; + +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.net.ssl.SSLSocketFactory; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.http.HttpResponse; +import org.apache.http.NameValuePair; +import org.apache.http.client.entity.UrlEncodedFormEntity; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.client.utils.URIBuilder; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.message.BasicNameValuePair; +import org.jose4j.base64url.Base64Url; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import com.google.gson.JsonObject; + +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20HttpBindingUtils; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moaspss.logging.Logger; + +@Component("CreateQualeIDRequestTask") +public class CreateQualeIDRequestTask extends AbstractAuthServletTask { + + @Autowired(required=true) private IJOSETools joseTools; + @Autowired private AuthConfiguration moaAuthConfig; + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + + Logger.debug("Starting SL2.0 authentication process .... "); + + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, "sl20auth"); + + try { + //get service-provider configuration + ISPConfiguration oaConfig = pendingReq.getServiceProviderConfiguration(); + + //get basic configuration parameters + String vdaQualeIDUrl = extractVDAURLForSpecificOA(oaConfig, executionContext); + if (MiscUtil.isEmpty(vdaQualeIDUrl)) { + Logger.error("NO VDA URL for qualified eID (" + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + ")"); + throw new SL20Exception("sl20.03", new Object[]{"NO VDA URL for qualified eID"}); + + } + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, vdaQualeIDUrl); + + + String authBlockId = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_VDA_AUTHBLOCK_ID); + if (MiscUtil.isEmpty(authBlockId)) { + Logger.error("NO AuthBlock Template identifier for qualified eID (" + Constants.CONFIG_PROP_VDA_AUTHBLOCK_ID + ")"); + throw new SL20Exception("sl20.03", new Object[]{"NO AuthBlock Template identifier for qualified eID"}); + + } + + //build DataURL for qualified eID response + String dataURL = new DataURLBuilder().buildDataURL( + pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_DATAURL, pendingReq.getPendingRequestId()); + + //build qualifiedeID command + Map<String, String> qualifiedeIDParams = new HashMap<String, String>(); + qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID, oaConfig.getUniqueIdentifier()); + qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME, oaConfig.getFriendlyName()); + qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPCOUNTRYCODE, "AT"); + //qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE, UUID.randomUUID().toString()); + + + X509Certificate encCert = null; + if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_ENABLE_EID_ENCRYPTION, true)) + encCert = joseTools.getEncryptionCertificate(); + else + Logger.info("eID data encryption is disabled by configuration"); + + JsonObject qualeIDCommandParams = SL20JSONBuilderUtils.createQualifiedeIDCommandParameters( + authBlockId, + dataURL, + qualifiedeIDParams, + encCert + ); + + //String qualeIDReqId = UUID.randomUUID().toString(); + String qualeIDReqId = SAML2Utils.getSecureIdentifier(); + String signedQualeIDCommand = SL20JSONBuilderUtils.createSignedCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID, qualeIDCommandParams, joseTools); + JsonObject sl20Req = SL20JSONBuilderUtils.createGenericRequest(qualeIDReqId, null, null, signedQualeIDCommand); + + //open http client + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( + moaAuthConfig, + vdaQualeIDUrl); + CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient( + sslFactory, + moaAuthConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); + + //build http POST request + HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build()); + List<NameValuePair> parameters = new ArrayList<NameValuePair>();; + parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes()))); + httpReq.setEntity(new UrlEncodedFormEntity(parameters )); + + //build http GET request +// URIBuilder sl20ReqUri = new URIBuilder(vdaQualeIDUrl); +// sl20ReqUri.addParameter(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes())); +// HttpGet httpReq = new HttpGet(sl20ReqUri.build()); + + //set native client header + httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE); + + Logger.trace("Request VDA via SL20 with: " + Base64Url.encode(sl20Req.toString().getBytes())); + + //request VDA + HttpResponse httpResp = httpClient.execute(httpReq); + + //parse response + Logger.info("Receive response from VDA ... "); + JsonObject sl20Resp = SL20JSONExtractorUtils.getSL20ContainerFromResponse(httpResp); + VerificationResult respPayloadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20Resp, null, false); + + if (respPayloadContainer.isValidSigned() == null) { + Logger.debug("Receive unsigned payLoad from VDA"); + + } + + JsonObject respPayload = respPayloadContainer.getPayload(); + if (respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString() + .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT)) { + Logger.debug("Find 'redirect' command in VDA response ... "); + JsonObject params = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, true); + String redirectURL = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL, true); + JsonObject command = SL20JSONExtractorUtils.getJSONObjectValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND, false); + String signedCommand = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, false); + + //create forward SL2.0 command + JsonObject sl20Forward = sl20Resp.deepCopy().getAsJsonObject(); + SL20JSONBuilderUtils.addOnlyOnceOfTwo(sl20Forward, + SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, + command, signedCommand); + + //store pending request + pendingReq.setRawDataToTransaction(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, + qualeIDReqId); + requestStoreage.storePendingRequest(pendingReq); + + //forward SL2.0 command + //TODO: maybe add SL2ClientType Header from execution context + SL20HttpBindingUtils.writeIntoResponse(request, response, sl20Forward, redirectURL); + + } else if (respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString() + .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR)) { + JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_RESULT, false); + if (result == null) + result = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, false); + + String errorCode = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, true); + String errorMsg = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, true); + + Logger.info("Receive SL2.0 error. Code:" + errorCode + " Msg:" + errorMsg); + throw new SL20Exception("sl20.08", new Object[]{errorCode, errorMsg}); + + } else { + //TODO: update to add error handling + Logger.warn("Received an unrecognized command: " + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString()); + throw new SLCommandoParserException("Received an unrecognized command: \" + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString()"); + } + + + } catch (MOAIDException e) { + throw new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e); + + } catch (Exception e) { + Logger.warn("SL2.0 Authentication FAILED with a generic error.", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } finally { + TransactionIDUtils.removeTransactionId(); + TransactionIDUtils.removeSessionId(); + + } + + } + + private String extractVDAURLForSpecificOA(ISPConfiguration oaConfig, ExecutionContext executionContext) { + String spSpecificVDAEndpoints = oaConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS); + Map<String, String> endPointMap = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST); + if (MiscUtil.isNotEmpty(spSpecificVDAEndpoints)) { + endPointMap.putAll(KeyValueUtils.convertListToMap( + KeyValueUtils.getListOfCSVValues( + KeyValueUtils.normalizeCSVValueString(spSpecificVDAEndpoints)))); + Logger.debug("Find OA specific SL2.0 endpoints. Updating endPoint list ... "); + + } + + Logger.trace("Find #" + endPointMap.size() + " SL2.0 endpoints ... "); + + //selection based on request Header + String sl20VDATypeHeader = (String) executionContext.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase()); + if (MiscUtil.isNotEmpty(sl20VDATypeHeader)) { + String vdaURL = endPointMap.get(sl20VDATypeHeader); + if (MiscUtil.isNotEmpty(vdaURL)) + return vdaURL.trim(); + + else + Logger.info("Can NOT find VDA with Id: " + sl20VDATypeHeader + ". Use default VDA"); + + } + + Logger.info("NO SP specific VDA endpoint found. Use default VDA"); + return endPointMap.getOrDefault(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT, + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT); + + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java new file mode 100644 index 000000000..fc386b796 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -0,0 +1,323 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks; + +import java.io.IOException; +import java.io.StringWriter; +import java.security.cert.X509Certificate; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.UUID; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.http.entity.ContentType; +import org.jose4j.base64url.Base64Url; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; +import com.google.gson.JsonSyntaxException; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; +import at.gv.egiz.eaaf.core.impl.utils.StreamUtils; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20SecurityException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moaspss.logging.Logger; + + +@Component("ReceiveQualeIDTask") +public class ReceiveQualeIDTask extends AbstractAuthServletTask { + + @Autowired(required=true) private IJOSETools joseTools; + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + String sl20Result = null; + + try { + Logger.debug("Receiving SL2.0 response process .... "); + JsonObject sl20ReqObj = null; + try { + //get SL2.0 command or result from HTTP request + Map<String, String> reqParams = getParameters(request); + sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM); + + if (MiscUtil.isEmpty(sl20Result)) { + //Workaround for SIC Handy-Signature, because it sends result in InputStream + String isReqInput = StreamUtils.readStream(request.getInputStream(), "UTF-8"); + if (MiscUtil.isNotEmpty(isReqInput)) { + Logger.info("Use SIC Handy-Signature work-around!"); + sl20Result = isReqInput.substring("slcommand=".length()); + + } else { + Logger.info("NO SL2.0 commando or result FOUND."); + throw new SL20Exception("sl20.04", null); + } + + } + + Logger.trace("Received SL2.0 result: " + sl20Result); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, request.getRemoteAddr()); + + //parse SL2.0 command/result into JSON + try { + JsonParser jsonParser = new JsonParser(); + JsonElement sl20Req = jsonParser.parse(Base64Url.decodeToUtf8String(sl20Result)); + sl20ReqObj = sl20Req.getAsJsonObject(); + + } catch (JsonSyntaxException e) { + Logger.warn("SL2.0 command or result is NOT valid JSON.", e); + Logger.debug("SL2.0 msg: " + sl20Result); + throw new SL20Exception("sl20.02", new Object[]{"SL2.0 command or result is NOT valid JSON."}, e); + + } + + //validate reqId with inResponseTo + String sl20ReqId = pendingReq.getRawData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class); + String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true); + if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) { + Logger.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); + throw new SL20SecurityException("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); + } + + + //validate signature + VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad( + sl20ReqObj, joseTools, + authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)); + + if ( (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned())) { + if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) { + Logger.info("SL20 result from VDA was not valid signed"); + throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."}); + + } else { + Logger.warn("SL20 result from VDA is NOT valid signed, but signatures-verification is DISABLED by configuration!"); + + } + } + + /*TODO validate certificate by using MOA-SPSS + * currently, the certificate is validated in IJOSETools by using a pkcs12 or jks keystore + */ + List<X509Certificate> sigCertChain = payLoadContainer.getCertChain(); + + + //extract payloaf + JsonObject payLoad = payLoadContainer.getPayload(); + + //check response type + if (SL20JSONExtractorUtils.getStringValue( + payLoad, SL20Constants.SL20_COMMAND_CONTAINER_NAME, true) + .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID)) { + Logger.debug("Find " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result .... "); + + JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result( + payLoad, joseTools, + authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_ENCRYPTION, true)); + + //extract attributes from result + Map<String, String> eIDData = SL20JSONExtractorUtils.getMapOfStringElements(qualeIDResult); + String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL); + String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK); + String ccsURL = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL); + String LoA = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA); + + + + if (MiscUtil.isEmpty(idlB64) || MiscUtil.isEmpty(authBlockB64) + || MiscUtil.isEmpty(LoA) || MiscUtil.isEmpty(ccsURL)) { + Logger.info("SL20 'qualifiedeID' result does NOT contain all required attributes."); + throw new SLCommandoParserException("SL20 'qualifiedeID' result does NOT contain all required attributes."); + + } + + //cache qualified eID data into pending request + pendingReq.setRawDataToTransaction( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, + idlB64); + pendingReq.setRawDataToTransaction( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + authBlockB64); + pendingReq.setRawDataToTransaction( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, + ccsURL); + pendingReq.setRawDataToTransaction( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, + LoA); + + } else { + Logger.info("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result"); + throw new SLCommandoParserException("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result"); + } + + + } catch (MOAIDException e) { + Logger.warn("SL2.0 processing error:", e); + if (sl20Result != null) + Logger.debug("Received SL2.0 result: " + sl20Result); + pendingReq.setRawDataToTransaction( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, + new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e)); + + } catch (Exception e) { + Logger.warn("ERROR:", e); + Logger.warn("SL2.0 Authentication FAILED with a generic error.", e); + if (sl20Result != null) + Logger.debug("Received SL2.0 result: " + sl20Result); + pendingReq.setRawDataToTransaction( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, + new TaskExecutionException(pendingReq, e.getMessage(), e)); + + } finally { + //store pending request + requestStoreage.storePendingRequest(pendingReq); + + //write SL2.0 response + if (sl20ReqObj != null) + buildResponse(request, response, sl20ReqObj); + else + buildErrorResponse(request, response, "2000", "General transport Binding error"); + + } + + } catch (Exception e) { + //write internal server errror 500 according to SL2.0 specification, chapter https transport binding + Logger.warn("Can NOT build SL2.0 response. Reason: " + e.getMessage(), e); + if (sl20Result != null) + Logger.debug("Received SL2.0 result: " + sl20Result); + try { + response.sendError(500, "Internal Server Error."); + + } catch (IOException e1) { + Logger.error("Can NOT send error message. SOMETHING IS REALY WRONG!", e); + + } + + } finally { + TransactionIDUtils.removeTransactionId(); + TransactionIDUtils.removeSessionId(); + + } + } + + private void buildErrorResponse(HttpServletRequest request, HttpServletResponse response, String errorCode, String errorMsg) throws Exception { + JsonObject error = SL20JSONBuilderUtils.createErrorCommandResult(errorCode, errorMsg); + JsonObject respContainer = SL20JSONBuilderUtils.createGenericRequest( + UUID.randomUUID().toString(), + null, + error , + null); + + Logger.debug("Client request containts 'native client' header ... "); + Logger.trace("SL20 response to VDA: " + respContainer); + StringWriter writer = new StringWriter(); + writer.write(respContainer.toString()); + final byte[] content = writer.toString().getBytes("UTF-8"); + response.setStatus(HttpServletResponse.SC_OK); + response.setContentLength(content.length); + response.setContentType(ContentType.APPLICATION_JSON.toString()); + response.getOutputStream().write(content); + + } + + private void buildResponse(HttpServletRequest request, HttpServletResponse response, JsonObject sl20ReqObj) throws IOException, SL20Exception { + //create response + Map<String, String> reqParameters = new HashMap<String, String>(); + reqParameters.put(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID, pendingReq.getPendingRequestId()); + JsonObject callReqParams = SL20JSONBuilderUtils.createCallCommandParameters( + new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), + SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, + false, + reqParameters); + JsonObject callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams); + + //build first redirect command for app + JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters( + generateICPRedirectURLForDebugging(), + callCommand, null, true); + JsonObject redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams); + + //build second redirect command for IDP + JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters( + new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), + redirectOneCommand, null, true); + JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams); + + //build generic SL2.0 response container + String transactionId = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, false); + JsonObject respContainer = SL20JSONBuilderUtils.createGenericRequest( + UUID.randomUUID().toString(), + transactionId, + redirectTwoCommand, + null); + + //workaround for A-Trust + if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && + request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE) + || true) { + Logger.debug("Client request containts 'native client' header ... "); + Logger.trace("SL20 response to VDA: " + respContainer); + StringWriter writer = new StringWriter(); + writer.write(respContainer.toString()); + final byte[] content = writer.toString().getBytes("UTF-8"); + response.setStatus(HttpServletResponse.SC_OK); + response.setContentLength(content.length); + response.setContentType(ContentType.APPLICATION_JSON.toString()); + response.getOutputStream().write(content); + + + } else { + Logger.info("SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"); + throw new SL20Exception("sl20.06", + new Object[] {"SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"}); + + } + } + + /** + * Generates a IPC redirect URL that is configured on IDP side + * + * @return IPC ReturnURL, or null if no URL is configured + */ + private String generateICPRedirectURLForDebugging() { + final String PATTERN_PENDING_REQ_ID = "#PENDINGREQID#"; + + String ipcRedirectURLConfig = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_IPC_RETURN_URL); + if (MiscUtil.isNotEmpty(ipcRedirectURLConfig)) { + if (ipcRedirectURLConfig.contains(PATTERN_PENDING_REQ_ID)) { + Logger.trace("Find 'pendingReqId' pattern in IPC redirect URL. Update url ... "); + ipcRedirectURLConfig = ipcRedirectURLConfig.replaceAll( + "#PENDINGREQID#", + EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID + "=" + pendingReq.getPendingRequestId()); + + } + + return ipcRedirectURLConfig; + } + + return null; + + } + + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java new file mode 100644 index 000000000..6811d1016 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java @@ -0,0 +1,136 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks; + +import java.io.ByteArrayInputStream; +import java.util.Calendar; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.saml2.core.Assertion; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier.QualifiedeIDVerifier; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.DateTimeUtils; +import at.gv.egovernment.moaspss.logging.Logger; + + +@Component("VerifyQualifiedeIDTask") +public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + + Logger.debug("Verify qualified eID data from SL20 response .... "); + try { + //check if there was an error + TaskExecutionException sl20Error = pendingReq.getRawData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, + TaskExecutionException.class); + if (sl20Error != null) { + Logger.info("Found SL2.0 error after redirect ... "); + throw sl20Error; + + } + + //get data from pending request + String sl20ReqId = pendingReq.getRawData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, + String.class); + String idlB64 = pendingReq.getRawData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, + String.class); + String authBlockB64 = pendingReq.getRawData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + String.class); + String ccsURL = pendingReq.getRawData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, + String.class); + String LoA = pendingReq.getRawData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, + String.class); + + //parse eID data + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + IVerifiyXMLSignatureResponse authBlockVerificationResult = null; + try { + Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64); + AssertionAttributeExtractor authBlockExtractor = new AssertionAttributeExtractor(authBlock); + + + //validate eID data + QualifiedeIDVerifier.verifyIdentityLink(idl, + pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class), + (AuthConfiguration) authConfig); + + authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock( + authBlockB64, + pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class), + (AuthConfiguration) authConfig); + + QualifiedeIDVerifier.checkConsistencyOfeIDData(sl20ReqId, idl, authBlockExtractor, authBlockVerificationResult); + + //TODO: add LoA verification + + } catch (MOAIDException e) { + if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_VALIDATION, false)) { + Logger.warn("SL20 eID data validation IS DISABLED!!"); + Logger.warn("SL20 eID data IS NOT VALID!!! Reason: " + e.getMessage(), e); + + } else + throw e; + + } + + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED); + + + + //add into session + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + moasession.setIdentityLink(idl); + moasession.setBkuURL(ccsURL); + //TODO: from AuthBlock + if (authBlockVerificationResult != null) + moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(authBlockVerificationResult.getSigningDateTime())); + else + moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance())); + + moasession.setQAALevel(LoA); + + //store pending request + requestStoreage.storePendingRequest(pendingReq); + + } catch (MOAIDException e) { + Logger.warn("ERROR:", e); + throw new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e); + + } catch (Exception e) { + Logger.warn("ERROR:", e); + Logger.warn("SL2.0 Authentication FAILED with a generic error.", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } finally { + TransactionIDUtils.removeTransactionId(); + TransactionIDUtils.removeSessionId(); + + } + } +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..48a3d2450 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.sl20_auth.SL20AuthenticationSpringResourceProvider
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml new file mode 100644 index 000000000..a9c9bac8e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml @@ -0,0 +1,37 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <context:annotation-config /> + + <bean id="sl20AuthModule" class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.SL20AuthenticationModulImpl"> + <property name="priority" value="3" /> + </bean> + + <bean id="SL20SignalServlet" + class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.SL20SignalServlet"/> + + <bean id="firstJOSETests" + class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.JsonSecurityUtils"/> + +<!-- Authentication Process Tasks --> + <bean id="CreateQualeIDRequestTask" + class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks.CreateQualeIDRequestTask" + scope="prototype"/> + + <bean id="ReceiveQualeIDResponseTask" + class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks.ReceiveQualeIDTask" + scope="prototype"/> + + <bean id="VerifyQualifiedeIDTask" + class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks.VerifyQualifiedeIDTask" + scope="prototype"/> + +</beans>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml new file mode 100644 index 000000000..673144b06 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="UTF-8"?> +<pd:ProcessDefinition id="SL20Authentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> + + <pd:Task id="createQualifiedeIDRequest" class="CreateQualeIDRequestTask" /> + <pd:Task id="receiveQualifiedeID" class="ReceiveQualeIDResponseTask" async="true"/> + <pd:Task id="verifyQualifiedeIDTask" class="VerifyQualifiedeIDTask" async="true"/> + <pd:Task id="userRestrictionTask" class="UserRestrictionTask" /> + <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> + + <pd:StartEvent id="start" /> + <pd:Transition from="start" to="createQualifiedeIDRequest" /> + <pd:Transition from="createQualifiedeIDRequest" to="receiveQualifiedeID" /> + <pd:Transition from="receiveQualifiedeID" to="verifyQualifiedeIDTask" /> + <pd:Transition from="verifyQualifiedeIDTask" to="userRestrictionTask" /> + <pd:Transition from="userRestrictionTask" to="finalizeAuthentication" /> + <pd:Transition from="finalizeAuthentication" to="end" /> + + + + <pd:EndEvent id="end" /> + +</pd:ProcessDefinition> diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java new file mode 100644 index 000000000..35f1d0052 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +import java.io.IOException; +import java.io.InputStreamReader; + +import org.apache.commons.io.IOUtils; +import org.junit.Before; +import org.junit.runner.RunWith; +import org.opensaml.xml.ConfigurationException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; + +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context.xml") +public class EIDDataVerifier_ATrust extends eIDDataVerifierTest { + + @Autowired IJOSETools joseTools; + + + @Before + public void init() throws IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException, SL20Exception { + String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_atrust.json"))); + JsonParser jsonParser = new JsonParser(); + JsonObject qualeIDResult = jsonParser.parse(eIDDataString).getAsJsonObject(); + + //JsonObject payLoad = SL20JSONExtractorUtils.getJSONObjectValue(qualeIDResult, "payload", true); + VerificationResult payLoad = SL20JSONExtractorUtils.extractSL20PayLoad(qualeIDResult, joseTools, true); +// JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getPayload(), "result", true); + JsonObject result = (JsonObject) SL20JSONExtractorUtils.extractSL20Result(payLoad.getPayload(), joseTools, true); + + eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result); + if (eIDData == null || eIDData.isEmpty()) + throw new SLCommandoParserException("Can not load eID data"); + + } + + @Override + protected String getSl20ReqId() { + return "_2ac94139a4451f7ef0893a5b823aff16"; + } +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java new file mode 100644 index 000000000..419142c7d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java @@ -0,0 +1,43 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +import java.io.IOException; +import java.io.InputStreamReader; + +import org.apache.commons.io.IOUtils; +import org.junit.Before; +import org.junit.runner.RunWith; +import org.opensaml.xml.ConfigurationException; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; + +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ "/SpringTest-context.xml" }) +public class EIDDataVerifier_OwnTest extends eIDDataVerifierTest { + + @Before + public void init() throws SLCommandoParserException, IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException { + String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_own_test.json"))); + JsonParser jsonParser = new JsonParser(); + JsonElement payLoad = jsonParser.parse(eIDDataString).getAsJsonObject(); + JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getAsJsonObject(), "result", true); + + eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result); + if (eIDData == null || eIDData.isEmpty()) + throw new SLCommandoParserException("Can not load eID data"); + + } + + @Override + protected String getSl20ReqId() { + return "_57010b7fcc93cc4cf3f2b764389137c2"; + } + + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_SIC.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_SIC.java new file mode 100644 index 000000000..1c41b22fd --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_SIC.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +//import java.io.IOException; +//import java.io.InputStreamReader; +// +//import org.apache.commons.io.IOUtils; +//import org.junit.Before; +//import org.junit.runner.RunWith; +//import org.opensaml.xml.ConfigurationException; +//import org.springframework.test.context.ContextConfiguration; +//import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +// +//import com.google.gson.JsonElement; +//import com.google.gson.JsonParser; +// +//import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +//import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; + +//@RunWith(SpringJUnit4ClassRunner.class) +//@ContextConfiguration({ "/SpringTest-context.xml" }) +//public class EIDDataVerifier_SIC extends eIDDataVerifierTest { +// +// @Before +// public void init() throws SLCommandoParserException, IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException { +// String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_sic.json"))); +// JsonParser jsonParser = new JsonParser(); +// JsonElement result = jsonParser.parse(eIDDataString).getAsJsonObject(); +// +// eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result); +// if (eIDData == null || eIDData.isEmpty()) +// throw new SLCommandoParserException("Can not load eID data"); +// +// } +// +// @Override +// protected String getSl20ReqId() { +// return "_40972fd777c59da1ebeed2b8d633a300"; +// } +// +// +//} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java new file mode 100644 index 000000000..fe12e9b76 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java @@ -0,0 +1,439 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata; + +import java.io.IOException; +import java.net.URI; +import java.net.URL; +import java.util.List; +import java.util.Map; +import java.util.Properties; + +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IStorkConfig; +import at.gv.egovernment.moa.id.commons.api.data.ProtocolAllowed; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.util.config.EgovUtilPropertiesConfiguration; + +public class DummyAuthConfig implements AuthConfiguration { + + private boolean requireAuthBlockQC = true; + + + + public void setRequireAuthBlockQC(boolean requireAuthBlockQC) { + this.requireAuthBlockQC = requireAuthBlockQC; + } + + @Override + public String getRootConfigFileDir() { + try { + return new java.io.File( "." ).getCanonicalPath(); + + } catch (IOException e) { + return null; + + } + } + + @Override + public String getDefaultChainingMode() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getTrustedCACertificates() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isTrustmanagerrevoationchecking() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String[] getActiveProfiles() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Properties getGeneralPVP2ProperiesConfig() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Properties getGeneralOAuth20ProperiesConfig() { + // TODO Auto-generated method stub + return null; + } + + @Override + public ProtocolAllowed getAllowedProtocols() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Map<String, String> getConfigurationWithPrefix(String Prefix) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getConfigurationWithKey(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getBasicConfiguration(String key) { + if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID.equals(key)) + return "SL20Authblock_v1.0,SL20Authblock_v1.0_SIC,SL20Authblock_v1.0_OWN"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH.equals(key)) + return "/src/test/resources/sl20.jks"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD.equals(key)) + return "password"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS.equals(key)) + return "sl20signing"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD.equals(key)) + return "password"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS.equals(key)) + return "sl20encryption"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD.equals(key)) + return "password"; + + else + return null; + } + + @Override + public String getBasicConfiguration(String key, String defaultValue) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) { + // TODO Auto-generated method stub + return null; + } + + @Override + public int getTransactionTimeOut() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public int getSSOCreatedTimeOut() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public int getSSOUpdatedTimeOut() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public String getAlternativeSourceID() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getLegacyAllowedProtocols() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException { + if (useTestTrustStore) + return "MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten"; + else + return "MOAIDBuergerkarteAuthentisierungsDaten"; + } + + @Override + public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public ConnectionParameterInterface getMoaSpConnectionParameter() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public ConnectionParameterInterface getOnlineMandatesConnectionParameter(IOAAuthParameters oaParameters) + throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore) throws ConfigurationException { + if (useTestTrustStore) + return "MOAIDBuergerkartePersonenbindungMitTestkarten"; + else + return "MOAIDBuergerkartePersonenbindung"; + } + + @Override + public List<String> getTransformsInfos() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getSLRequestTemplates() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSLRequestTemplates(String type) throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getDefaultBKUURLs() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDefaultBKUURL(String type) throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSSOTagetIdentifier() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSSOFriendlyName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSSOSpecialText() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMOASessionEncryptionKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMOAConfigurationEncryptionKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isIdentityLinkResigning() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getIdentityLinkResigningKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isMonitoringActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getMonitoringTestIdentityLinkURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMonitoringMessageSuccess() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isAdvancedLoggingActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List<String> getPublicURLPrefix() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isVirtualIDPsEnabled() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isPVP2AssertionEncryptionActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isCertifiacteQCActive() { + return this.requireAuthBlockQC; + } + + @Override + public IStorkConfig getStorkConfig() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public EgovUtilPropertiesConfiguration geteGovUtilsConfig() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDocumentServiceUrl() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isStorkFakeIdLActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List<String> getStorkFakeIdLCountries() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getStorkNoSignatureCountries() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getStorkFakeIdLResigningKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isPVPSchemaValidationActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Map<String, String> getConfigurationWithWildCard(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<Integer> getDefaultRevisionsLogEventCodes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isHTTPAuthAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String[] getRevocationMethodOrder() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) { + // TODO Auto-generated method stub + return false; + } + + @Override + public URI getConfigurationFilePath() { + // TODO Auto-generated method stub + return null; + } + + @Override + public URI getConfigurationRootDirectory() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Properties getFullConfigurationProperties() { + // TODO Auto-generated method stub + return null; + } + + @Override + public ISPConfiguration getServiceProviderConfiguration(String arg0) throws EAAFConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public <T> T getServiceProviderConfiguration(String arg0, Class<T> arg1) throws EAAFConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String validateIDPURL(URL arg0) throws EAAFException { + // TODO Auto-generated method stub + return null; + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java new file mode 100644 index 000000000..69e3e7995 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java @@ -0,0 +1,326 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata; + +import java.security.PrivateKey; +import java.util.Collection; +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.CPEPS; +import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; + +public class DummyOA implements IOAAuthParameters { + + @Override + public Map<String, String> getFullConfiguration() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getConfigurationValue(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getFriendlyName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getPublicURLPrefix() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isInderfederationIDP() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isSTORKPVPGateway() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isRemovePBKFromAuthBlock() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getKeyBoxIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public SAML1ConfigurationParameters getSAML1Parameter() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getTemplateURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAditionalAuthBlockText() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getBKUURL(String bkutype) { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getBKUURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean useSSO() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean useSSOQuestion() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List<String> getMandateProfiles() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isShowMandateCheckBox() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isOnlyMandateAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isShowStorkLogin() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getQaaLevel() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isRequireConsentForStorkAttributes() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Collection<StorkAttribute> getRequestedSTORKAttributes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public byte[] getBKUSelectionTemplate() { + // TODO Auto-generated method stub + return null; + } + + @Override + public byte[] getSendAssertionTemplate() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Collection<CPEPS> getPepsList() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getIDPAttributQueryServiceURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isInboundSSOInterfederationAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isInterfederationSSOStorageAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isOutboundSSOInterfederationAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isTestCredentialEnabled() { + return true; + } + + @Override + public List<String> getTestCredentialOIDs() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isUseIDLTestTrustStore() { + return true; + } + + @Override + public boolean isUseAuthBlockTestTestStore() { + return true; + } + + @Override + public PrivateKey getBPKDecBpkDecryptionKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isPassivRequestUsedForInterfederation() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isPerformLocalAuthenticationOnInterfederationError() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Collection<StorkAttributeProviderPlugin> getStorkAPs() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<Integer> getReversionsLoggingEventCodes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> foreignbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean containsConfigurationKey(String arg0) { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getAreaSpecificTargetIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getConfigurationValue(String arg0, String arg1) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getLoAMatchingMode() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getRequiredLoA() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getTargetsWithNoBaseIdInternalProcessingRestriction() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getTargetsWithNoBaseIdTransferRestriction() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getUniqueIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Boolean isConfigurationValue(String arg0) { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isConfigurationValue(String arg0, boolean arg1) { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean hasBaseIdInternalProcessingRestriction() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean hasBaseIdTransferRestriction() { + // TODO Auto-generated method stub + return false; + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java new file mode 100644 index 000000000..20ff41fe7 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java @@ -0,0 +1,147 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.util.Map; + +import org.junit.BeforeClass; +import org.junit.Test; +import org.opensaml.DefaultBootstrap; +import org.opensaml.saml2.core.Assertion; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyAuthConfig; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyOA; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier.QualifiedeIDVerifier; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.api.Configurator; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; +import iaik.security.ec.provider.ECCelerate; +import iaik.security.provider.IAIK; + +public abstract class eIDDataVerifierTest { + + protected Map<String, String> eIDData = null; + + @Autowired DummyAuthConfig authConfig; + + @BeforeClass + public static void moaSPSSInitialize() throws ConfigurationException, org.opensaml.xml.ConfigurationException, IOException { + Logger.info("Loading Java security providers."); + //System.setProperty("moa.spss.server.configuration", "F:\\Projekte\\configs\\moa-spss\\MOASPSSConfiguration.xml"); + String current = new java.io.File( "." ).getCanonicalPath(); + System.setProperty("moa.spss.server.configuration", current + "/src/test/resources/moaspss_config/MOASPSSConfiguration.xml"); + + IAIK.addAsProvider(); + ECCelerate.addAsProvider(); + DefaultBootstrap.bootstrap(); + + try { + LoggingContextManager.getInstance().setLoggingContext( + new LoggingContext("startup")); + Logger.debug("Starting MOA-SPSS initialization process ... "); + Configurator.getInstance().init(); + Logger.info("MOA-SPSS initialization complete "); + + } catch (MOAException e) { + Logger.error("MOA-SP initialization FAILED!", e.getWrapped()); + throw new ConfigurationException("config.10", new Object[] { e + .toString() }, e); + } + + } + + @Test + public void dummyTest() throws Exception { + + + } + + @Test + public void parseIdl() throws Exception { + String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL); + if (MiscUtil.isEmpty(idlB64)) + throw new Exception("NO IDL found"); + + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + //IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Url.decode(idlB64))).parseIdentityLink(); + if (idl == null) + throw new Exception("IDL parsing FAILED"); + + } + + @Test + public void verifyIdl() throws Exception { + String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL); + if (MiscUtil.isEmpty(idlB64)) + throw new Exception("NO IDL found"); + + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); +// IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Url.decode(idlB64))).parseIdentityLink(); + + if (idl == null) + throw new Exception("IDL parsing FAILED"); + + IOAAuthParameters dummyOA = new DummyOA(); + QualifiedeIDVerifier.verifyIdentityLink(idl, dummyOA , authConfig); + + } + + @Test + public void parseAuthBlock() throws Exception { + String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK); + if (MiscUtil.isEmpty(authBlockB64)) + throw new Exception("NO AuthBlock found"); + + Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64); + new AssertionAttributeExtractor(authBlock); + + } + + + + @Test + public void verifyAuthBlock() throws Exception { + String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK); + if (MiscUtil.isEmpty(authBlockB64)) + throw new Exception("NO AuthBlock found"); + + IOAAuthParameters dummyOA = new DummyOA(); + authConfig.setRequireAuthBlockQC(false); + QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, dummyOA , authConfig); + authConfig.setRequireAuthBlockQC(true); + + } + + @Test + public void checkIDLAgainstAuthblock() throws Exception { + String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK); + String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL); + if (MiscUtil.isEmpty(idlB64)) + throw new Exception("NO IDL found"); + if (MiscUtil.isEmpty(authBlockB64)) + throw new Exception("NO AuthBlock found"); + + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64); + AssertionAttributeExtractor authBlockExtractor = new AssertionAttributeExtractor(authBlock); + IVerifiyXMLSignatureResponse authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, new DummyOA() , authConfig); + QualifiedeIDVerifier.checkConsistencyOfeIDData(getSl20ReqId(), idl, authBlockExtractor, authBlockVerificationResult); + + + + } + + protected abstract String getSl20ReqId(); +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml new file mode 100644 index 000000000..c1f185208 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + + <bean id="firstJOSETests" + class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.JsonSecurityUtils"/> + + <bean id="DummyAuthConfig" + class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyAuthConfig"/> +</beans> diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml new file mode 100644 index 000000000..0840ecd94 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml @@ -0,0 +1,90 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!--MOA SPSS 1.3 Configuration File created by MOA SPSS Configuration Mapper--> +<cfg:MOAConfiguration xmlns:cfg="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> +<cfg:Common> + <cfg:PermitExternalUris> + <cfg:BlackListUri> + <cfg:IP>192.168</cfg:IP> + </cfg:BlackListUri> + </cfg:PermitExternalUris> + </cfg:Common> + <cfg:SignatureVerification> + <cfg:CertificateValidation> + <cfg:PathConstruction> + <cfg:AutoAddCertificates>true</cfg:AutoAddCertificates> + <cfg:UseAuthorityInformationAccess>true</cfg:UseAuthorityInformationAccess> + <cfg:CertificateStore> + <cfg:DirectoryStore> + <cfg:Location>certstore</cfg:Location> + </cfg:DirectoryStore> + </cfg:CertificateStore> + </cfg:PathConstruction> + <cfg:PathValidation> + <cfg:ChainingMode> + <cfg:DefaultMode>pkix</cfg:DefaultMode> + <cfg:TrustAnchor> + <cfg:Identification> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </cfg:Identification> + <cfg:Mode>chaining</cfg:Mode> + </cfg:TrustAnchor> + <cfg:TrustAnchor> + <cfg:Identification> + <dsig:X509IssuerName>C=AT,O=Hauptverband österr. Sozialvers.,CN=Root-CA 1</dsig:X509IssuerName> + <dsig:X509SerialNumber>376503867878755617282523408360935024869</dsig:X509SerialNumber> + </cfg:Identification> + <cfg:Mode>chaining</cfg:Mode> + </cfg:TrustAnchor> + </cfg:ChainingMode> + <cfg:TrustProfile> + <cfg:Id>MOAIDBuergerkartePersonenbindung</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>MOAIDBuergerkarteAuthentisierungsDaten</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>MOAIDBuergerkartePersonenbindungMitTestkarten</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + + </cfg:PathValidation> + <cfg:RevocationChecking> + <cfg:EnableChecking>false</cfg:EnableChecking> + <cfg:MaxRevocationAge>0</cfg:MaxRevocationAge> + <cfg:ServiceOrder> + <cfg:Service>CRL</cfg:Service> + <cfg:Service>OCSP</cfg:Service> + </cfg:ServiceOrder> + <cfg:Archiving> + <cfg:EnableArchiving>false</cfg:EnableArchiving> + <cfg:ArchiveDuration>365</cfg:ArchiveDuration> + <cfg:Archive> + <cfg:DatabaseArchive> + <cfg:JDBCURL>jdbc:url</cfg:JDBCURL> + <cfg:JDBCDriverClassName>fully.qualified.classname</cfg:JDBCDriverClassName> + </cfg:DatabaseArchive> + </cfg:Archive> + </cfg:Archiving> + </cfg:RevocationChecking> + </cfg:CertificateValidation> + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>SL20Authblock_v1.0</cfg:Id> + <cfg:Location>profiles/SL20_authblock_v1.0.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>SL20Authblock_v1.0_SIC</cfg:Id> + <cfg:Location>profiles/SL20_authblock_v1.0_SIC.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>SL20Authblock_v1.0_OWN</cfg:Id> + <cfg:Location>profiles/SL20_authblock_v1.0_own.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + </cfg:SignatureVerification> +</cfg:MOAConfiguration> diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD Binary files differnew file mode 100644 index 000000000..61bfd22bc --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 Binary files differnew file mode 100644 index 000000000..55707d69f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 Binary files differnew file mode 100644 index 000000000..815f53d95 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100 Binary files differnew file mode 100644 index 000000000..882753986 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A Binary files differnew file mode 100644 index 000000000..f28aa4b8e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27 Binary files differnew file mode 100644 index 000000000..5171276f4 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 Binary files differnew file mode 100644 index 000000000..6e17b9db5 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914 Binary files differnew file mode 100644 index 000000000..911640d0e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE Binary files differnew file mode 100644 index 000000000..1bb449441 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D Binary files differnew file mode 100644 index 000000000..807fa786c --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5 Binary files differnew file mode 100644 index 000000000..b2a1e145f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1 Binary files differnew file mode 100644 index 000000000..22d64fb5f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C Binary files differnew file mode 100644 index 000000000..8588ce58a --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716 Binary files differnew file mode 100644 index 000000000..7bbf658e9 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E Binary files differnew file mode 100644 index 000000000..2fa45b280 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3 Binary files differnew file mode 100644 index 000000000..c79d3e6b0 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA Binary files differnew file mode 100644 index 000000000..ab9e0cd7d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8 Binary files differnew file mode 100644 index 000000000..01965769d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 Binary files differnew file mode 100644 index 000000000..5026d395f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 Binary files differnew file mode 100644 index 000000000..9b2ee0fc6 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8 Binary files differnew file mode 100644 index 000000000..9d2132e7f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F Binary files differnew file mode 100644 index 000000000..c34d0f380 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 Binary files differnew file mode 100644 index 000000000..d894e92ca --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D Binary files differnew file mode 100644 index 000000000..380486f65 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E Binary files differnew file mode 100644 index 000000000..0f0db03b3 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E Binary files differnew file mode 100644 index 000000000..39e377edf --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208 Binary files differnew file mode 100644 index 000000000..0a1fcff85 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C Binary files differnew file mode 100644 index 000000000..61d346a8f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 Binary files differnew file mode 100644 index 000000000..9ae7ffa0c --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623 Binary files differnew file mode 100644 index 000000000..a68ae2db7 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 Binary files differnew file mode 100644 index 000000000..28cb48bb0 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E Binary files differnew file mode 100644 index 000000000..c9da41583 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 Binary files differnew file mode 100644 index 000000000..28fbdf42f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 Binary files differnew file mode 100644 index 000000000..b9a0e5a61 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 Binary files differnew file mode 100644 index 000000000..24d1795f5 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1 Binary files differnew file mode 100644 index 000000000..6da18c620 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01 Binary files differnew file mode 100644 index 000000000..3a274af3c --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F Binary files differnew file mode 100644 index 000000000..3beb4529a --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526 Binary files differnew file mode 100644 index 000000000..da38ce028 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 Binary files differnew file mode 100644 index 000000000..7e9fd5b0b --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 Binary files differnew file mode 100644 index 000000000..41dc7c553 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F Binary files differnew file mode 100644 index 000000000..b596d82e3 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D Binary files differnew file mode 100644 index 000000000..4adc3b7ec --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687 Binary files differnew file mode 100644 index 000000000..1e4f22777 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 Binary files differnew file mode 100644 index 000000000..fe561ad6a --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA Binary files differnew file mode 100644 index 000000000..5205ec519 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419 Binary files differnew file mode 100644 index 000000000..10a1f7141 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 Binary files differnew file mode 100644 index 000000000..dae019650 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E Binary files differnew file mode 100644 index 000000000..b9fe1280c --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03 Binary files differnew file mode 100644 index 000000000..ea1585a6e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206 Binary files differnew file mode 100644 index 000000000..0c2494a4b --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878 Binary files differnew file mode 100644 index 000000000..424f849a1 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B Binary files differnew file mode 100644 index 000000000..06b40aa67 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E Binary files differnew file mode 100644 index 000000000..3be7b6a06 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E Binary files differnew file mode 100644 index 000000000..b2beddaa5 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317 Binary files differnew file mode 100644 index 000000000..73553b996 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 Binary files differnew file mode 100644 index 000000000..6368a6cc6 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44 Binary files differnew file mode 100644 index 000000000..08d7b28e2 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE Binary files differnew file mode 100644 index 000000000..e47d2b8ba --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA Binary files differnew file mode 100644 index 000000000..5168e1af0 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D Binary files differnew file mode 100644 index 000000000..c5bcc42e2 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A Binary files differnew file mode 100644 index 000000000..3c7775b6e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A Binary files differnew file mode 100644 index 000000000..b6f39e354 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 Binary files differnew file mode 100644 index 000000000..f9fef65fc --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92 Binary files differnew file mode 100644 index 000000000..f9f27442b --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F Binary files differnew file mode 100644 index 000000000..69de75609 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE Binary files differnew file mode 100644 index 000000000..efa28178e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 Binary files differnew file mode 100644 index 000000000..8c434777e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733 Binary files differnew file mode 100644 index 000000000..289fc2198 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6 Binary files differnew file mode 100644 index 000000000..b7d4b08a6 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 Binary files differnew file mode 100644 index 000000000..89cfe44fd --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C Binary files differnew file mode 100644 index 000000000..d9d633e32 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE Binary files differnew file mode 100644 index 000000000..c3fc91352 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 Binary files differnew file mode 100644 index 000000000..640918641 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A Binary files differnew file mode 100644 index 000000000..ad13d7b28 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B Binary files differnew file mode 100644 index 000000000..d361d919f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 Binary files differnew file mode 100644 index 000000000..69a8e4872 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D Binary files differnew file mode 100644 index 000000000..1a3106742 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 Binary files differnew file mode 100644 index 000000000..558ce15e3 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D Binary files differnew file mode 100644 index 000000000..0bab77032 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F Binary files differnew file mode 100644 index 000000000..b60dea248 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0 Binary files differnew file mode 100644 index 000000000..ac2e3c2b4 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C Binary files differnew file mode 100644 index 000000000..4dd2c49bf --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9 Binary files differnew file mode 100644 index 000000000..1bfd4d661 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19 Binary files differnew file mode 100644 index 000000000..c478bf0fc --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 Binary files differnew file mode 100644 index 000000000..09bd4626c --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 Binary files differnew file mode 100644 index 000000000..592c96230 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 Binary files differnew file mode 100644 index 000000000..c171b6d31 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB Binary files differnew file mode 100644 index 000000000..6f97837a2 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980 Binary files differnew file mode 100644 index 000000000..d7799119f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B Binary files differnew file mode 100644 index 000000000..508f7f076 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B Binary files differnew file mode 100644 index 000000000..c0feb0d0e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6 Binary files differnew file mode 100644 index 000000000..ebfbce9a0 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8 Binary files differnew file mode 100644 index 000000000..5c75689fb --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB Binary files differnew file mode 100644 index 000000000..e08466c5a --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E Binary files differnew file mode 100644 index 000000000..ed5ba194c --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA Binary files differnew file mode 100644 index 000000000..bc5ed1e62 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B Binary files differnew file mode 100644 index 000000000..cb519b7eb --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799 Binary files differnew file mode 100644 index 000000000..f2bbe24c8 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357 Binary files differnew file mode 100644 index 000000000..a592bd280 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918 Binary files differnew file mode 100644 index 000000000..6114ab414 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6 Binary files differnew file mode 100644 index 000000000..beff53663 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1 Binary files differnew file mode 100644 index 000000000..60405d6be --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120 Binary files differnew file mode 100644 index 000000000..4132c67c9 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 Binary files differnew file mode 100644 index 000000000..36c381da7 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE Binary files differnew file mode 100644 index 000000000..e20156afc --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A Binary files differnew file mode 100644 index 000000000..6f92cf716 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1 Binary files differnew file mode 100644 index 000000000..0cba97eec --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD Binary files differnew file mode 100644 index 000000000..1de8f2cdf --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099 Binary files differnew file mode 100644 index 000000000..23d9533dc --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710 Binary files differnew file mode 100644 index 000000000..a7948e488 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE Binary files differnew file mode 100644 index 000000000..c4d97cda3 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 Binary files differnew file mode 100644 index 000000000..a63cd9ad4 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112 Binary files differnew file mode 100644 index 000000000..f5e70ea0f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958 Binary files differnew file mode 100644 index 000000000..a5e651f86 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B Binary files differnew file mode 100644 index 000000000..b15880c29 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA Binary files differnew file mode 100644 index 000000000..d53dce92b --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE Binary files differnew file mode 100644 index 000000000..5375c57c3 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344 Binary files differnew file mode 100644 index 000000000..7085c5ac9 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683 Binary files differnew file mode 100644 index 000000000..97dc187db --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65 Binary files differnew file mode 100644 index 000000000..ad5d7dea1 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B Binary files differnew file mode 100644 index 000000000..2bf4ad712 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E Binary files differnew file mode 100644 index 000000000..c3363a922 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC Binary files differnew file mode 100644 index 000000000..750c08573 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 Binary files differnew file mode 100644 index 000000000..069640ffc --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 Binary files differnew file mode 100644 index 000000000..391ffc14d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C Binary files differnew file mode 100644 index 000000000..255c513af --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18 Binary files differnew file mode 100644 index 000000000..6225c0ca7 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 Binary files differnew file mode 100644 index 000000000..83aeb1fce --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517 Binary files differnew file mode 100644 index 000000000..f8a8957ac --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03 Binary files differnew file mode 100644 index 000000000..376d0753f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580 Binary files differnew file mode 100644 index 000000000..6bbb4b5a3 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 Binary files differnew file mode 100644 index 000000000..3536bd3cd --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5D Binary files differnew file mode 100644 index 000000000..8e513a9f0 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5D diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6 Binary files differnew file mode 100644 index 000000000..36a442b89 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E Binary files differnew file mode 100644 index 000000000..54f809962 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA Binary files differnew file mode 100644 index 000000000..8ddc7d79b --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799 Binary files differnew file mode 100644 index 000000000..c9fd41f7f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374 Binary files differnew file mode 100644 index 000000000..61a7ccb15 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14 Binary files differnew file mode 100644 index 000000000..e4bd48dac --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A Binary files differnew file mode 100644 index 000000000..f6df0f4fd --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7 Binary files differnew file mode 100644 index 000000000..0668256a9 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 Binary files differnew file mode 100644 index 000000000..cac44093a --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 Binary files differnew file mode 100644 index 000000000..46d4477ab --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C Binary files differnew file mode 100644 index 000000000..4989f3e73 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22 Binary files differnew file mode 100644 index 000000000..7c6adedf5 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169 Binary files differnew file mode 100644 index 000000000..70f5b7c91 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A Binary files differnew file mode 100644 index 000000000..141b05ef4 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13 Binary files differnew file mode 100644 index 000000000..95500f6bd --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC Binary files differnew file mode 100644 index 000000000..87d8b52d4 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 Binary files differnew file mode 100644 index 000000000..91acd396a --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A Binary files differnew file mode 100644 index 000000000..b5f5fa6ca --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 Binary files differnew file mode 100644 index 000000000..abeb964dd --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186 Binary files differnew file mode 100644 index 000000000..34c8cf8a5 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE Binary files differnew file mode 100644 index 000000000..cc35ba691 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B Binary files differnew file mode 100644 index 000000000..783dd271a --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC Binary files differnew file mode 100644 index 000000000..74c4ce3b8 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913 Binary files differnew file mode 100644 index 000000000..f3cf5e676 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC Binary files differnew file mode 100644 index 000000000..fc5bd433b --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 Binary files differnew file mode 100644 index 000000000..0a8de4bb9 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 Binary files differnew file mode 100644 index 000000000..d2e7db667 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 Binary files differnew file mode 100644 index 000000000..f2f1c6562 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 Binary files differnew file mode 100644 index 000000000..476a3efb2 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233 Binary files differnew file mode 100644 index 000000000..5c88b668a --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 Binary files differnew file mode 100644 index 000000000..38c2de589 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1B Binary files differnew file mode 100644 index 000000000..f1d7b6a28 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BD b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BD Binary files differnew file mode 100644 index 000000000..c1b90c0f4 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BD diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75E Binary files differnew file mode 100644 index 000000000..3c77b90d2 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75E diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2 Binary files differnew file mode 100644 index 000000000..33e776369 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630 Binary files differnew file mode 100644 index 000000000..29d93550e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522F Binary files differnew file mode 100644 index 000000000..2a88295a7 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522F diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 Binary files differnew file mode 100644 index 000000000..84a1690d2 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286 Binary files differnew file mode 100644 index 000000000..0dc186019 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 Binary files differnew file mode 100644 index 000000000..a699436ca --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200 Binary files differnew file mode 100644 index 000000000..05a8b86f9 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA Binary files differnew file mode 100644 index 000000000..836ba3767 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826B Binary files differnew file mode 100644 index 000000000..87b13faaa --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F Binary files differnew file mode 100644 index 000000000..f1c03d688 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 Binary files differnew file mode 100644 index 000000000..781d1e4f2 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B Binary files differnew file mode 100644 index 000000000..8286cabbc --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B Binary files differnew file mode 100644 index 000000000..a0148f63b --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221C Binary files differnew file mode 100644 index 000000000..42a64da07 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221C diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 Binary files differnew file mode 100644 index 000000000..32893db7f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907C Binary files differnew file mode 100644 index 000000000..277b6083a --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907C diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29 Binary files differnew file mode 100644 index 000000000..afe6fdf09 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF Binary files differnew file mode 100644 index 000000000..d71177a4e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml new file mode 100644 index 000000000..e67b1f5ce --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="saml2" version="1.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xsl:output method="xml" xml:space="default" /><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signatur der Anmeldedaten</title><style media="screen" type="text/css"> + .normalstyle { font-size: medium; } + .italicstyle { font-size: medium; font-style: italic; } + .titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; } + .h4style { font-size: large; } + .hidden {display: none; } + </style></head><body><h4 class="h4style">Anmeldedaten:</h4><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)"><tr><td class="italicstyle">Vorname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)"><tr><td class="italicstyle">Nachname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">Vollmacht: </td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Identifikator: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderUniqueId']/saml2:AttributeValue" /></td></tr><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)"><tr><td class="italicstyle">Name: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)"><tr><td class="italicstyle">Staat: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue" /></td></tr></xsl:if></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,9,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,6,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,1,4)" /></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,12,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,15,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,18,2)" /></td></tr><tr><td class="italicstyle">TransaktionsToken: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/@ID" /></td></tr><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle"> + Vollmachten-Referenz: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue" /></td></tr></xsl:if><tr class="hidden"><td class="italicstyle">DataURL: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience" /></td></tr><xsl:if test="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"><tr class="hidden"><td class="italicstyle">AuthBlockValidTo: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter" /></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></dsig:Transforms></VerifyTransformsInfoProfile> diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml new file mode 100644 index 000000000..741013cd1 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="saml2" version="1.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xsl:output method="xml" xmlns:xml="http://www.w3.org/XML/1998/namespace" xml:space="default"/><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signatur der Anmeldedaten</title><style media="screen" type="text/css"> + .normalstyle { font-size: medium; } + .italicstyle { font-size: medium; font-style: italic; } + .titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; } + .h4style { font-size: large; } + .hidden {display: none; } + </style></head><body><h4 class="h4style">Anmeldedaten:</h4><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)"><tr><td class="italicstyle">Vorname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)"><tr><td class="italicstyle">Nachname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">Vollmacht: </td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Identifikator: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderUniqueId']/saml2:AttributeValue"/></td></tr><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)"><tr><td class="italicstyle">Name: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)"><tr><td class="italicstyle">Staat: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue"/></td></tr></xsl:if></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,18,2)"/></td></tr><tr><td class="italicstyle">TransaktionsTokken: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/@ID"/></td></tr><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle"> + Vollmachten-Referenz: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"/></td></tr></xsl:if><tr class="hidden"><td class="italicstyle">DataURL: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience"/></td></tr><xsl:if test="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"><tr class="hidden"><td class="italicstyle">AuthBlockValidTo: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"/></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms></VerifyTransformsInfoProfile> diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_own.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_own.xml new file mode 100644 index 000000000..517f6437c --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_own.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="saml2" version="1.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xsl:output method="xml" xml:space="default"/><xsl:template xmlns="http://www.w3.org/1999/xhtml" match="/"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signatur der Anmeldedaten</title><style media="screen" type="text/css"> + .normalstyle { font-size: medium; } + .italicstyle { font-size: medium; font-style: italic; } + .titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; } + .h4style { font-size: large; } + .hidden {display: none; } + </style></head><body><h4 class="h4style">Anmeldedaten:</h4><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)"><tr><td class="italicstyle">Vorname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)"><tr><td class="italicstyle">Nachname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">Vollmacht: </td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Identifikator: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderUniqueId']/saml2:AttributeValue"/></td></tr><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)"><tr><td class="italicstyle">Name: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)"><tr><td class="italicstyle">Staat: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue"/></td></tr></xsl:if></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,18,2)"/></td></tr><tr><td class="italicstyle">TransaktionsTokken: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/@ID"/></td></tr><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle"> + Vollmachten-Referenz: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"/></td></tr></xsl:if><tr class="hidden"><td class="italicstyle">DataURL: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience"/></td></tr><xsl:if test="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"><tr class="hidden"><td class="italicstyle">AuthBlockValidTo: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"/></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform> + <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> + </dsig:Transforms></VerifyTransformsInfoProfile> diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..d361d919f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..ad13d7b28 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..f9f27442b --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..b6f39e354 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..f9fef65fc --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer Binary files differnew file mode 100644 index 000000000..3c7775b6e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..36a442b89 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer Binary files differnew file mode 100644 index 000000000..54f809962 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..ab9e0cd7d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer Binary files differnew file mode 100644 index 000000000..01965769d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer Binary files differnew file mode 100644 index 000000000..b9a0e5a61 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt new file mode 100644 index 000000000..9befb53fc --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIDFl+uMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl +c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx +MjE1MTMwMDQ1WhcNMjQxMjA5MTIwMDQ1WjCBlTELMAkGA1UEBhMCQVQxSDBGBgNV +BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry +LiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1UZXN0LVJvb3Qt +MDUxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1Sb290LTA1MIICIDANBgkqhkiG9w0B +AQEFAAOCAg0AMIICCAKCAgEApv3ETyDuseYGvBXgJSiAe7q2dvKtcxlHGlEdEWKv +YUODdXiTIIcwuIU0+F8ybvoQdEVPGDsdzShhXKgMfdGY5WF1BslCgjwcr4h6GWgt +cSkXXFIYVV5GCrac4DhM60EvtXpadi8dNMu7dUKZjqES9UPC6Gc5H6fadauLaV6b +DbNrJufXUditjEbhqj5uX3u4/+nFRH8g1DiQm5RCC3ttVe0/7buJipErVQ9Sbhzk +hkFlzLbph2s2hiEP8NB5tXM3ffxmJ2Yv98+U1Ec0iXvsoGhqRyZVn1huTi+9PJnP +IyPfXDkqWv49E/WeZsaZ48kdVx9xIC6OVYF0GCDsKjsKWN+4xL6/eYvSnyIBij/A +e1T3wkLhp+bDyqxnvDatMlWchfbZxicvzr83c8SGt81RBekwbG/HGPRE4x5DnTkQ +67DTMzMSmW+FAJdZG2Ofsg9+D+v+iqRD310maLABtko3e+xm601FS8d0lDFJVGgG +36IB+ZrUIXmLfOIQjlF/yx566oUmSif3QRgmnSuNtunffXHBbL0qFAiEDwwHg41t +zBiSswKRWa5J/BMIung+6T8gw5kY3c3yJ+pUip4J2oeVa9jZlO/AY7k5BCeGh5Ky +zu22GMQIp9ulIIfUKx8jcnhtDy07UEmaWqv3rVsqKWF9v9B4z2SMiH1oFEgrNAxi +v98CAQOjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEQv+xQJkonQMA4G +A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEASO7M8elac5VTP+FjuL1S +nS72NaIP/RGYmw6967irlG5qQ0cGmCZO5J8SsL7xc3BMofMQMbrsGEryO1F4Y95B +o419IzqPb8sYHlx1Du+F2D01qXBmGP/NcqQIo9twLa+man16l7SFF/iNof2axigM +TUcWzqHUxtSjCPoU44qTsi8vVuQKRP8gMGlVCty0joc0gEW8PqKiMaKxI+tglVA6 +czwvPXfk9pJkL3hhDg/p59iKJTkEKIDtvugrZ4ZqOCBL5xv1Tar3BMBAKSfl/YoQ +/p6ATGlKkjSbMyU7vUGxXldNALHkezxFufuDZEF/erp3hCVADbQMKgyM7Diu6cKB +0s4+POeTQoSQ2dnMQJdgAfeGcd3twy2s/M/xHAVGPAPIQWH7ppVcs6AbVXQabHxJ +YZU7G2ct8Se0r8RLq+iRYrWhFKl8mmVBNwK2WJhjWPv2fqM1xYtbbwH6zoV/Sf8j +uIbx/5A/MJo/4s/9ciafJLVzLvkOh6Bhf310TAxyB9mDiL00KAuVTDtwYfzo1+jw +0bInpPqTCkgszn0LbajeaEIc7lQ7neY0gmMqDvnhA+5LyHJXuX5tDF+1/KDijlLs +p/k1/YZfe1Ai1+gcRoAlp2O80tKaJWZPkf8POffyIkSxJbHlKF6r3TWs7JYr+YUi +lm2dyCqZ9RUD5ZN2YRntJoo= +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..289fc2198 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..b7d4b08a6 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..289fc2198 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..69de75609 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..8c434777e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..efa28178e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer Binary files differnew file mode 100644 index 000000000..33e776369 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt new file mode 100644 index 000000000..203c416fe --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIGfzCCBGegAwIBAgIHAJZY0iYXUjANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQG +EwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5IG9m +IFRlY2hub2xvZ3kxDTALBgNVBAsTBElBSUsxIjAgBgNVBAMTGUlBSUsgVGVzdCBJ +bnRlcm1lZGlhdGUgQ0EwHhcNMTgwNTI4MTQ0NTIxWhcNMjEwNTI4MTQ0NTIxWjAw +MQwwCgYDVQQqEwNFaWQxDTALBgNVBAQTBFRlc3QxETAPBgNVBAMTCEVpZCBUZXN0 +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKs+u9OdjFmRGF1Cbsa+XSuvzPoIG +pPtcJs+4thMbCubwSQMvUOssrCzrC1Ji9YVxeqHs3DU2RDEosoSUROJH3KOCAyAw +ggMcMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMIIBNgYIKwYBBQUHAQEE +ggEoMIIBJDCBggYIKwYBBQUHMAKGdmxkYXA6Ly9jYXBzby10ZXN0LmlhaWsudHVn +cmF6LmF0OjEzODkvY249aWFpay10ZXN0LWludGVybWVkaWF0ZS1jYSxvdT1wa2ks +ZGM9aWFpayxkYz10dWdyYXosZGM9YXQ/Y0FDZXJ0aWZpY2F0ZTtiaW5hcnkwUAYI +KwYBBQUHMAKGRGh0dHA6Ly9jYXBzby10ZXN0LmlhaWsudHVncmF6LmF0L2NlcnRz +L2lhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2EuY2VyMEsGCCsGAQUFBzABhj9odHRw +Oi8vY2Fwc28tdGVzdC5pYWlrLnR1Z3Jhei5hdC9vY3NwL2lhaWstdGVzdC1pbnRl +cm1lZGlhdGUtY2EwHwYDVR0jBBgwFoAUedgPAoHlywvut/xEv9Nn+hCGURIwgaAG +A1UdIASBmDCBlTCBkgYMKwYBBAGVEgECBwEBMIGBMH8GCCsGAQUFBwICMHMMcVRo +aXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBieSBhICoqY29weSoqIG9mIGFuIElB +SUsgVGVzdCBJbnRlcm1lZGlhdGUgQ0EgYW5kIG1heSBiZSB1c2VkIGZvciB0ZXN0 +IHB1cnBvc2VzIG9ubHkuMIHeBgNVHR8EgdYwgdMwgdCggc2ggcqGgYJsZGFwOi8v +Y2Fwc28tdGVzdC5pYWlrLnR1Z3Jhei5hdDoxMzg5L2NuPWlhaWstdGVzdC1pbnRl +cm1lZGlhdGUtY2Esb3U9cGtpLGRjPWlhaWssZGM9dHVncmF6LGRjPWF0P2NlcnRp +ZmljYXRlUmV2b2NhdGlvbkxpc3Q7YmluYXJ5hkNodHRwOi8vY2Fwc28tdGVzdC5p +YWlrLnR1Z3Jhei5hdC9jcmxzL2lhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2EuY3Js +MB0GA1UdDgQWBBSOwKEfd5HkkkiziZBb5Yj4HWy1DDANBgkqhkiG9w0BAQsFAAOC +AgEAAjjDMSWxbUHvklPKS4xTJJV7Bl5Gy++/LZ39Mb8ZCgjIsGIP9w3hhz0kfi4z +Iz6hvf/Yx9zlKZ/wRIU8R4iygqQSY5Zm28WKVm3Vbhfs4ewN4FJTP8w8LgUSHJ02 +V+JIHtUt5i9U2a/I01bmzIIfBYL0IW8s1K3VMAzADyHDGW/U6h9ck7dayw8OWi8t +NT4tnKX4mEhH6z2kUPnv7fqFlSRrD0uqkeKZad3A1a155S0Dgj1cZmNjR4sRhQhh +gba/EGuHNyEXchVasIITohORuJV9BAq4CckbSLo/qCSf+uiQUJm336LwavjGZked +O/auvRTETctPipjdONSxF/jbjAQ3fmYR/VqvoCm6K3ZgWTzxk0S4mfarrwooDvlE +rkSnrlLf+D6EyQt9LCw/i5LvH/+E+ZQ4AKwTHmJok4xdSgywyNrxsciZrvUGgwe9 +n+CV3IzEymYfL28qykKWpqbPTlSHqa3SlImdl8ywJI4hAW7mzZDp4OjhibRydJsR +7uiFnfhIKMTDicnZGgPZZqIuS4qGwYBszU77R+XmwmZqZBkNP88eYW1qnxCFGEtI +OiiETwO4zxXFF21CeB06PEwRCVgebBg0zBnX+hIsT/nJqwHK8I0Yh24BCudESUC2 +gE9xrujrk3e7r+lOqbYbzeWRJnXILg+SnflzC9kS3LxRfJI= +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer Binary files differnew file mode 100644 index 000000000..911640d0e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer Binary files differnew file mode 100644 index 000000000..1bb449441 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer Binary files differnew file mode 100644 index 000000000..1bb449441 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02_A-Trust-Test-Qual-.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02_A-Trust-Test-Qual-.crt new file mode 100644 index 000000000..803b30eb1 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02_A-Trust-Test-Qual-.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEATCCAumgAwIBAgIEOWntwTANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC +QVQxSDBGBgNVBAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUg +aW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1U +ZXN0LVF1YWwtMDIxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1RdWFsLTAyMB4XDTE0 +MTEyNDE0NDkxN1oXDTI0MTExODEzNDkxN1owgaExCzAJBgNVBAYTAkFUMUgwRgYD +VQQKDD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0 +ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsMGmEtc2lnbi1QcmVtaXVtLVRl +c3QtU2lnLTAyMSMwIQYDVQQDDBphLXNpZ24tUHJlbWl1bS1UZXN0LVNpZy0wMjCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANwJSfWpRaziThddTTup72Cl +tlXl8oc7HQoK2SWsYQwZGAd5nJZbwbI4K8VFKlNnK72Zl8UhmQ2FxhzS6u+Q+qEz +JOM2xTfA2NB6A9/KFpTJXUjvCHgRvW16EEF9YpYXxKTSK+QrYCXAC5rL6SuYOzgA +7Q1ivq+zLbyXxroux2zVEBIiaBGpZhOHGDFJk6h/4QelIqzd2TIDCRzvhmLDVmhq +X2C1NQb5kZuMgrxxOhG5Cr1F8solkwyu43JiM+apY4bZJVQBwi9ATBMz5tfdoLRs +lQy1BCQ4X+b6u/2856gucU+1e/wa5pB9Ff0eP+xy+j2DZOXLNd8m/IQvnshjNusC +AwEAAaNLMEkwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIRgafjkGOFb0wEwYD +VR0jBAwwCoAIQg8xWXA9iecwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUA +A4IBAQBq/owq5eGvhxegchLvnMjPnE9gTYIHEvMq8DN6h2J7pTEhKG2o09LLn/pN +HWRjKENU/LqZBIAJ5zebm5XqzB631BYcuu1abyPFfpMdAL9X4zFuDvg9EGaTir2c +81XaBYzVSLN7fxmNLKSmMwUt0JQQyqpe3V9iyoBE/WcQyKmKaEp7mCZsGFBm6KmJ +gqD6TPb7X9bWUr3yx6Z5gek71f3vQi69m1x811azXlxu1i/XFnVpzxkrKRXJWC+w +nQRxXmU7YnMzYPOA7UOpUG6J+7tYi29hY3EpMgyXM/T/BL5MdyzBefbPVzLHng5z +VaXNpO0ENCrlUyi1m3Yd/7QPDdJM +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-05.20141215-20141209.SerNo165fb8.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-05.20141215-20141209.SerNo165fb8.crt new file mode 100644 index 000000000..ee17cdb80 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-05.20141215-20141209.SerNo165fb8.crt @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGQTCCBCmgAwIBAgIDFl+4MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl +c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx +MjE1MTMxMDE5WhcNMjQxMjA5MTIxMDE5WjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV +BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry +LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1 +bS1TaWctMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tU2lnLTA1MIIC +IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAq9PRwApA35K3LT0p5IYtNZMS +BFJsIkzjgF4FRQ36PtxeNsPL6iPgfFjWLZzVT1arHrC6ciz97haDWEN5Jq+aVaZp +gvFtvqZXlwYOWP0sshQg1aP7zrfH/N6yqjkrXHyzgmSz3SVIbdj5CqUJz/+94FCR +cA8XkQ3WZAjSkRB+MSIY8umftkmJOVAstaG28OEtpmqwBLRh/QGcNZzfhyrPS2Ls +5BAKQW9SBb1nXn8JOHq0Bd8zHShHbny9X/qT0xqeFfwItZWiW7iu3LgbGqfB3J4d +s+9iecwHDsmYdSb2quGmzJXejmvktFZte9dlF7BuBqier+R3/czdLteRems5S9Ka +hlP3+f3CnFwKihyVMhnuf5HyhCo1Fvrt+igWtNnos38qzB5RzRTJXnvZyrtTJMQE +/8ZuV2B12Oaf0AQjt+o/SPKeaTBX2yes0S1xbQy7xJzNhgBJ2Ir3OI6SoOooVN+9 +kQuzD7NsJBJzIy4dHCvOgs0C1ro8DROaV3Usn58eYOkLDrPGpEBmFq7GnsxnbeEh +5zzlgh00R9cy5PxiO40U+KxnTmQl+/vc9i1plDLsTRePeThKgS0UOIRZP7voYKdu +IJaEzufNXUxZbCc9Mq3V552BmRPhL9Ouf/bfaVMmkY4p7BdU57stxDfVwG9biujj +AVPA7DeRm+S0kzWRq0kCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov +L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME +DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhB0SNOEjM1 +3jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEiqm52uEL2giMCy +8i1tIbqKP3SeJnYxhJgN4d3caWqfE1CoEUQjsN8t7sF866TOYJMrQ+/dS8bUqNiG +x4vvPrDq3DUSyKflgPaz+36xtB4BTlIiYTzio7Tnv+d5n+MsM6c/rijJzRx38FLM +tZTAfr7dXv5KxrfYrrEnPrGg0gMlYqX3rB1TKQnPx5qG3e2YXc6tdvDeXhh9cXj3 +76VJony7iV0ccKWNXRRNx1X0po/Luu6EMD/5czArtmO0KmGXO3gK3Fy7pxUbdBra +nSJNsY+Fv4X3zqf5n9ZM4Yut7KSqBiQbuMmIzLZkICJOWN5t9mOTStgmZjGqBdQN +sRuVinaLxA88Fd32ZmFxbagOLeKEXPTQT/ERbDOjhShY6jA2/LkIcg9mwDDOubsp +FcZaYlyXmvD+HNVxL5B4BGDWoGHmCxaj+bcYP4U797bpE90sTnMIQd6JoYEMQSIy +Re0S4jKIOkCqBDkPBIXZf/IizTvJiQoFUtT7civFYhcUHDOcWs69NUU3F6sEBZmq +C1uIRm7zD6FUPNpVcfVIeqcfWsnx5bSKwheh9Dk/A3eTmxjpodV4tIq6BfCLdq52 +85dumPB4zz/EmCuZ0hwy9/TJwaogVMqicvr1/pQXDM7T6fCM0vK9w/e4ejmX61TK +6MsTXFjxlwpIacl4fkAxk6L22xfB +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer Binary files differnew file mode 100644 index 000000000..cac44093a --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer Binary files differnew file mode 100644 index 000000000..32893db7f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer new file mode 100644 index 000000000..60bc9a557 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID2zCCAsOgAwIBAgIDFhIPMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRwwGgYDVQQLDBNhLXNpZ24tVEVT +VC1RdWFsLTAxMRwwGgYDVQQDDBNhLXNpZ24tVEVTVC1RdWFsLTAxMB4XDTE0MTEx +NzA3NDAzNloXDTI0MTExMTA2NDAzNlowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQK +DD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4g +RGF0ZW52ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1URVNULVF1YWwtMDEx +HDAaBgNVBAMME2Etc2lnbi1URVNULVF1YWwtMDEwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQD4TRgyXzhxJ2AkndX0RPY771f64dsJrReEeuShLRK5io0B +kJWc4t7wuD1B98cJ0MUPlMmOJ2Ckc/vuLhQUyY3qEUmhMhixCUIcdHQ5yH3H0yMV +HxyJxAG83fE8M25kpKA4TzzMW8KPd2S63wbpPElyEy7vrllrLxvdQRSDpMZMvRg8 +fvoDGAehxsnKKwlXZuMq1aSBzfMz3cMBDKxvqzDIz7yC1iWNkdiwog3a5a5PbViK +shhZ0h+bx9WFDpiN6ooPQgcGhjD+NqIDoiOr7CUFHp+HiC6xIsEFJaBHTf3dRZ61 +0r1FDABx0Yj8+wlXSQLYq/1nR/QMwsvH0Cz1qYTPAgMBAAGjNjA0MA8GA1UdEwEB +/wQFMAMBAf8wEQYDVR0OBAoECE8h1CulBqTdMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAAOCAQEAimFu+xTm3UdyU+fO+2hz4DS20OGSC9NBDkorjzhRPWoZ +IVhUi6yH5drqSBm4/2ZYS1Ba5npzfyJwm+cLO28ljxAApfRHlbN0y83hKv7c0I7g +zWTMRs8X8ar5Gd7d4O5jpC4PAaZ1ozSDoE06U5im6YMLaJy/0QYvf5EQBMvLdeoc +d1vl17JYKYqYzcX2dvayikrfiglFqDaZZ66yJPBSuiyNhXpPkbXsOoyyTPtV/0Bh +eKIQiQyJID5aZtR7D4fBAzKdp5wB9KLQXBZ80hrwqrIuy+ME0tFaBWYBi8dzQ1iq +/E3Qz0USfGmxPMm8y/zRqsDvxZCRiSuvzBkOXbGMdA== +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..d361d919f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..ad13d7b28 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..f9f27442b --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..b6f39e354 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..f9fef65fc --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer Binary files differnew file mode 100644 index 000000000..3c7775b6e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..36a442b89 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer Binary files differnew file mode 100644 index 000000000..54f809962 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..ab9e0cd7d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer Binary files differnew file mode 100644 index 000000000..01965769d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer Binary files differnew file mode 100644 index 000000000..b9a0e5a61 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..289fc2198 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..b7d4b08a6 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..289fc2198 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..69de75609 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..8c434777e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..efa28178e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer Binary files differnew file mode 100644 index 000000000..33e776369 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der Binary files differnew file mode 100644 index 000000000..3be7b6a06 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer Binary files differnew file mode 100644 index 000000000..afe6fdf09 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..36a442b89 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer Binary files differnew file mode 100644 index 000000000..54f809962 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer new file mode 100644 index 000000000..2284687bb --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIDFLT5MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R +dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTE0MDcyMzEwMzgy +OVoXDTI1MDcyMzA4MzgyOVowgY0xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy +dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 +ZXJrZWhyIEdtYkgxGTAXBgNVBAsMEEEtVHJ1c3QtblF1YWwtMDMxGTAXBgNVBAMM +EEEtVHJ1c3QtblF1YWwtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCtPWFuA/OQO8BBC4SAzewqo51ru27CQoT3URThoKgtUaNR8t4j8DRE/5TrzAUj +lUC5B3ilJfYKvUWG6Nm9wASOhURh73+nyfrBJcyFLGM/BWBzSQXgYHiVEEvc+RFZ +znF/QJuKqiTfC0Li21a8StKlDJu3Qz7dg9MmEALP6iPESU7l0+m0iKsMrmKS1GWH +2WrX9IWf5DMiJaXlyDO6w8dB3F/GaswADm0yqLaHNgBid5seHzTLkDx4iHQF63n1 +k3Flyp3HaxgtPVxO59X4PzF9j4fsCiIvI+n+u33J4PTs63zEsMMtYrWacdaxaujs +2e3Vcuy+VwHOBVWf3tFgiBCzAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYD +VR0OBAoECERqlWdVeRFPMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC +AQEAEoykPeAA/6iKm6YnfxsSHFe+Dtian2yAH8L2TqMdcHeSB/7L1x73uuDeYku1 +hbKQAXnfXntf8R+VgjQBTww0aDb5164netYcFbK0g8uVWVCqOl8wf3JbAUxHS9br +cFKks+CJKPr6qQ6H+sb1o9127c9IQSZYP3S/gMAaGw0cSTlsnosE0P5Ur5vHsapm +FV3V+VOjYNs2GLSu4XQCYvSIpsfDJp8VsJ/BMYS9GqGvQ/9qGa0fwEbEMadb5mcJ +tw/EKg4gJthMgxOfO5eVuCQ3PAEWOe5lrOrTdvTIlhphUuns5hoIdlyLuNqewK3s +FJ6N46sU7LjJLqSKYEB8usoIiw== +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer Binary files differnew file mode 100644 index 000000000..33e776369 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer Binary files differnew file mode 100644 index 000000000..277b6083a --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus-Schwab-BM-f-Inneres-20040219-20070219.SerNo5c39.der b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus-Schwab-BM-f-Inneres-20040219-20070219.SerNo5c39.der Binary files differnew file mode 100644 index 000000000..376d0753f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus-Schwab-BM-f-Inneres-20040219-20070219.SerNo5c39.der diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer Binary files differnew file mode 100644 index 000000000..376d0753f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/SIC_IDL_SIGNER.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/SIC_IDL_SIGNER.crt new file mode 100644 index 000000000..b2de9da56 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/SIC_IDL_SIGNER.crt @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIHajCCBVKgAwIBAgIGRUnF8D5SMA0GCSqGSIb3DQEBCwUAMHcxCzAJBgNVBAYT +AkFUMQ0wCwYDVQQHEwRHcmF6MSYwJAYDVQQKEx1HcmF6IFVuaXZlcnNpdHkgb2Yg +VGVjaG5vbG9neTENMAsGA1UECxMESUFJSzEiMCAGA1UEAxMZSUFJSyBUZXN0IElu +dGVybWVkaWF0ZSBDQTAeFw0xNjA4MjUxMzA4MzhaFw0xOTA4MjUxMzA4MzhaMIH8 +MQswCQYDVQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2 +ZXJzaXR5IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBw +bGllZCBJbmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEa +MBgGA1UEBBMRU2lnbmF0dXJlIFNlcnZpY2UxHjAcBgNVBCoTFVNlcnZlckJLVSBE +ZXZlbG9wbWVudDEwMC4GA1UEAxMnU2VydmVyQktVIERldmVsb3BtZW50IFNpZ25h +dHVyZSBTZXJ2aWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxd/3 +9il61ghIH781wRGg5m+12MRxFB/eKLTn8Aj3YpTmI9+4CTG8ESmu20i/d+mRc/Bg +5tzvITi+964gIsovynCdU9QEwWF9SKTQ7vjTMfkTWDll+KfSWjO71l7Dm9F/dRVW +xKcx1j6oSxbnYZio3UBsSF+vfEz7cJz2DzAgAtM9s/2wSiYyWwfQMQcgEgA4uWtW +/7vre8FDgxxtA3XOV7IgKoEfFA2c7a6gVGUjN90OWxn4ZdDGpjDY9mAnEJS2rQoZ +EnkI47rfx35FrEPt7Rdc5mTSwDvbJqLlxkCUrPi+CV/esMxryX4+mivaghxVy3GT +SpTxf2IAgX2uX2VbUwIDAQABo4ICdDCCAnAwDgYDVR0PAQH/BAQDAgeAMAwGA1Ud +EwEB/wQCMAAwggEXBggrBgEFBQcBAQSCAQkwggEFMHcGCCsGAQUFBzAChmtsZGFw +Oi8vbGRhcC5pYWlrLnR1Z3Jhei5hdC9jbj1pYWlrLXRlc3QtaW50ZXJtZWRpYXRl +LWNhLG91PXBraSxkYz1pYWlrLGRjPXR1Z3JheixkYz1hdD9jQUNlcnRpZmljYXRl +O2JpbmFyeTBIBggrBgEFBQcwAoY8aHR0cDovL2NhLmlhaWsudHVncmF6LmF0L2Nl +cnRzL2lhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2EuY2VyMEAGCCsGAQUFBzABhjRo +dHRwOi8vb2NzcC5pYWlrLnR1Z3Jhei5hdC9pYWlrLXRlc3QtaW50ZXJtZWRpYXRl +LWNhMB8GA1UdIwQYMBaAFEJur6/qQSp/lFcFhYLgkUYhyVdCMBkGA1UdIAQSMBAw +DgYMKwYBBAGVEgECBwEBMIHKBgNVHR8EgcIwgb8wgbyggbmggbaGd2xkYXA6Ly9s +ZGFwLmlhaWsudHVncmF6LmF0L2NuPWlhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2Es +b3U9cGtpLGRjPWlhaWssZGM9dHVncmF6LGRjPWF0P2NlcnRpZmljYXRlUmV2b2Nh +dGlvbkxpc3Q7YmluYXJ5hjtodHRwOi8vY2EuaWFpay50dWdyYXouYXQvY3Jscy9p +YWlrLXRlc3QtaW50ZXJtZWRpYXRlLWNhLmNybDANBgcqKAAKAQcBBAIFADAdBgNV +HQ4EFgQUCGcmNEgrFLwredMpRpa/34jEqY8wDQYJKoZIhvcNAQELBQADggIBAIAg +/Ft+vM0DUKKipcF2xSZCweqEr6bF9I8FruxKyHg4WcWiUvFs96Wkwj/GA8YMJkjE +SKad1nP+hFjiraYU6dSfpOnAUJyLV0q5DM8Y0cl8GDqazE2kNGNzjmH9HvGY9CWp +vwF8htBnBX8N4Evw2t86eD4V507k2Ev8JOPWKifZwO0OCnPkkBfq30H5GVm9JA8W +joEXYQzzX2TBYrxqkWNosAsN9StcOvv9sfTTtW+ozK5/VPvAp9SUOjC5Eww7BuKq +yBxDrTSQ8hlfW2j8cMtCmg00LISnspiq8PdvIWktDO0sriyh3YuIIUx86OE9rBcG +20qr9s2oXYzVxq+T6hIEzDC1v/sPbpeYFdU6DW7bz/3ObPcKjkGD7J06ZDZFbgXr +aucr01ZFjdgBcdH0UzmsIaAMG+HY5RU99AZ5bP5RH+DbSTZLlcm8Zzne5/b0rN+a +2Q1ctptQnaPlZYQMcTSqXcbM7Umzn4LgnOedjfAcp8Pk0r+bZojrzFGuoi9fqkqe +qTup+PkGj+I8D+pOG/sSMaPx/gPZ4llO9v17VGHKH+OyGIsefwd+jXhMTJMdt5kO +6fLyTFF1MP4Ld64pRuboagZqe3dmy9HCy7AVnq9dIl/BlhLjhLSTYWvwtduh33WV +qegwBldr6P9vuJTsOrre7bRvkA+VnuZhlNW9AC1/ +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Testuser_BRZ_IdentityLink_Signer.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Testuser_BRZ_IdentityLink_Signer.crt new file mode 100644 index 000000000..d69dc044e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Testuser_BRZ_IdentityLink_Signer.crt @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFZDCCA0ygAwIBAgIJAJav+zeqU/DMMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV +BAYTAkFUMQ0wCwYDVQQKEwRFR0laMRYwFAYDVQQLEw1Tb2Z0d2FyZUNhcmRzMSYw +JAYDVQQDFB1UZXN0X1NvZnR3YXJlY2FyZHNfSURMX1NpZ25lcjAeFw0xNjEwMTgx +MDM5MDdaFw0xOTA3MTQxMDM5MDdaMFwxCzAJBgNVBAYTAkFUMQ0wCwYDVQQKEwRF +R0laMRYwFAYDVQQLEw1Tb2Z0d2FyZUNhcmRzMSYwJAYDVQQDFB1UZXN0X1NvZnR3 +YXJlY2FyZHNfSURMX1NpZ25lcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBALkLgt+MFTxLfRzcEIZ0bycIFg7g/HPN7QWIZ67bHzrb6ehebzF9VinzDZXC +kfKWdUJbkNSuWKWrp2X62f7oGhdqK0yFc+Dlo+OpIDgQiWCpBfKJo8cPWsiAmNuT +xWVagU5faI1h7xvvOVMybWe92nivfqLOuEx6WvX/UoIawRHV2VmPGFgZocM5G0X6 +bUVEpqxAa3qOIlRr0poB+RA0PA86hRpRYal/Or93D8BfQH5l8zV9QcvPe/KeJSpJ +HgGWmEs593LtNuA1Rv1iDpuu10y7C2FeMBvcUpRkR7WAj7vIYVtQILXCh1FhfN1b +Hg6xLVTyshlgUn7ARQJYoJ3togdGamDRlnKU2rXN9j88Tw6fAdcCvWbWVtjy8pNj +WLkVJMlFWdfO6/5LAva1HxROMhFx7QOPhOzemetCtT2fI4FTAk9Vyf9wTUQOL8sq +K73t1A419lYS8WuUCzHDxLujLiTuwoIUgzMN/bqMEZrogPLY2Kj4vmZMZ4gU2PU7 +Yw+Xfang3+/yK1gYNEebpdvPi8SVUAnus/Cfmdwdn9O/naWiBpjc06GJvMbegjxw +oPBM5c0SkCR5xCaygZL2OBpRMKgdfrk4k0pj5ZUm+mtrOGojtRZJEZQCBpVPk1yD +3L4/Z4AZofOo8dSkUR+xJN0oKnIdfndvBxNF4sxY4IwOvFRrAgMBAAGjKTAnMAkG +A1UdEwQCMAAwCwYDVR0PBAQDAgWgMA0GByooAAoBBwEEAgUAMA0GCSqGSIb3DQEB +CwUAA4ICAQBcED7tE8qmAwFBdhyoz1D8yodEZmmdXZwksA/kI+o+5wQs6Y/qvw7j ++eBvlctyXCXWh1eFeb/FaiA5Cpoak8Nc/oY7T/yBj5gfKHlNqVT1owaBkHsEYMBv +aUXxyDCbnFMznJfkxjbvFbQdd1hceJht8Dx+ikpB6MJHqHIEry0WWgf3JdN5PErr +ATndjBE4BaTZ2q6sCv+SdK60Mk0mYA6l6nSC9eB8G9C4bA1cQEOu6+FPmFzSkiIF +temA1tjQnhxKZZigzxIN3EQAnq/23jf+CkxAt5GkpUjqF5bqKI1nerJOgn4Jm5j6 +sPZGpGllzHLBaybfY63Az4sERC28OlqFw1vxQs4hWIWNWEAMF3Oz4+pYg4OIIh5C +Nr1aqJgssWfOZrX2KSz2vqrZoU67zq84MQcJTSmgKVBb9OnrC5tYn5YVUlydPPjr +Um0iHlWC0MFiIgSzx6Ti2HnPgc0UHsA6IpSTo+UufYYNDiFCssRbu4r0/Syq4MP3 +ghYXdP9Tj0FISz2TvM6YQfzHej94bZcVNwnF4pWEnGZtBbNVvJRw9iJHHkDWLiYM +1B73zs7+pA8YgKqExDHXc1Shou5HvSuTXSmaTMUHrCkhotHfpqYhrJiAmJ+OftNv +6oxMPfNhZg01eOotm1J+WV2mJbgcPTNSC1ONcSFdQ5vZZLL24J2Hcw== +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer Binary files differnew file mode 100644 index 000000000..592c96230 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-SSL-03.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-SSL-03.cer Binary files differnew file mode 100644 index 000000000..a699436ca --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-SSL-03.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer Binary files differnew file mode 100644 index 000000000..e4bd48dac --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer Binary files differnew file mode 100644 index 000000000..61a7ccb15 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer Binary files differnew file mode 100644 index 000000000..5171276f4 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01aaed.der b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01aaed.der Binary files differnew file mode 100644 index 000000000..5171276f4 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01aaed.der diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/atrust_OCSP_Responder_03-1.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/atrust_OCSP_Responder_03-1.cer Binary files differnew file mode 100644 index 000000000..ebfbce9a0 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/atrust_OCSP_Responder_03-1.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/idl_signer_from_IDL.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/idl_signer_from_IDL.crt new file mode 100644 index 000000000..fda99f2bd --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/idl_signer_from_IDL.crt @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEqzCCBBSgAwIBAgIHANux81oNezANBgkqhkiG9w0BAQUFADBAMSIwIAYDVQQD +ExlJQUlLIFRlc3QgSW50ZXJtZWRpYXRlIENBMQ0wCwYDVQQKEwRJQUlLMQswCQYD +VQQGEwJBVDAeFw0xMzA5MjcwNTMzMzdaFw0yMzA5MjcwNTMzMzdaMIHkMQswCQYD +VQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5 +IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJ +bmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEUMBIGA1UE +BBMLTU9BLVNTIFRlc3QxGDAWBgNVBCoTD0VHSVogVGVzdHBvcnRhbDEkMCIGA1UE +AxMbRUdJWiBUZXN0cG9ydGFsIE1PQS1TUyBUZXN0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAuDjOyf+mY+oQL2FQzzuaiC8C23vVKbq/n2Zi7BqSibZH +mtqMJfmj4pT+hWSNHvVvWsaxFcx4KeNqdCMzwnw1r4P3Sf+2o5uFku5KHEMLMokR +yYQG9VqY/KkB94ye7Pv6zT8gvKqxGFg96UamECep4swPaSZrA8AOER5WAtyGDzKI +Tz+a5zfFaTXDoba7f98PCWR96yKiFjVOhzp38WVz4VJgz+b8ZSY7Xsv5Kn7DXjOL +STX4MevFLki3rFPup3+4vGToaMBW3PEj67HXBdqR855Le6+E6rVxORqsXqlVwhsI +6nuS0CO2LWYmBNR1IB0mXteeYH/HfxvuZc+7yDjdPQIDAQABo4IBhDCCAYAwDgYD +VR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEmcH6VY4BG1EAGB +TLoNR9vH/g6yMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9jcmxzL0lBSUtUZXN0X0ludGVybWVkaWF0ZUNBLmNybDCBqgYI +KwYBBQUHAQEEgZ0wgZowSgYIKwYBBQUHMAGGPmh0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9PQ1NQP2NhPUlBSUtUZXN0X0ludGVybWVkaWF0ZUNBMEwGCCsG +AQUFBzAChkBodHRwOi8vY2EuaWFpay50dWdyYXouYXQvY2Fwc28vY2VydHMvSUFJ +S1Rlc3RfSW50ZXJtZWRpYXRlQ0EuY2VyMCEGA1UdEQQaMBiBFnRob21hcy5sZW56 +QGVnaXouZ3YuYXQwHwYDVR0jBBgwFoAUaKJeEdreL4BrRES/jfplNoEkp28wDQYJ +KoZIhvcNAQEFBQADgYEAlFGjUxXLs7SAT8NtXSrv2WrjlklaRnHTFHLQwyVo8JWb +gvRkHHDUv2o8ofXUY2R2WJ38dxeDoccgbXrJb/Qhi8IY7YhCwv/TuIZDisyAqo8W +ORKSip/6HWlGCSR/Vgoet1GtCmF0FoUxFUIGSAuQ2yyt4fIzt5GJrU1X5ujjI1w= +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer Binary files differnew file mode 100644 index 000000000..afe6fdf09 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer Binary files differnew file mode 100644 index 000000000..376d0753f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer Binary files differnew file mode 100644 index 000000000..592c96230 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer Binary files differnew file mode 100644 index 000000000..61a7ccb15 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer Binary files differnew file mode 100644 index 000000000..5171276f4 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks Binary files differnew file mode 100644 index 000000000..a976d286b --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json new file mode 100644 index 000000000..221ab5351 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json @@ -0,0 +1,6 @@ +{ + "v": 10, + "respID": "NavkR2BWuvroWkIKWhAQ", + "inResponseTo": "_2ac94139a4451f7ef0893a5b823aff16", + "signedPayload": "ew0KICAiYWxnIjogIlJTMjU2IiwNCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9zbDIuMDtjb21tYW5kIiwNCiAgIng1dCNTMjU2IjogIjBGUmRDYkFxVTF2YlQtOUt3S0JUcU5GQXBkcU9HT25Fa0o1dGp6MFp0anciDQp9.ew0KICAibmFtZSI6ICJxdWFsaWZpZWRlSUQiLA0KICAiZW5jcnlwdGVkUmVzdWx0IjogImV5SmhiR2NpT2lKU1UwRXRUMEZGVUMweU5UWWlMQ0psYm1NaU9pSkJNalUyUjBOTklpd2lZM1I1SWpvaVlYQndiR2xqWVhScGIyNHZjMnd5TGpBN2NtVnpkV3gwSWl3aWVEVjBJMU15TlRZaU9pSlJkRjl5UjNKalRWQm1jamxmYWpsaWRFTndhVXAyUTFWMmFVSlFSbFZqYzJwbWRsaGhVWGhJYmpkdkluMC5RQ1BLOHZrZzlvSkprUk5OTmR2cVE4V0hvTk1Id3hrRExlMEVFcmN3UDJHTVROM3gtR0Y4MFVoQno0Z3VrOFVFcXpqaFM0S09XOXVVbEdkdEJ2eVdlczNPaUM0SUQ3eFNmVDF6Z3R4QnlDcHJLOFQyREZTa1VqS1JpVGpqOHoyUWlWXy1NbzJKOVJmVl9LMWNseVQyTTNFdnNjMUQtNWkyS0dzbW9tcWlsVkpqaFhZSlZkZllBRFZVQ0pycnJFTms3YUNwZWxTWU4wZ1hGU2VNRUNyRWp3Y0lkaHM2TW5fU2JiUnRJTnVSUmF6aEZEM1Fhb2lKcjFTdy0zS0JUV19fUThKTlhkQW9KdkFqcmFvUTlMNk9JTEhwOGlVQUMtbVVGbDJ6bmVQYnBoTnktSlNzV2NzVlBpVG5HYzdKNDNyaEtvZlJTWmZQUmVxWlRQYi1ncXZCS3cuazNqZUprWXJucEZMUmdfY3dZZ09zN2QzQWRVWnpmTjM3YTROeW9aY214MC4yWUg0M0lzTWNsVFBuTGZMVGc2TjVlcjVQSmdmMlFmRWE0bGg1dFdxSlJHdUdPRUw3TVVUMDZLMTVxUV9jTWZ6M01XVnRDV0lSNE8xOG5yMVZtN3M1cWZjRUlmQVpTRk52OWo2SXViNkVTeUtDeWk2YktaM0VDWURxbS1ZMjZETk1GWU4zeFMwOG9UV3ZPbWprR0Rqb21xdzBUcjB4RF9saHBRZlhReTJ1WWZZSDBlc21NY1BnS3lyRmF5NzZnV3VQeWxBS1lXbzd2WVB0UmxMR3AteWZ0eDFVMGFQU1BCbE5sOTlxb2Vzdm9BVTFrSXh1aU94Q1BYVTBqYWZJamF6MklDT253QW9qV2xrVlJWeDE2TENEUEF2d256Ty1vbHR3eUNBNmNzbXZYN1VvVlAydFZLdVVGVnJRUVFkNTFsOGc4dmxpb2pwMjlMV3ZSdjJTeDR5UG84TS1qOGw3UlV6SlhwZzNsZV96WGJfOFRfYUpra0d3YWE2UV9hV0ZDQl9ISkRGYkUzbDJzeEtBeHYtYUd0QzhwVVp4RnppNHB5YUVMd25QVUhpalE5UnpRUm0tY3RlTUpZM0NhMHlpMXl3eERudGRic3JSQzJvdG84aTMtRnIwWWo3R0t1THBvZ1hHT0RLX1p2X3FoNFdIZTBjRkxZUUNuLVNUSEJtaVo0SHBxTU8ydXlmeGpSYUxqN29KUXRSdXJ2NjNvMGJpeWxtNTVqMHg3eGhrSDlPR3liTUtaWVE3cE04bnYyblg3ejhJTXZRdkl4UU5heWNQVlJycWFtNERVMDJCQ1VlWVc2T0x2TEg1bmtMaTRmeUhoQXJtdXA5R3JFU1BHeGRlcW1PcTRYeTMyNlE3MUNNMU14TUN2ZXdoU3R6RzBWZnFnTHJjSHl2bndSdW9sRnE2SVlsZU9mZ0JMOVNUR2M1WWxuUU05UTJYS3RabVVkMUk2VVhMS0UwbzYzU0JIbFFHSVlJaVBYMy1VYnMwcEtLLWJfbGhMNkszT29Pdkw1V3Q1OGljV2FCbFJqb25VbEQ1eGR2b0dLTjNZVmRxWDVSZ3BIUnQxMHVHcDN3cER5S3RYTy1OTWJjaVVTUURQMVlNMFZScE9oZVN6Nk15Vmx5eEZhMWxKNEVpVXRhYk5jYWMwMHJUaHdqMkpSWkJRUGlvb01YVk9mTmxGN2xGdm5UN2liQWNVTTNJcHo5bW1XM3VEQzFxNEUyd1p1bWk0aWloenBlRkNjZTRPVkZWYU1pMGxNaW44VnZNejVYRW1QMFlISFNGRS1LaExuZVdMeXlFYlBzendhU0I3ODdXTUNkZ1JmRU9PakdLVHAtWkNQeE5jUXY0ODVFSElEOWpzV29nRVBxZERoU0czSWRhT1ViY2EwOXJ6a2xQaWlqaTlaeE1lVml5dUd6M3dkc001Y3pmalRHT3BXM0hQOHlwM2JuYUVLMTJBdDNuTTZvUkdGekJLNmc5RDl4eTl0c1BiMkF6MFozc1hzV2RpbzVJV2J5UjhNWk5PdGlNOWxmYU5MMFY4X21ueGlrdWxlSExIaXlQc1JIZUotb2NSOFE3YWh1ZGJfX3Rkb0dFN1R4dC16U0tPZHllcWtOUll5cVd2MFByZloxTFp1bkNCMFZqeEFtVUt6N3RrWGpxeVFQZlFsc2dmblJ1blBhMGVvZHJvZEkzV0dYQmlkSUVjWkxHbjM4bEZyUWVJUkdfNG1hMmpteGp4NURFdXN5OGdqcEl4TElvZkxGQTZXWEtvU1pwWV9sMUxVQzJ2RzkxWGt1R2o0ODB6Z1NzcWFyN2NUd3ZUWnh3M1hqamtJTVFuS1RKa0s4QnByNnpqdEdJTTF4VEc3Ti1iUklhYWE1VHFjbGhGc0dMTmJTU3Y0a21EU19TX0x2cF80cWFHcWNjTHJGZlh0eE8zTnRXaFNpdXZzX0tsN1VfQmxIemZYV0lNQ1lZNlI1SDI2dWpRZ0ZEenpkV1pQVTBxM1hVdlltY2FXUHdMV1JWU2IyTVFjZnd2NThYSl82cUVxLVhaQjU5NHRaR294SlI3TmQwRFhqV1l1dVVTNExTYXBubnZ3eHRpTUF6X0diMjBwTmNBS3UwbDJGb1Etb0ZwQno0LUNRdVlZbE9pUVZhRjQwN0xlVUpWSFR6cG1USWdlZV92Z0VTUmtqTjY3RUowbVBtZDJQU01mVnZwXzBmLTZYN2NRSDlCOUdET05COHJXUFJLZnJBYkNBNWxaZkFSZHFkMnUxTTA0TDZjNW52OGh6NmptdnpIMEExSjJIMWNpT2I2QldoM0daNzd2NTlKZUxEZ0hoRDh5ZjRSOUdNSEo2dHlFMmpsVmZTd2lSc1JjMVhQS0Q1WTl4aWRoZDdKYWV1MmptakgxVXk0aXNrN3BjTDItWkxTOS1rZ0tFNlBxUVliQmI0U1lqN044UXdMQmVodkM2RzVYYjAyaFlGWUNpUzhIV3Z4djRpZTBjb0RkZmR0QVEyZDFpQUt0VlBBTW1saVRCZ1g0RGU3bW9oeGRRRVpTbG4wY3RRRDJsTzV3RVIzRnlkejN6M0lLbW56eXBXZnNkSHh5ZF8zUWM2b0RDZnlSV1NJVW5BQmdhQmV4ZmI1RUhXQ3NOeDVXUFI0ZE9mdDdrTWdBay1NNGI0NnAwSE1ieDdYamZ4U1NnUVprZmZRalZraXFUR1FGajVXS2hNS3h4YlVpRHZKa0laeEVCbWJiYVBQeXNjRXVxUHZvc3J2VjFadWtiWU01TWpobV9qMmk3RHBJNzIxMXRZdG1VZWZ2Sy1jUmp5TU5rN0dxb1kzRFdobWE3WXhHN1FlMmY5U1paemhOZlJ2T2lSak9TX3ZrTXFjUnB2bnlhN1lsc3lYZi1fVi1TNDU2SkVKeHFKNm03UDdkS0ZKTVdxQnlEb0NLWkJBdjB2TXRWem5JamhPa0oyS1o2dW9VdjlWcXg4NXBUaU5XWGEtYjhZelB4TkFTVS1IWWh1bUxLZE9jS01veGt1UENzcURaMzY3d2xpS1g0NFJCbW5fTGpTWjFqSmxNelByQVJyMlh1ZUtHbTVBQkNDSjBWclNhX1QtM2lNT2IyV0RVOE9EUFo2MHFmRklzTGRkRHk2QXk1c0RqbDZFa1RKc2hqZmNacXN0Ti1rc0kyN3d1VDYxVEh4dXRnS2tNWHZ0NFhoM3B0VGgtdVJGdWJmYy13cm90M0JXdXRzMjFnaGpkbk44VDd5TWJRaFNxd0N4anlYSXZWZXJoVEtKWkZ3aWQtTUVFLXE1VVhKQTN2R2FoWmlSN19XalEzX0NjM2dWLUgxLVAxZDhidnI3dTJURlRRam5CV0l6YXFIVW1QbWRyMzJoX1lkYWtpelQyNVlJNGkwMzJweE53cmFzdG0zY1BWa0tacnJCX1llSE1La005dm1QaThiSkhicGFSOFBkUTVuQk1XSkJkaUVuUTdoYVpPazRrWEltNXNyelJNVWhhRGxJaHR2T3hFUVRpMVd0RXdzcjd0OGl3YVdyekRaTXpGRVY0Uy11WUsyanhJeTJleW5CRXFzd2lBMTBnWVo4ZXhCSjJDU0VXM3lQeUhUWFIxN2lBZTdXUkJpYUhoNElXUnBJalI4MHExRjlRd0hVeEhQenJoSEFXN0JFLUVBU0xEMG1YN3hCWi05a094S1E3VjNNSXBIOFFhck1qRmJRelJRX0Ftb1E4eDdCMUdZLXBUeGdzMWduOVFxLUpRTU5peFhZSWdhM2dJQnV2ZE9GQjlQZXl0V3FpT18wV2Z1dVpHb1dkcEY4NFBoNjZlMEdCa0NuYjRkVnZyaHlZNlRvRXVzbTNtTFR5SVB4UWNTd3NnR0VQSHN2eUpxclpwdzNHVkppXzVfNUZqakNuMjhwSTVQTllEVE85aFNGYmhNcDNqMEdBam40NXpJUEYwdTlCa1Fick9WTFZrS1VCbEdHaWd2N3lSNWlvd1F2UjRvX05BX1ZVYWxndV93SWxVRXZZVC1Ba2hodzZJSFp0Q3lJYTd1aHJ0eV94TEYyX3lHRG1zRnZkZFBfeG5jY1dZVF92LXdIYm03NDVObmtoN2xVMlhrRUxkMVQ3bkVfb2p3aFlwWmhyUVNjanBfbUdSRmFuU2ZxOFVYNU9rZVh3bm4yTEVRQmJFOWEwak13ZE92M1FnZU5zYjIxd1I1QVE2RC1pNnRhaGxqWHVDMjBSbVFaTWs5Y1JPRE5abFNYUVZBQzhqTTEwb2lpRFJzdklWTXZjQWp1ZnBLbGNzdFFHdnlXZmZlQjNKbkFtYTRueFUyeVlYeHFyMWRkZEpQbVZ6c01xek4xbWNnZHFLWERHX0R3dGdCMUNNczJVd0tGaVoxQ2lpSk5vN3hPOEdaT3M1TzZncFpKMFh6cjFudFU4UUpYNXhoQlZUM3BRVFU1bUZ6SFNwdExkTU5ueTFjS2RITmMzQVlyUi1CdEdUVXV1Qnc2eERKbS0tT1FjS0RqMUJxSkxmMG01ekpqNlBKNHFQTXpWOEFHSDRrRzcwRHQ2bHI0eEJrQTM2MkpoN3B1eGFsWWh2aHJoR2UtOUhHVWZPNzZwVUlTS2o1WlplQXFfUWp0aTVVdzZGWU55bUM3ZWVUeDFPQUtsN012V1lUaVJiLVlLVHlNck5yY3V5RTRXWGtlVjBhQTllX09JQncxeHNpU25SQkYwTVJtbnpuX3J2NC1kNWtSSWNGc0xWenlHbzZaNFUzNk1odTB2a1R2MlRIU0pYc1ZEdzhvSWpEVUg3UFo4UDZrdEFmSmlLZXZ4cnZZdWw0Y2daaGxhNFBnUDVNR1RmYXlZdGZJU2NBbHZ0TG5pNDA3OG1ITmNoVTcyc2dheGtndERsSUhiVUpqdDlpZEZFR2dPcmdvODllMV83N2VxWklYaFlPdUpoOGVfUlhRd1o2bThOQjdvV1lWeDg3bmx4X1VKdFplZ090dGxnYUhwNXRWVEdPTk5jeUdtZENMU3lvRzZ1c1VRd0VqeFBGc1NTSXU5V0FwMTliOERzTWMxdzN1cGxIZnRMUXlnUDBzUXNRUG1FdndxOEpZc00wcjRfRENPcTJkcENvS1pUTlRDQkx3X0V6N3NzXzZpY1ZkWWhHekRpbUdZTWNOanZXcGQ3Q3pNczdkV1RjN2ZVeHVDWmstTmRwMUhvajVXTGJQd3cxWnVNOTBHWTZUVU4wMmdsVXZObEJ3Z2tTa1doclhDMU8wOXlGMFQ3akZMV3g5akMzY0VZSmhzTmxVbWVSeWdXalROajJQeE9WTDRTdHNZTXBUOS1VemxnSEZEbTdxZ3lMdlZhVGcyM0lWLW9LT3lraUkyT1Y0RG9PcndfR0hlMTlsdEQ0b1ZsMXRrQ2h6WDlVR3h1TTJJM0o2b1Q2Z25kN0FNdmRscUgyZkFQb0NfVHUzSUNFM1dRQXAtTFBVTm5lUkdJbnduR1Z2aVZmb1dUVzQwVVRadUlPNkdwOEJDUF9lZVFEYUVnV0VCUC1pV2M5bjZ5dW05LWhCbDNHS09YVlhnOXJsaHJSdDY4RkE4Qmt0WE9NaWZud29pNXR6Ry0tMTFPZVFmakRGbmJNUlh1WEpoT1RSLWNVYXZLQlV3RmFFc3pZdGJjQURmdTVJeC1lWHY5ZlM5d1pkZElOcHpzT3ZZb0t2cEd6MjVnNktxTjRXelF6bjY3WEhvbGs0VVMzVmRjRnYtQ3g1ZmV5MXlpXzFDc05acVlPSVZYaXRHRk1wdHZ1aThPLVp4Z3dhRDV3Ymh3TnpBbS1FTkhKRFNyV2Y3X1pwYTl0RUI1ZGM0SjdGbnpwX2xVcTQ4RkxlZGRuSmVoNnJhMzkyckh3NlpyQTJDUktsc3hlWTBZdGJwM1lyMXd2RWlYY0xZYTF4OWhBMnozM0V1aGFhUXFqWnBJQ2lYdXVxc21ZeklnVGU1WVZ6ekhZOGVkVGFCUE11QWdrMkFZTHQxZHhETGdndlJ4MXN6cUE1c3RUNEpFZEtXbGs3ZnFIeHJIOGoxdTNwTjNCaS1LTXdNekJ4bjNEZERncTV1ZTFPY2g1d3VmLWlhVHhnZVdfNmV0eGkxNWJ3Uko2STRuSUxTVGk0bG9aUDFTa0ZCVkR4el9FODg3Q0I1ckN4ZnhjY0kxRGsxSmlRWEFqNGtEMF9mRWRxRkllbnpnMWZ3VzBETkN3U2R5ampiNWlmSlk0cVZ2Y0dBSHpoX1dBOUFlYmw1eHcteGpqTkloZGplTEwtbzZ1aHdwLVZBSXE2SEtWMVFIZl9QMWEyNjR3NnBTZENHdGdvYjEweHdpZTA1SFY2R3g2MnI2ak81TE9QUHpkVldvbWJxTEUtZVJ5bVM5eE1JOWl4RG94dWhjcXh6bUZ1cU1mLUxlMjU1d0g0ODEyemVBSi1QTDBjU3FTdjNfXzUwRGRQMldVVHRHMmR1aTNlcDR0VkNObkVINlZFUnY0bUd6QUNwX2stZjlVcWVHTnoyejR6QnRWUGhKWi1rVUEtZ29uUnhKSEFUcU1iOWd0dWFpV2hIWk9mcEZaQi1EZnRuMks1MXZRaXZWWWx0Y1UyRzRYSDRMekJhRldjUjBZMEdVWk10SGxsMXVWSmdqZWVXYnBMaFE3Q3B2Q1djVjhlNlhsQ19BeWEzX2NnV2VNb2M2OG9GV3FBa040TFJ2blhLb0E1M0syRWdmNmhYcXFFLWhMM1RDRW5VQWhaNUkwVWVENnN5X25ndDJsSGV5ekRNT0Q1ZEpuLVpZdm1GZWdEMFlmd0FyWDlETnhrVExfelhzT1hzNERMWlhJMmJxUG5RU1dtbXdmQ2xkNFU2VlZhYklTdFVhdDE5eTYtTjZzMzJTelAtNm9QQUMyYWNqOWQ3c2ZoWHowR1JzNlVEM2ltdlF5MmNWbzg3MVhyX085OENFNENTZEM3cUFNSEM4TE9vTVB0ZWtNaGpkN1dXdW9BUWtUb3FzUkdRUzlRNDQycWNjeEhtVWhMYm0tYUFIXzBBR0dKY0psY09ObmlZY3p2dzFTSHRtZERiWU1BUFBqQ0FHWXlFT2NBUDNueTZEeTd1Zzh4c1QtZkZHNnUwTnZ3Y2RXSndTVHI0R2Y2Y3BtbXkzQTRwYk9wS1ZpdWJoYVJiMkxRb0pOanlxa2h2aTZVMDU3UFIzTkZiSEhSS2xPT19SVWhCMEotenFvWnVPb3NTdjk2RjZNZl9HSlpCUVZVcTBrQWI0dkVlNU95ZXg1aEcwSFVSMWtYZXB5Y0p0RG9FbmdqcWZqUmp3YW9HcTdJLXgtaV9qZjV6NXlNV0FqRkpkOGhiblV1WnB3ZG5iVGhLX2pHRXhWeW9zby1TM3BNQUM1dnA5MzR5MS1zbVo1ZXA1UW5xUGg4YUV4V0pfcVF1NGU4cnEyMzVtRFNmVGJOd1B1TTFJVElhWHAyaTA1aUZ1UVZPcEliOGpuUGNMN1Jua0dLMHV0TkhQOERJLW9HSFpiM2dVQWV0VHRINmwxUk9xZ0FFRkktVHQzVXlxQmotSVZmZ3QwRGNDbmNoYWlQUFhiSExjMjJSYm1jR2JjTjk4UWpQSlRSZDNjRDEyN2hLQVZIS010YWtiS0x3cV9abmpCZjlqMDZuVnZvWi1fc1RMNEZZSkhSRWJpLXhOcmw2SHBqOFMtRFZRRUpNMXlLLVRBUWI0UDR2X05uWU51R1dVTlhYYUh3bmNOcVFseWM1N3pJYWVkdzFUdm5UR0gwUDR1end5MWFnZFlXVWFXODE5c01ISVhBNWJmTzNEZDFSZVlUUzJjZ1NTaGwyclUwSUtrY3NsRlJqX1BicUt4RzJYSXlNdE01ZG9Eb2FONENFNHFfQmxNZjhXTENvNG5WLVVSRll3eVM1bVdkVWtSZzJJMWhJcXA1UGJyaHptUGI0RFBSclE2dWlNd1hXY3oxN3lOa1daYTRNTThIUW1EeVRwTC00eUJlREU2MmZwQlMzWkZERWxKVE9UMThRaXQ3Ny1PdTFjODl1V3EtVmhkRmd6UTBhT0Z1T0RyY2RmSlpEclJ2M2NXeHBvSG80SHp5Y3lsYlpFd21PS1FxdmhQN2NDRGJYbEFObGlPV1ZkRzZYeTQ3QWRIS2luYUhELXN0eWJGRnVHUl9KLXVibi1BVmhsYzI3bVlzbDl1X2VDbVpSWGE0bkFTa2YyYWNONFd2em9YWTJlZzFrNi1Qbld2bnZDeEVLVW9iRi1kdS1EY09nQWxSdnZzcGlweFRTS3FaNGZpeHBfdUJxYnlDOWR0YkJZTnBLNUM5dU8xQ3JVaE9iQWlMbC1NNVgwWGt1TjNYVzJ4TEpZWFhaenhGbkh4d2w1VlFpQXZDWEVlZTZaTXd1N0NZNVNqOVpkeXJfQV9uUExyQldHX0hvUEtlV0laWEQ3a21nVWVJYWQ5dUxrOWUwbjl6Mmx1elowWEF1YlJEOTIyRUYxLTlpR1VGUjQxdE1qX0JldDRhQi1aTW9YVDZGNGxKd0gwT2lLaERkUmpDRDFBazF1aEhjLVZjTDQtMUJHN3U0cVE4VWtWcWlnMFlldmlNaVJOTFZxMkwzTU83ekZEUnN0SURXamVZSDZkRFNqcF9hZVFhWDZXR0owZW9nSmxPUGNTTUZldjRCZm5pSGFOMHp6RmFaNHJjQ01wTUZwUHZCcHMyVmhhRHo4NVdnSUpxV2lNM2UyWEt3YVEta3pqU2J0T0EyVmNhQ2VKMjc1UTVmUkVvTDZ3WkoyQUYwVGo2OURpdnRWNnVfVFpTbGNjSHg5OWNHWWdtYTFQWnJMRy0yVTJiYkFfMG03azRzSUdYVmlJb0VyU3dEUThEU2tYcG5ZNDRLQXdFVkQwMTJaT0s2dWlsSVpsSlFHQmRCWENDa3JOeXRfUDk2ZlpzckotQkQyNzJFYUdiVWZVSkJqNkc1NU1DZnFFQnFCV3hWSlR1M3Y3QVA4R1pWeEEzREgzTFB2TEU5OFkxYW1yZlNrdmxieHlCQTVmb3ZDQ3NUMUI5WUJlZlhDZ0JULXZ4SjE4NkluYnA2eFpZbWd4YTVCcE1vLWt0RmZTcnRyNXNGNlgxV2JIaDlmQUY2emNta29kQ05CNXNaZnhvRnJzNlB5YVc5dF9yMjZZcFJmYnpLUGl6SjZlOXlyQ0tucmRaU1BNaVdBcnJJamtzWURDeExQWGZEaGlES05wbms1emwtTGRXWGVvR1VncmxnZ1V4Sm0zYnRnZzVDdFZYUTVfN0lxVUVibk5oMldMc2tlRzNQbW9zWjFjRWp4UmRiZzNBcTRWU0c2ZkU4ajRRSmloM1ZzTWgyUDVlUmFuRlF3STFJeUQ0ZzY2T3dIcEZ6Q1ViSTk1WEZ1VjNRMFc0TjNxaUhMR3BPaTEtWFdEUWhQc2FwTnhadkpKbW5FcjhoOVZyNGYxNzhZelFCUnNXTUVkOEhtdkFJYjN3UkFXOWxMUFRNMVJkR0V6ekNPUDBCQ3VnaEcteVdGcFNEMG9tSzdVN0otRWJzVHVGSHVEX0NlaEd2U1RJUDV2bS1BeTJ5LXBFT0daaVBCSk5HeWlTYktuRVI2WkpQbW1PUXpBNTQ2ck9xaDFDTmo0OXBuZjByaldKM2xXSDRhaGxsemFweGtqSWhDMDdqM20wSlZZcl9ZNWFkS3VkbV9SSDA3bHpRRzJJRXY3YzZnT3JwR2pYeXVOeUUwWkFfMHVrT2xRVG1icENpS1BJNWprUzZ0MXNtNVItQk44TGJDTlR6QjlCSk9SZGt2WmRESWhMa3BUak9aRnU4Wk9raWFPZUx6cTZRNHVBZVhoYlo4MldVQnY3OC1NbDNIVzZiMkswREQ3cE9lZ19LOVBRZGxaVnFiRzAycXc0WDRwOXBiUmV6S2tQMFYxdzhXQnNMdkdkbWp5Y2h2RnBiSDJwZkZHNzJtdGhoeTVBVjg1dmRDVU5ZYldBd3RsSTFiM1Y5SVZoMzRzWEtjUHowYWhKdV80N0dmNm40ZDlsQVc0c0VRTWtoTDQ5NjZwTno4eGczeHdWZVBQUndTNU9SdWU0TGNCWEdzYXZ6cHFCYnVIQ182ZGJ5VFJSZlRBOEVObWNzUWJrMzBGenNXR1VLS0Rmb2N2WWx1bjR3amZ5cVlQWkE0Skhja1liUnNZS2llUnNFTTZVRUFrMGNOQkUzRVlueHZnU3JtRWtqdHJQR2lheE15U05QNWR4S19oVEVDZTJoNWxpSVVKaThJYUpSc1g5YWR1VHFGRVowMmdQamhwTFY5TU9JTjRYZ0d5S2hhMnhxdVFfM3A2RkxXaUljVlJiR1lTS1I3cDFIXzI0OGYwOVVnUGtuRV83ZlBrQWFnamFfQWxqV2xHX2F3UXhCOWpGTGNHNldIU2p2ckpWOTRZOFQyV3VDYU15WHpMZFUtaWhpeXBYajB6N0doRk1UUktUVlBqbGZ2UEtJMEVBdUM4U1J5dVFkYXd5MzVGbTVpSGFsbnNTY25TOU9GdENzeVRxamkwNWt0OURpRU92Y01qcldEOVFrQm1aUzJrNWg3QzZFS1dWR0sxeWVOZjQ4YmpqSGZMWmswTjlRQ0dIRDhFeVY3NHhmV1BWUWNfQmd4SzBRMDV0VUlYTFZOV1g1WlVySFh4MVFtVWc3RlhhejR2cmVCZUp4enhSSnJaZjBWWlEzNDFPNG95Sk5KN3ZWc2dVcU5Rc1Z5dFdKNkVKRC1pTWJBZVZkeXM4OTk2UmY1LU9XcVhsUUs3dVVJbVZmMjBxTDJpMHlVY3NmX3ctUFM3dDJnNVh6Vk1feUlXZmVSSE9obTJ4Mzh5UUY0dGROelBtMjNsSkNXc0VuOTBhSXBJdFBraVk2T2FCTG5tdzByNWNpNi1ZR2xocWk0cmxVSDI2TnFvTUZNeGRqQ29kVzFHb0VkdUw3T19VbzJib1dIaGUtTUF1YzVxR2R0RVhac3BCTGd6WG0wOVdpaWF3OXhWSUYzQU5DbE1pZXRobXRBQ0pRd2pNeC1rckdTZmtyX25ScmwweEh3ZlJwajIwX2VWdHdKX2xLcUh5Q1FzT0ZHemlLWU5tVDhDbXU0enV6dXhRc2sxVVZmbkJ5SVBGOTFNSEFPZUo0RGVaMHNyZjM5UFZLd0I1RjNpcW1QSmYxVE1jUXluZFlYbFpITzh4SnlIZWhRVWJDTlNoX0hMeHpCVF9CX3B5T2d0N3l5V2c5ZmNLTUtodUtJaTFhTXJsb2FNaTEwN2xXY09OTWdQbTdOSWJURjRyOUUySi1oU0lEWlFrb0tCQkoteno3TUpvRnMyTjh0OWxqSW1IRGFrUnhYV016TFFKWC1WMXhkbktaZS1zek1XaEdMRW9XckNMeHNOQXZzNzlSTHBBVV8tdmVfWld3bWJQN05jYm42V05aa2tUWXZuX2tuQzV4LWhkZTU2OUw5aXgwOHdTNllDTFNxb1JvRVdveE1pT0ltU0p6ZkZTMTFnWHdOcnZxOGtYSkhzMjI4OWlsckEzOG56LVhQSWVsaW9EN1Vfc2hSSXQyRmhsT1BlMVcyRWNSbGNvVm53NDh6UGpiTHBLNTNTNlB6V3NuV19GbU5aejVVWV9oY09NZnljZkNSenN1N0s2VHU4WWxKWXVTWTM5ZUdlVWpjaWI4OUE0OFRLQ0w4Ui1kQUJyY0QxaldCUWg3ekxxckJfMnkweGd0QkVWY1k4bjdmRkNNa1Jac2d6bV85cDhKRGdjM0tvZGFtVHRDTHUxRDNNNXBTWDMybXh5WUNReW5EZjBfdXpzZlBHcHpQZEhYSUdEQlRNcjdpOUU0RWgwSGhUaUowSFk3VUNPeW9WUjBrMDQxNUlVV0d3dXpUelY0MlhDS1NQazE0ZnhaeUNVR3M5LUtsOXNtaHpOajZrTTc0NkQxSGI5QkVLdU4xRDkwSUFHTnhucHFlMHl0OGJZQjlHcWc1NzJ4cGVpbVRCQVNkemh2aEVTZ1VoNUNwY2JXR2hsekVEcS1BazgzbUFyXzJDdFpnVlB3LXRqRzF6NkladnhfekVyUWh1REhyV0FvcjB4cWdSM053TzlJQVBYUDlNbVdFMEhsSzlmS1E1TWpISXZiSkZvdGFOUno4N2RVNkRPbkV5Q0syazFSRkRFekM5Q0drbjdSY2dDWDh3alZCdE9LcW1vNlpHTThjZW9BMjJ0TjlmT2dRWko1b2N3OVg3YkEzZDNhMlRsUHJSODZvVExrYzctNFdUYmVxTWdiZVBXUUgwQzZBNGJxN3VScF9qaVl1V1pZN09VWS1TcWpvdjd3UzAwT3drSVN2WWhhYTRqd3NKODVSNXR6UlZuT0JlTGs4YVU5QmhVMEY3RzRhMHZKTDlKSG50SFpiLVotMWR3U29MUHhjT1NfdXVhemlZdXlyQ3hvQ0dld3lKQVJ4dzJsazJjRmVaVFRxRV9DYmVZcHV2OHpOR2piVzM5dUZoOHYyXzd3X0tINUJvTm5ZU1VtcVZHOUF1b2dqbnVMakRfSzdIRF9hdnV2LTNrQnUwSDVuelJnaHZCLVZacUl0dTVNSjlNQ1h4aVcwYmZhOXduYk1KU0gtZ3pXX2NJY0hXWGRzUFlScE1JWHBCVUg5b0xRZ2Ruemx0ekpvVkJkdWlsWmR5NnFfb1RfRkJNV1N0N2N6NmZ5U3E1TXNQZTFkYVRqLXE2b2lvcDNBd3d5d1ZsOUhvUlpKUVF4Q29JN1F6SjhURlYzRGJ5aG1Bb0xScU5Oc1FOc2ZEMDBhZ05lc0d1a0xuN0hDNzFKdm9qWmZWWHBKRGdmdWFiTkkzTUxhR3VJSDB3a01aS1dQSE96SHlBbEJuaE5iRDM2U3NYcHdhdEVOX0k3U2VQbVFWR09fSE5fRjhZajFjYm1KLXY4VkdtT0pQM0xyRlF6d1hQb1piMmNZWmlOd09hMWJtOU8zdGdDYXFhS3p1ek4wQlV3NU9HdDBsNVAxZG5PMEs4V3F5V0Y5cG5Mc2dpQm9KbFQxYUpaVlI2djlDRFlreC1HRnJEejF0b0MtdDZmVWhFQl9ZaUN2cWJSYkJybzFhT2pMRWVsVUxVSGd1OVBzblNKTlQyTGczTW1kQWtDS3NrUldhVEt2QWl5OEdwenA2QXA4WFk2ZDdjQ0lKZ3ZOQXpkNlVPUF92TERjZXJ4UktRYUdDbTBWejVSWWZRcGM4T1lKUmhEM3MzNFBhMVoweFRBLU1uWjVkSDBMU21ZRTlDWkFXWFFzZ0s3dXROWUVBbUZWN3h5cFA1UENHemJieEt1ZFVaLWdJYnBXQ215WGVobGN6bFNmbXhiOHRqT1Q5Qkt6bDFpU01fZ0cxVmFjUFZTQWJhWWVmMjRVZHViOG9tRGkyWFBwN19MeHFXakJDS0JMa09Ec09WNm8tLThFd3k5UHVIcFVWSlRJWjdnaV9aRlJfMXUyMWt2aHB2bGF6OW5GeEV5a0JQYmxyWWVsekxrOWdGQ2FoUDNOQXFjWVp2d0xWb1VTQU56YTliRGdodThOYTN6a0JtaG1USlJmdTBTdnpqRGJZbnNMd3EwRDZjOG9MYjVqaExka3lBN09TSWlaWkdMeVBicDloUTdXU21kSjA5VmVTS2VweUJmLXdtSzB1VmU5MF9mdHNORGpQSU83djFkYVh0YXJpUWc0MXhGY1RsMmJ6WVphYXV3N09IYjEtZDlzdk1vNnBjMFU1TlZzY1B5TDUwLTVhVmtZZHlOcU5uV1hmU3VfOFB0MC15YnRBNU5Rd2ZSNll2MjhLeGpLTWh5THRvQl9lcUV6Y0lneGVCNUhsRkMwTlFwY2VXUU1UelM3V01wTjJ5VTNIcVlocXNESXoyV3UxVEFQMFBCYnM3MHdFUnR1R0dwRHhPdk1ZRmxKa0FkTXRlamJ1bkVsWVBNYzJHMHZFQXFvNUxPWEhJNVVEQzhVVHhHY010QUFJdGw2Z2llXzB5ZFFiRjhpUHdMYWEwUlJBemZzZ3lLdExFZkR2dVVNNmpvVmxoS2x2LVhiVVBvYTR6Ry1aWlRQTTFUdHU0dS1BRjlJUWtEcDlHeEpwU0hfd1l5aGFqWFp5UUF6M0NScFJPTXBRSmRmYnhuNTFMUDUxLXJwR2ZQamM5cG54OVc0OG9OSDFnbGVySmR5dXVOSUVNOXVkN0h6ZG5rWXJNZ1NDZGNVVzdCZnZjTnNWcFJPR1MtdmRhSm0zdjJ6QTJYLTNaRjFEMFVFVm9jbHBvbllYWDNIQnowTm5tZXc4U3l0TDJsa0tyeGhoX0dRcERNSGxOakttZzlZcFd0NktLM0NTQXJFX2ZDd0hpOHd4NElwal9teER3LXI0Q0dZYmlwcy1QRVMwc1V4eHRLMG5HZ2pORGpuUU9FSVdSLVNqdVhjZUhIZnQ1dTlVMzFXbTdRamxtQTFhNWdSTTd0Ul9XMl9iZFMyc01mYUtkR2wtVERIVm84UkxZSE1WVXoxTXNWTVEwV3NuTENhTElmT040YmxpYXN0WDJvakF2VVZkY29YUWNTVDBqVEhFNUk0el8yNXdiaUhwTW9mSkRRb2NiUi1Edks1TDNON1JHX2FYYUhGSDVIeEtrRWZBa0JSVjJmOXREV1ZxelNiTjVuOUl1aDE4YVV1SzhxYmV2aEp5T2p2M01ESUdMX1lkZ0R3TFFlU0tjRWFFSUpzamlTMGdIY2V0WDhua1RZYTEyMlFKYWpzY244OWszZVVZeVBkNDhrZ2FldjUtVXZ5NHJsQnRJeVZRaEk2OUVGOHB4ZDlWZWJYNkF1cFZuSGR4aDRTejFWU2x2NU5WRS1ycU83cWQxRGxwVXJIYzhTMkpybU8tSHAwLXpadjJUM1hRT1F3MXJTYy1KRHp5WWJ4dTVzWjI3VmFlSlFuU0Jzb3NSVUZtNktaY3JPdzVoMk5qVkR0b1laSjVhQm5sWmY0aVQ4RHBDSzhzTzhacXFaLWRueEpuQ3RQZ1FLLVAwdzU5ZjFVMXIzV3Y5bnoyS09XWC1wdEQ5ZnVNODhPYjZyNndpdTJsVW5qS0dlTExKUmFVYTFPU09LemduTVZCbHowVGU0RWhmVTFud0lxMWZybm5BaTBNcmlWSUtNZlhGQjVtNnF5RWpOSDVUWUtCMk9MSGxDajRlTklyeW9UdGZIWUxneHY2YTUxRlFGSXJTazBhWTQ5U1NpRW9LN2hsRlZod2tGYkloWVBFMVBkQ1dGb3phN0Z2eVZIUC1GbXBzNmlPV0EwWjFiQlVXVnlNRUpDNXJWMXhMYjdUNXljaEg4N1E1Wm1waFVpb1lMN2FHVEdoZjJvaGw1Vk5YcWNXSlpDbUtUTUI1aXJmdzBlajVtaDg3VUYySnZFVm5YUTVhY0xWaXdiZ3N0bnRpUkJSZUpSNWxfUzhjek5BZzRXcWR2OHd0ZmhQM0djQmJ5R1p6VkJsVzRmSHRJUjhMN1gtSVhlSDBQaEtvS3F2ZUFXN2xfUDlSaVVINTdha2xPLVU3dWR6SXhrWXQxMzVWdzYtS2sxMm9nUmlYaUpEcWtkSFE4ZHZaR0VqNEtIelFUQlVVamVnOFVYRWUzc3VzMzNNQ1ZNZHJNMG5ORnIzRXk5SHFFa01PcTFIbmlRaFdKb2FIcWlYLXFISzBLYWR5eTNueVp4TG5MSl9udXdkMUMzX2V2UEVxLUR2LW90TXBvYmt1QnR0eTd6NElGbGpHM2lOZVZFekk4M1FKNkJRZjNmWFZhclpta1N0eDh1b05jMXZPWWRCQkdiVmduUExidWFtSnFkd01ITjhKXzVPUHY5SW9vVFFjZ1YzLU1BalV3ZVpyVm9SbTF5V1FZVnBsRTFUUld0NENFQ2NoQ05jczZaVzZCUTVldkJ3TC13enNQSFVBTXVTcTB2N3VRSnJaT0cwd2hDXzFtRFJWMUlWeHk1TEw4SXQ2TDhTSXhhRC1yN19JSkpFYnk5c0dodHhpdFloN2pRNS1qb2V6Y1M0TEttcWtGemhVSVlYa1BWZ2pGQzdyYV9SbzNIdElhamVwWFkyV0p3OEo4QUxaSTk4Wl9TMGw5RF9BekY1UmZXWGdVdVFjY2NQTG05MXg4RDU1Q2F1bFJjb0tRTWZvR1plMDFGMXppR2t0U0RUSWJNa1BzU255a0tteGk5UDh1QXlncUZFVjJyRkRvaGx3TlJvN1JEOExTRXprbFhZOUFGWVlpdzNfLTI0d1oyS2tUeTI5Y2MyZUZVWlUtVHctQ05ONWFLLUdWMUNvU2NscEhoTDdRemJkVkl6NzhFU0VVY3UwS3V0QW12RzBZbUVTaDZnZnJYaVJzd1FZdzBiblVHdThKZHZsZjFFNnFhMk5MY0lwRnRtdXprbmxkMEgzUml2NXdTMjZGRDY3TlhvMFZkZ04xYWNCTDE5QjVWSVJaSENLeU9LMFBwN2w3OFhfcVl4T05OaDZYemZkYnBHWjZySG1fazhCM0xndW9lNlpxMU1IZFFlU29OWlNicmMzVDhtUmh0REhta1RBX00tMTVoMktaa3AteGtiVGE4SnVaUEZnY3djd1VNM2JTLW00V3JORDQtNVJ5NEFOOVZXVTRiN1hhWWc4d1FNODZ0bUk0QnRzSGVkb1QxTGNMSWJlQWtrNzB2U1o1U3JkMWtoNVdtQ2tNaHdsbnNrUGhhVEk1bkNGWEs4T3Q2em1GSkg1MGJLUFNucWlMaHVuODlkU2tJbzJCM19QOUMxcUpXaS0xdmphd3RSelBfdlcwaHBISlowWF94QVZrQ2pJbFU4OVoySHM3aWljUlpZdWstd282VDhXUm8tTHRBaW41bXRIbTFGOWhJNUNJczF0M2g3dWRRZ2xMdE8zd0RwNElCcVpyZ3M2UlhfTDdHX0E5SzNlT0lwREFxU3R0M3QxY3JFaWpjUmhQZzNORkRTeVFSZUtUYW5Jckl1NE4wQ0pSWUg1MnRxUE5IQ1I4NE1INDd4RGxKMkZzUC10aHpmWXdhSnJtVVdrS2hBNkFZSEx2VmdMcmJZdmZ0SEk0NmMxekp0NER5cjZ5XzFJVnd5eW5iUEZVM215cDJJeVpFOHFqQ1NRRmxjNUh1QzRxYmR6cW5xWTIxM3gxd19HZ3pUcEhPRnpRYnJlWk5qWjl0VGFDeF9vRXR3NXctcEFkbTJzOTlvUHdqaHJtYkJRQXllZ2xZUExwOWp0STZkY1JfLXBKSlhISTE0MzBXMnFPU0lkaVBmSHZRUzBiOUxENEhTaVZaN20tM0J1VlVEbm82SGh4bnV5MjV5T0drX2cteDR1OE9odU1KNEY3MGVYVTdNNUp6dGM2aXVfODBORUhwR0xxSWFyUWlWUWJnM18ybGMxVTlQVkhpWWQtSjF6MjlvVkc2RlBaTlRUWVpsQ25XMkEtVnB0YzI1a0RHdVpxSEo5cFRwVDctTTI1X0VLdGVmUjg0enRrTnEyV0ltTVZpV1JONlBkY2l6NW9qWmVrYWN0SXgtT2NCd0FiVXRkN05tRVNrMEVlc0FXQWp5cHNjWXZ6ODhQMF9ULWI4RG5KaGg0OUc0Z2dWTDhpek90bl9QU1d1Qm1LdTRJeWV1V05uZTZGR1RtQ2pyX0t0cmZvQ19NSUd2a3dHbFVvdWwtSWN0aUxZMG9CbkVKWGgxdVFDWVpmSWRwTG5nbHVpQms1ME9FYXlHZzMwdEpobmtkZzRYSUxqdENEeGNFQTlOa1hCMDRTV0QxNGNXaEFWVlRiY3p4ZFpvWWJnbEM0aUVONWRhWDEySFdKZlNSNVh1ZlVuQkpUYzFvbHFUN0VwemhTMXRLeGx4aUlzdm4xaVBOZ3ZFOEUwODJIcFBuOGoxcjBsVFF0OC1Fc2xfeTFnZlRiTEUzSXMtZ2NDNHd1bkMwR09MaEcyMkZST1NsRXNOQk9KV19nTFB2RW9nRHVoYkdmX2dmdHR5cHhnMmcxd25PdUREV1N1MURtY0ExaWdkQ0Q3MGNtOUVEX1REa3lJM20yelNhejZBTHFUQl84czFxSkEtakduOUJxdVpMRkNfdVUtUGt5cW9wLWJ6M0dyTmhhcmxtYTc2NlFoM1lIdkt3YjVvaGQ0OFNaOF9WWEI1T2xiOHRwdVdUZUFSMElybU9kZGs1QTFpYXFoUUpkZlNjLTV4aFBORmxIZ0hxYkMzcXI2dVhCZGhGNE1XMjVMdTN2U2xUczhuZ3N0SVZlNnQ4YkxOQmFpWjJTY25VR2UycXo0cjBzRy01Y1p5a1RKQUdsSjFwTmhfMHFhWDlEeF9qSmd3TnpqQ0FYaGRreWphVXhwZHN1dW02bkJKOFFUaHBnbDlVYVBfcFNtZzY2Sm5qSmJLeVRVUFBqZnF2aTJwQlZjOXV2ZXlocHdwdXpISGs5S3FiZHNPQkxGMEo1X1NBdVFQSllSdGg4ZDJTLXlGRVJsQ3ZoeHRMUTBOS2R2QldqV3V6Vmt1dmQ5N2tySVZuSWdaczk4V1V4TG11d3YxbDBJQ2FLNEpYVkszYTIzVktSeXBPZ3dGX29IMC1rVzlnSGpKZ05Xdk9XUzFUdzNqMUMtMDRhanB0ZFIyU3JnMFBKMnE0T19Dc3pCRGx5c1VnZ2ctV1dxeFJZdkhSWVloNXdqQmVmcVRWbjNESElEaGp3cjBXaG15WG1FQ2oxMW1UbFQ3VWRUMXVoYTY1cTZ2SWJCbnJ4cmZSM3kwaVA3Q1d4NWk1QWY5QVdfaHdnSGJLN042WlliLTEzODhWQ1dIcnZrQTFnM0ZOVE1nTDRVaHdNcGZkRlg0SGp0d2ZqRGlEVkxuVlZmSVZwMWNnRGNTMUVGV0pIZjVNSzlnZER2TlBsZVFudEYyTkU5QTJoVjhPenhJcktHTnpRVWYzQXdVZ05sZUduMl9VM2EzcUtGMzY3bWZwckltUDJ4ZGlfa0E1Mnd3VUF3VjN3alZHUndaX3RfSC1PaTdYMDZfcUoxSnNtUnJUN0stc2ZKNHRLWFdtemVCZVUzUGh4OGVyYzVHekE2R2xyTHlkSmhsWnZNdlJSRGR5MVc0SVRTMXo4R2EteUdNMlZvaURGUG1Sek9qa1B6MXpONEFpYzR2Q1JqQkFPVUJqb3J4VjYzbndzLUNkZm9rUDEwZjNCZEVKUk1tVkIyWU5NUU8wTmRRM2pPTU9GdE9fOEVyYU52WGtVTzJ5VGp5RUxkaEczZENCTWVxSU92Wm9NdVVNMkV2TjFfMjFrazN0VHNzZ1AyZW5oYTJQdi01dVpXZE1SNFdodTlfUlFTeTFtVUJIbXp5c3BfZVNDT3QtV2I5R2Y2c0RYZWZySXVhMURNUlE3bHhfa3otYkZtZ1E4WF9lZlhKeFE4WWVZMFQzNXNXVTQwZnVwTmo2N0tfYTU3UG83QllQT0lQMlBxS3ctRldLaUdLWl9NUGYyck4zQVRDXzJodC1Vd2dEcGJ0ZUY3ZENVU1haT0J5ZGVLcE5zRHd2c2EyRWVQZ1dLUjVtVlJxUUxuSEJxRllSVG1Vbm9QeUdRWDNXekRPNTVtRnY0TXBmOTZKeVdrMlgyUkFoUVNrcFl6MzlDX20yX09yeE90QWRVTFlJa0lqWlhEWTVzS21wS2lNYmk1U1pMUGpTMElBZFF6SXphdlI1TFBJWTdhenpodzZWM3dnVkszU0JiMXlhUzExRnEwT1VnaWpwaXI3TVo5OU5qNWlVLUtnS1JoZUNJZlRpRDRRcG9OV0F5REl6aXBnWlhZMFA2YnNRa3JkaTBaaXFiaDZQSHFwdlRYdWxTV2M2UDVUUlZUdWZ2Q212UUlOOVR4ZERKamVWWERjb29WSXlGVjFGYUJXRGl3SFU0NXZmTUpWTUpiUG5ZSWNUakdDeF9TQkllc2VXNGlNN2Q4Zld2MmlNbGY1bzZvVVNmNEtyM1RVdll4a2tXR1B6T3NGcWJXZ280aHB1NU9RTkdhR08weVZCMmpQcjBnMFYxTXMybHVwRWIwak9pWU9Mb05ueWkta3NQdDg1c3ptVWpwdXN6akxqU1pWX0NtRERiY2psZ0FFNXhaZGpQLXpCa1Q0Qm9XOEpEcFJubDA3V1JNT0JWaHd3WE1GeG5odDNjSzk5OExIU1VSR1RDZWxkUDAzZElzRlctbjA4WFlGakdMdTNSVERmOFVnMTBJajVlelE4a3JCaG5laDF5S0FHdzB6ZWdUblI1UjFGZFNlcldPRy1BTl9JZkFZQ1JHbllLb0pISWFwbjZqYXhicjRNNUgzY0Fydlk5Vi0tU3RXRDBRaHZVVXZpNkxRbHZGazJPeGhHM1Q5UGh3QjVYY1A0WDl3WkNmY0tfU25aMmRIWFd5SWY4NmxHUmp6N3dxalFFcFNvdUhfRXlYMGRNeGdYLVoyQWduZGxFR2h3TkR2U1BNaXZYb3VscWRpTFdSUmU2Zm0yZGMtdFlkM0lnQktoTDdJYURGRWx3Z0pHOW9pMFZ1R09wNG9TSFphZXFWVDYtWWtRRl9TU3JIZno4Wi1RU0t6UmJrZUNBZHowalRHSmw5MzdnS2tOdEc3WTQySTdfTGxpYWV3LUpkTEtYUFk1VHNRZHZWaTFZMjYyZFVCMExBU3RPdzM2SGJZNXI5UjlFanhVZl9XSkxObzd1a1gwZVJfZ2JIaFVqTG95LUhtSW5mekdHRm5QQWdFRmdtZjU0bEdjdEFIcERJVEZNYWUwam42Zm45NUJwejJsOW9iN3JCbEpLV29zTVluLU45M0t6c21ZSEZBMm11T2RtRHRkR2VmX2hwbG9MeWpYUmRVbk82R0pGODZqcGFxc1lTSGNtUXhLbi01NjBlT0UtSDI3SC1hM3VmOElrbTluQkZIc2ZJRG15ZzRwWkV1cTExNHpjSTFMX0M4NHc1bkE3Mlg1VHplZlBkTzlHNjhlYVpySUl2MS1LZ1YwMU0xanVVaEJ1YTV5R1I2Z3BEODVjRnBlZDVOOTd2ZDdKMF9nUlhrdjNBMldTWWc3akl2d0RIekNEVHlmeUowTXJWM0Q3RFpDUDZ6LURXMGhRUVhiUkdrRVVkNGxldmZuODdnRGhoQlFkSlNTS2NFeHMxOVFyM2xST2JmZjMwLURxdEF2Ym0yWlhBZ2UzODRBY0Vva19MNUVrem9LNW04dy1ySHRybFlwNU1HZmZKRGxPa3Q5amU2Q2QtSmY2MnFtSVhIbWpwN2p2NnlkamxObE5HYlRsRF9GMmpPcWVia295RFVJb2RmTzBCZGtlaGtnNGlVazZqdjYyRTE5MnF0YVlZOUgyaDF6UWRsLUxhU3JxOUhSX0Jfd0oxdTJmTmI2QkktUU9JM1lVLWFHMV9qY0hkb2NENWxtM0lEZDZJV25sZGRUd3ZPWmp1ZXBWQ2tKREpRWGV1UlRtM0E4bmJXem1GVVJLUEhkeTlWSXVNTWdHeUE3QW8waXlSR3dVS2gtNEE3ZGpxZHF2QmltdkRhTUNsSG9yTHRPVDRrV0xCTFJsZWZfa2dOOTJsdHF2cWZHYXNZQkVkS0xvLTB3XzVaZjk3a2lnWVU2SHdsYjhUYXU4d3pJSFV6a0lQVVJzbWZVbVBsTGMwRmdBOHdZaDEyeWo1M2NJdloySWxSTmxfZUJod24xT0I1UVVXUlhGaGYxdkJHOGx2N00zRnlYNGdUd21xVDg0Y0oyTmRRRkxFa2x6aXBlQU92NGZ4ZXFKbmJPUlRwaS1ibE5BMzlQMVIxV2JoS1V2eFZsMzJ5akRnVkNDMU10N20tR2pMVnhQZFdGNktCeGNtdXZZVFRGcTNmWHR2NUYyNElvNmloM2JxR2ZNeUpYaHVUOXBhVFNrc2QyZlczLTZESGl6SVdpVFdBZVptZi14ekJONjFoNHE0NFQzalpNc1g3RFR5cHVzU2xjUGhpTlFRdlMxOGRKSWYtNXBnVXlOa1Bjb24wUE1heXVpc3RBS3JGZDA5OWxjZ3hqeEpZUlIxcWc4WVF3VXY5a0NfbWduZ3g4UjlFMndHQml5YnJrWmtuV0Q3aGp6a1ZqMV9TR1hEb21QOE9FUmNENFE1d3dSVndLZmxfWWNySFZwSHh0ODhLdnlOUHhuT1hvN0F0Y0NZUUZPNUpKLVlsSVFHNXBkNHBxLWh4cEVuQ3NGdkJpSHBOLTBnQjBWNE00TFE1TjRCUmlDU2ZzTUlJcGZFcHYxa0s0dWRmam43SUoyOUlxdjA0ZExtSmMzRmFxQ25DWFh1cWVkeTVJeUJ1TExrYVkyQzhfb2xOakN4RkZEVXQwV0luNnNTdEdCR1NLa05KcVRzMFNkeV9vNDc4WFFCaDFnNkJQZTVKNGp0RldtaVhXR0tiMkFrQUw1VWxHYXBqem1McUdxT24yREtoR05ISEhaMkFYQnd6aEwtSHAxcTdERktRSmFLTE9SWEY3OEd4WHdvSUpfVjZ1bjhRZmxHek1EWTZ0OEhpQkpsYmxpWmlvX0JBZkNOOHY5LWVuNHJwQ29GVEZWbk1jVC1aVnFHNHhxaUpjTXdRRmVscS12QmN3LUlISzBRWkJlWU55S0RZN2ljdnZFWXhNcHlJM0MxZFBzTGhnQkVRa2kyc2RvMmVKMUxwZWRJRnV6QXpiR1BrczV0U3F0NmNpVTNNZ1pBUjZRQ3hLTW9rVWMxeUk2WjNUTmhuU09IQVFPbjUyTzF1M2VaS2ZQWEtWUEg1Y3FFTmJKZjVfUG82S0hueVR0el8xQTlUbERJWWd1NE1uMHV2TGNBNzlRM3JjU19VV0dyZy0zVlR4TDlYNVZuUy1oVEQ3dk5rd3pCcFR1eFI0R05YSy1SUWJNdGE3V25wdS1ULXFrMnpqZ0hNdmRRazliNnVhVm9LZFEydkNvaTMzMjlGM0ZRckozbUoxd1RBTXBqd1M2MkNwbi1pS0NqTENhd25IU3NtRGRSNjAwc1FHTGt2RXI3WDBZT1ZjR0ZZLUs4YURQNXRlcjNfd0dFeUdVWklFaG9tMEVUMVNKTy1TWGZtWDZOU0lEc2VYMVFyWjJ3TjVTT2x6WXBTNjVjZzAxSWZyUGZnX2dYY241V19aM3NBQnp0ckQ0MDlGcVYtS2JBN0p1VlNFT0hoUWNfSWwtUWxRNV82OHppbkl1aE9SZUV1cGZ0WmdRT0M3U2tNemRJRzZzcldfajQ1Z19nSkFWekladWUtdmstdXZnUDlmV3ZHVmthdVdOcEFTY3NSS2F3bWJUWnQwWXZpREZOZnJIbEpHX3ZwNEtQdmg5cHRyc2hTaVFKZGxqSEFCejlDTGp0TVFMRWI3UTlPcEV1M1pjcDZyam4ybkJQdnhtdWszQ1A1bmRIM0xoTjVwYThGd2ZSSlZreUp6SlNSYVExRlk2OXZ3b1IxY05sWW9tajZUVHJCM3MxMDdHamZjdFg4MEtXT0loanUzbTBRSWtWdVFEdUI5bE1OUTZaSDg5elUteGRxaFkxZGRvR05QM0dUSkZSSWxHYURqWFZXa1VGcmpRUEpvX1dNVFRpZ2U0bko2Mjd2ZjZxTEp5RkkzVno0SzBBbE9VMjVhelBSSFpxQWo1c1dBZ2RQQW1NY2hKY0RCV0RoSzB6UG9MLWN5dGJfOUVoU2ZDZmc1ZGFWYlhJNUkzREJSdXlKMnZ4RXlOMy15bDdod19FTkpCUmxmQW55MEhXc1U3UVVQVEx0aDlsRDhmWXFZeXQxLU5ZU1F5RFdmdlZxTkdoVTBXOG9mN3NqdHJYYkRBUWFSZDBBYVJMZnlxUG9kYndxbkt5NzM5Y044TmVCRkpvSTUxcEtZQkN6bTNSWFVVR01fX2RlYmUzMjlnOTVXWGhCcmVld0J3bXdPUV8wQVlDSzUzQUoxVHE0U3Y0aGRmSDRmYnJPOTRsZEJURGhmVjdIU29wNUIwN3VYTjEyWkF1VkI3OTQtYnFHbDMtSTkzS1NLU2hIY3huSUN1QWJDZFNGYnFhOTJvRVMyTlZCNk5SeGNHNHVPLUNMZXdUTEg5VHRZVE1zcUVaRWs5NkJibGJ0aTkwcTlhYUxOWFhQWWstTFR1SVdleC1SZE5GRXhZbDlpX1RPaDlOSGREZ2ZDWVZGeVprQWVRUzZsLW9QR1BZWHpleFdPbnZPZS00NTR3WC1LRFdEVlZJMHJzeDZRU19jLWZNdWppVDVBeC1KWlFtbkhMY1VUZlRJRnNqeHhsWm9uM2NLdTFSS3h5RURwa3BWdmVRNXJPbkNPZVZQQlZWdWJGU2hnb1N5aTVLdURoNldHZGJubDNpT3dobnluVnk3bnYtRXpxc01pbDlTNkk1NHc4RTVJLVYzRi1TNmFMM2ZwNEFhMkVHMEdXNHlGWTZCSzVjWU1sMzBWSGdhWjZmTnlzZmhoQ3FoTkk2WEU3ckc4UFJUUV9BZGpLMXE0R0l4anAtVUx1Rkh1Yll4Sk5PZzNMNlFjQmFUdTVCdlM4S2lrM0hpTEdaQUIyTWJrcDFCXy15R2NMeFhsN3FQVk5TQzIzZ0U5WEdzZXBxV1NUdWRJSkVzMlJfVHZuWEVCdTZMREM4bE1DTlpvYnY3Y1A2Q0xtbkMzRHk2akZhU1F0LTVpZjFTTVc4OXc1Uy1HVkVOV3ZkNU1hcm93d090SUtERlZ6TVE4alppdldydEV1ckVkM21LR1h0M2YzZXZKek9nMkZiekZJb19JYksza2hqOTRJeENkVGEwbnByRi1aTzVlT2NUS3BuRUNaSS1WX2Z0MGFpeEo1dkZ3bDh1OGNRelB0NUdhOXN2d3VMTDRnTHg5LVhvRHpqRjNrY3V4T3M2RXZ5VWlvOUExRC04dzc4OW1MbGhIWkdNX3BTMTQ3dlk3eFc5VnVucklrSUY1ZlhYOV8wZjBRMXJuZEktZ2FSM2h2Z2tMN3JPOVBoTnBUOHRkX3RNMWhrWk5yUWVFLWJHMWsza1NCM2Fmakh0SDJRREdFUHdpZ3RRb0VGTndnQ3lkekg1Qmx1UVJ3TjhsSXNHeThkLXg5ZVI5X09RZUNhcHRoNUM3UmxKMUstb01QVHNTbm5sbmVoNDJZcFoyOUh0Rk1CTVZvcVdtVk9DR0VxSHpkOVd3QXJ6YnJaQ1M5TjExellyNkxFcDRQblRkQ001Z2hWeEc0NmZCNjY2bFBDdWRnOEtCUzdGVHBSYkNtZW5uMFNsVzJfTVVsd3M5aUs0ODgzeTdXbmtFYllQSzlKSk1ZWFpEdXU5eHNmcXZvbC0zRGxfbjNkQzFUU3N0LW9GU2t2aUxoaHFscUI0YlhGUWxaaFdVT0FFTmJIR29SRHJrQnp0eW5JMVBJNkstcVdKdi1xMGtURUpZU2R5WU5jT2pYYXlMdU95UmFnaXdmQnpvOTJGUVJyX3piZ1RNQlE0c0pFdWRuVm16YlRodDhVR2JoaUh4Vmo3SFpFX1pGTUNHRWtHZG5CY2cxMUVsNnVQdlctRjRwSUVBZDdsanZXTnIxelhkVFpPTFNZell4VnFWWnVtLVNnNllZN3oyemh4UlN4NUttM1UwTTFrcUNwSHFqRWhobFZzalJwMFE3YkhKTTJBYVBKTGl1RjF2V19BVEdmcWFXZTNhbHgzb1VrZkdLNUJ1Wi1TcjZLLWxqX3czRDk4OEJSaEl5N0wza1RnR2RRaWp3NmcxTWlLT0RmZWtkbHN6YWRYN2FVTzgxam4zZXllbWYxUXRsenlyRUZCU2huYW9zVG5hTXo0RmdsY2lEeVpZLTVQX2ZOODFHc19ZUUxWZGVwYlJ3dGF4VWFkdkdLY2xzM1JGQlJZQmloTDNqcks4TElTd244Vkd2YVRiR0N3dUFTS2EwQ3lMNUJiZ19NQnI0SmdOYXE1cVVpZVExcjF3SjlNWkVZTzB6dXN4VHhyMlVBOHg2eVhmVVJGd0FONjVlVnJ0emFtWGhGbWZ5Y0tZME1RTkgxOHYyazJ3b0JFRkRud0hRaHRSMjEwMkd1bkFnMV9uMnZtUmktRmdtTW5ZTUk0ZmVUNDJMSW1PSXZja1VHN0dxSHV1dWZRc1dXS0lKNTAwNVFaS0NKS1hFdllzYUlIWHlDaVZPTGZ1cnk5RjBpS2EybWZrNjhUS3RHXzhma0REcUV1V1JzRE13eXVZZzY0NXNCSDJVUm9HUmR2bGhVcE1kenAxM3lnT3BSSTlqSG1pMVJXUkpoaVZydk5oM3pjUHlWdGxQbjdWNE1GUWtINXJkMl8zWVZkX1FCcnQ5Q1BKOGZEdmRjeTJQSTd2bFV5Y29MQlowQ2RlMUlJaWdlNVRFdTRvZ3Z6VUZaQVVfRVkzVVlIOGZIVFJQcjB6M1RrX09JeEtUZ2ttSE9MRGZoVnJaNWl3MGdqTGpJZ3V6d2pZeUFfY09YN2pOMlV3NS1uZVpzbWdZTTZOOEQ2UUozVFRRdG53LTlQbjhoazRHdDhLY0dnVFY5N051UkdhaFNxQ0d6OGppb2IwQ21fcDZ1c1gtYnVLSEQtejdhdVptSXlGUzRDRWFpRHJaVk9ZZGQyWUZabThaeVdWV1NvWHlpT2sxamNQQS1KdkJnVGtDUU9MUFp2U1drOVBMandBSHFVOUcyMXo0aXlQSEtyWjBDMVVsbUhRSUExVWFXWEd3OVZZbzltSGo0bllkY0FGa3RjX01IVXBOR1M5c29CUjdISWJpQVZhc2QzeGZOUmhrTW1FSFFnaERWSmxXZXk3TVJtdWliNEI4a2ltZDVpeWI3TDlHYndlSmlweTV2UHdxNGZZalJERlZia05vTDdZNTdFZWdLeVMzdnFubEpRV1RjS3h6RUNSTzc4b3Z3aFRmRU55XzNYNU9YZWRpenduM0RuQ1FTUnlxOFhnRFpyRFpENldMQUg2emNlejZnU2ZoN3FBLTB3NWFNTWpFUmQxdUFaWnlLUGNuVXJUYmhhNkd0dHJXdTVsVFB0QzNIMGhwNVdVWjI1bGNGYnNXNVJGX28yY2l0dnVTNzRYOVpSY3dYUzlDM2pUQWVDVC1uTDJJS2RVUXRGNnFFd3hZcGVmaGVHb1k1czZOUkRlQzBRTlJWWDNoQmpFbmF2dm40OFNHZkF2QlhNTG8zNThfbndXeUE0YjhtSVJadWU0Ym1Qa0R0aU9nWUdPNHVoY215aTROWU5kMVBUaENMVzA0WHFWb3pwQ1Vva1NueURYb0xMNFBnY1NpQWZMOV9nb3pwSHBWNGhQVm5hM3RsT0c1WEdmcFZscTNacFpEM2NENlpSUzdVN3hCSTdfR0laR2t1OThGWkRsUEVsRk5xcUV6cWlWeHFiUnF0X0prN1pBLWJ5V3g3ZXVQWVhicE4tLXMwZ2w3SHFBRnNrQTNCQW56ZXFyaHA4Nm1SbFc3NjZnMjQwZTg2S09hMFEzaGRkcG8wdnp5OFVxTEpCOVZURkNpNzBQdzN6WlZPdWl6OVVWTnc2UDRPVzRBYlJ2NWZYYVRzdy1PY3lzMjQ3YkRsdm9sMDl2NDhHa3ZSQ2ttWHZDQVgxU3R4X1FyNm5GMmwwcTBPVGNEU2FiVTJFWjZmZ2F3MGsxN21hdmIySFA0SkVtZnZwdkRwcmd5T1dUY2NWMDRVT2NBMDA3eGpaeTJNME5uRDZMZzVScFYwaDN0VGJjZFpHaHJXRG1icHItMkxhZmdiWG5wcXJ6N2hJVnhwa0c1Q3FaSVNJdnFYaDd0M0pxWVFGLU9XOU4wT2VqSmhsMVhvMzJlMFVOM0JNVmpzMnQtalU1bWlMSEVBYk0tUDd6Qk11WWdRY3JiRW9VaU40elFNdTBlazZpN1Vfem5ocUhDOG1OUVVnakhWSXZFelZyV0dRdjZhSmxfSFRUYUxYVmxKTWdGbkxfaEhiaFdoQlBxcUlHcXNvd3JXSUxVc2ZXUmtOdG5FOWhRSkM2OGtvUlVyMGs1UTlYd1RkZk1uNDlhNXgwRWdGcl96TTNIMjdXME9wLWs1VTlrLXZfa1JyVmpQSG9kcmRBZ1lsMTJqYkVvLXFqY0lFbFQtOVZGRE5fSE5BZ3dqMGJPaS0tTi1CZTRybWFNclZhYWh3ZXR5bGxBNjNGWlg5NWxoNGJzdjNKT01lNWNCTHRRU3hWRENvNUZVNDlZRnRhelpIOHA0S1hTd1MxZ3FnRko3ajd6Zi1iM1BfMUlLZFJfZURCSmt4RWc0UUFXTmg5UkdXU3BrU0lTRlZXZU91VV9DdGlVd1ZHRFVZSk1YWHd1RVA2V1RDcHplRnM3MlRMVkZUN1FJbkR2c181dTFRY3gzaUpFLUxBczdDZ2R4NldVZ2F2YmZXbkVpckpDanY0NlhtczZPa002Nk9OZ3U1YmNTWWtsQzdiem5JSFZpbWpxeTVXaVNHX3VISTFQdmVsZlNUdzFwM3JQekxQV1dldFlFeXFNbUtHM0lBUWRMdnY2cTVNY0lLUzdQcWhHYXFQWUR3NDhpN1I5aDNfelFjbDFUNU54ZTdCeUF0Q2ppeGZzdkRrenlCZm1CYXZza1l4ZWhNc3VNd2tIbWEzb2hab2U0NktuWU1KWU9JVmRHNEtmSEV4NFRnNzFwa2pMSkEtNUlvYlFIYU15NmNYLUxiUlVvRVlkaG9rOFY1WEtKdHpiRXlxa21tWHdLZnRHaWFEZlVGX0Zlb0xBYW9leUpCVHFfQUZ1N0pHNHNrdjZGaFAzNUN4NzlpWktsdXRCNS1aS3RJampEVnV5NmQ5TlpXMFRQYzNZY0VZdnJwLWQ0cVg3WXFiMFdGSGdnTGkzODk4akx0Q0pKZGlRbWdOTjVQVUdTNm1NNUp5LUpFQXYxRXBlNGFSOTY4MXM0dktac3FSbUljUjMwemotVDhQeUlqVlBhYkhyVjVlT0c4clUybUw1YlhhRkNiUGUyLWU1X0dTbVlaZ3hfSUlxazVMMHRTR2dDd2lBUFFiemdXU3FYSFRscFJwc09ELW1VZ3NwVTdxMVBENlI4NDB6a3ZFYWlOVlZCSGdLLUJkZnVuRnl0d3ZIRER3YjNUWldTTzBTbG14Zlotdkh1Mm16b19Gem1ZQ3N6ZkxqVWNyMmluRDI4aU9Jb2RSd1ktS2tuNXhLamhWQS1xUi01STNSd0tFb2EwZm5sbnluOGRfOTZKT3NRRFBjQllvLWJJN1dfdGJqd3p6TXE4cy1HS3BrekpSbVVJb0FRdXZCWm5TbTh6c1Q1Mkk5UkgwUEx5VzQ5aUtBRGhjb1ZtbkMzNkt2REZZVVlLU0IzMHZfUlk2WmNUQXlPSXRfVjQ3QndtQVkyeXZ3RV83ejQ2MEEyY1BTeGY2c1hRbGFPc21Sd0xGcm9yWVNHM1piYTcwSTVkWG9ha2ZETEc4ZkFxZUhIbnJHaHNnSlVqa2JYbG1rMFJBQ0s5WXlLak14Z2ZIU3o5S2ZtY01ycENxZXdTbVRhcE9kLWM4aW1RYmVveWJZamF0LXlIdE9FR1Ixai04VUIzb184YTZsOEdkQ2dJclQ2Qlp0WVpyYm03em1vV2hDT200Smw3WEFybmpCYmFLYU5aNy1hM2M3MDNJVjRSbGVpOTd5QV95blZVWG9JQ3A2LW9iMWd5Mkl0T2ZlSzRwbi1VOVBjdFEwOXN6T3BnbjVtYTA4YlFiZU8ySVdLT0NtOEQ4Tjh5S2lLeHZNbUd5U3FmYUtJY1JNNThHUnU3OFNCQWdBMkMwNlVTZUdFU2I5VFo0b2w4YVIyRkR1cHU2Sm9zZFh1RzVFSnd1VUFVaVB4OG5SajlSaEdCTUZKc29RejBZUndTWWpQQlFLbHdyak4zYTZDbTIzMTRaOXhTYkk1eW5MQ1c0SjVfQ1NLS2NFcnd0ZFY3QXJ3R2tWcUNGX0lDMjlQN3EzZEk2bmRSajJtQkt5QTB5VkVqcVVzcW9pYXdsM2puVlBjeFV1eC1rZFZHbnM2ZU1DdHVJX2I2UWtlM3gzRHRWa2c3czNJQ1VEaFBjS0lnRzdWY2t3ME9ORENtTVpmV25qUmhXWjlfTXY4ZXRzZnF6SFVSTkNWTlFBMkljZkVIRUJNS0VhbGtMSXJNZGFPNDBCeGZMR2VLQUMxN25aSFh0T1JUblcxM3FNcGE4X2w2X095SmprMWVsY1NmYm95ai0wV0ZVZmY2bEltXzROLVhGMEE4T1B5RTBuaVZvekpVRGJ3U0t0TUlJZDJqRjBiT0RKQkppV1EtcXlHdHVTNW54dDRQT0lWQzR4UmZhTnpZc3Q2YXRrUmstSTRybHpKcXNIemJuTGFpVElJRkFadnlJVFY0VzhoZ2hJaHpXdEZoOFZiVlJ3VVg2cVhWY0x5WGlXaDdOa3Nwdml2ZmVWYnRWVGdwZzlzcTNRdWhXZmoxMG5PMUoyUWlMZ0s4dXdRS001R2lHYlh6dzEyUC1lV2o2OUt6M2w2VVo3bTBTalVMOTJ4eGR0R0J2RGxEd2lJLVc0WjlzSV8tMWNNQVFWS215SHpfOTBCUF9CQmZWbzJkUWVrWE41bU5WOXFLMm9XQUs1TWpJS3NtWWZuX0FpeXQzWWUtdGFIbEdEWVg3R184d3oxVXpUdW5MN3hWRnE3eEpBWHJqSy1LdEdCMjJpZXVfME5IRmtEdGdPSWRaTFZJMlN4SUJwaE5Gd0g5WTdKQlAwS0F3d2o1M2ZyanFDZ0Nvamw1TEZ0UElpMzFKS3JiTEJxUmhSUW41RmxQNnZtbmZBaUVHTFR2U1JLNC1jTVZmdjF4Y3ZONjlOT3hYZHI3cWZwUU1aLXFwZWhaMFl6bUYyRUQ1bE03Q01vMUtvYV9yN2N2VVFnZnc1LUxnNDVMSkxEQk5LLU1aTFZBZlFOOTloREZhUzRTNlRmeGczc3g1Ynh5ZE1SV1VnaXJfNFN5M2ZZeDBBeDRrU244ZjlPTFQzN0hNOGFLSTI3NG9XaGVxSkQycXhzX05ULWYtQ04xYk13YVJ2dFl1aXVrOXYxYWVZdGFRX19xN1V1aHlCeDJZYm15a21qZDB2UVRYd1E5MW51VVdXZjZ0NWdtanR1VG1fZ3Q0cWVLdmdmcWY5NVVFcmM5Umh0dDQwNGhKNTg1Vl9hSUVOdnJpSjdtUF84NU5XWldoYTktSS1Ja1BaUGlSTTlzT2Q4T2l4aHIyYzA4MG1rZzhpZXBiOEVhMlFkNjBPNGlaMnEzTkJkWmNwT2ZjbkdhMXZidlhEUTJrZWtvMmZXSm92eFZUWE8yYlVsMk8tSTdESFBpUVZyYi1QVm13dTVrcGt4dUVOWVNRbE9QNGJJRkhQMkVlY05wQnM1QThjajkyR1BmYjNnUXc0NWNnaTdoekF6QTBmcmplWkFkekJlVGpiUGpIZURvb3NSdzNjdHhTVHRlUGRkTzVsdzJ1eTQtREEzTXBDWk5weTdOZS1YUGc3cHVwaXA5ektXZmJrWGVUcHJpTU4ySE1QNTJPUUU0R1d4eXNNNlVSbHdDZ0d1YW5SNWJNOVcyLXBwRHgxbWlEVTJyQ0dIemoxdWNjYkJmVWVvdFUtdmk5bkI5Rl9TVGVqT3oxbjl6UFpsbXJDMVc2Y1JDUV9OZzhCMlJBeGFEQmlDV0U4Tk83bC1aVmFSZFJ4TkVWbG93RmNQWWJzY0ktVnl5ejRFX3VzR2d5OFNHd0l5Q1FtOUxsZnVCS2t4bVhCTjFGV2lCTzIxanA0VTU2MngwLURJQTVadFBDZFFnRWNVTUFwZ2x1dkpxZEpBczdmTDZneE5tM3M3TjlxRnYteEJ2LXJsbDlfSGZrcGtWUktNTE1OTXBDd1lvUEFiUEE0N3FVMDVBOHhxQzN1c04xRGw0YkxLV0ZsWndkenI2OXBSUHZ3MWlHS1g0ZkNrd2d1VXdkc0VndlVuU1BkcldNLWJSRWdPV3pWa0hnYy1PSnpmUGM4Ylh3c1AyMC1mWU92SzVCbU9ueGNSZFg2aDNTY1VOV0FCOWl3ZUpPS0NzQnRHYkVIVkEyc0FLRElyd2tyZks3U1JwSE1odURCRWRUREYyNlFKWUhDY2ktNDRiMlVjRUZGaE9BMlBfYklqUjZ1LVpyMUNxMFVSa1R0R2kwTktDWjgwUTZQNi1sUFFvOVRFS1dMYXIwNWFDSng0dGV5anhLcTFZZC1XNHFyaEpIZ3duZi1WUjFaZE1aWU1Mems3cXVJRDdMSzFvTTlYQ0FtVDNwM1Eza1JuSWFsc1NRNXhUV1hnSXFUd1pwdWMyX0N5MENHcWtyWkhHSXJqT1dsUUZZaW54WkNxcVBBOVhRVmdwbGtXOFRJRHRNZHFyd3ktU05fcmFFcUhQek5ncjYyamFqNXpCbUxSUkpkODFqRTlpUUlUU2ZTamljZkhHS1NaT2RjTEFRRnZGakR4akhrbElvZjdMb0FqSTVVMlBqd29uWEI2S3hJQS1ZenV3UTkyR1hXUUhDTU5LMDBYd0lDazBiOFdVUXpaaGs0cWZxeUZrbG81TFJ4c1Y2TEJwZWdyTDZyUE9sdXNoNnhzNzQxME5HN2RiWWIwZzFsVW5RNFEwZ1N3SWdBel90Y1ZEWkZrQkJNY2ZWQm54SHY2SW44V2RjRXRxVnY2dmM1Ykp1azZNZkF4cFVObWxVbUR4UHdDSmNVcllHWXd2N29objJnOV80R2ZIWHhXLWNVYXdzRVd3bVBoOGhncUZ6UGtKbENIMDhiaDdNajd6QmhwbkJoMVNvTk1FQmZWMXk3dzc1c3NESjdwb3NibjlrckVhLVZwM3hjOVhKY1dxS21ESldCMlVjM1Y3bjUxVUhnSjJJanZIN2dNRUN1YkNXSmk0dm04RURjdDFreHV4bFBSU2FHN1JUbVBxWUZWQU1fTW9ZWDRYa1BmOFB3dEhkbXBoM1dTaUdtYnpBREI1Vi1KbzR2Rlg2TklYYjZqSWVGRmRmRmJ1TWJ6RTNwT3NKXzEzX19JRHF5RldjSXBudWVSZHhxMUJCZ3NvblFvNExuZmlPeUJScXpSX0x6X2hud0NDalRPbUg1cGlkcUVUc0o0bENDNjhhcEJ0UUozZUdNTUdjbi1ra0FRTXNGYW5sQVRxbFJOTW5sQmZsemRmWVZlbVFuM3A2TXZqS3A1WmRCSTEtWWliT2pfcGhZemtpdExMVWgzbEd6N1kxRjlpVGIxLW43cklST0kwajFnVTBaZ2NnZGxuZWozOTNSUDlWWWNlMkF5SHZ3R25PUmxxdDBZMFlwRFdRMU1rc0c3ZnlCTnZscUJPNU1wR1ROQzFPZXNwTktWaktxY2ZHb1VETlppMy1zTGhSc1ZMQkVyS3F0eUlpbk9yY21DUWhSMExFMGlXVHRIQVBnSU9FM3ZKWE9iMDlnQkxjcW9ZdTN3WThPaTRlWkY4WWdfZDFIeTNxOUlOUFpCcklRa1dMS1lDcnlJMzlVSzR4WFFhQXBzQ0tKcWNoR1V0V0gxYmJJMlVHTUQ5OGtrdWZjUkoxZVYzQVhyQ2NuazFMVzdBLUtRcFB5QWdHUkFVYkdLeUs3QUFPcWJxSUJMejhLVmRTVnlqWm04b3VNRDNScjhvZURCeVd2OUFSZ0RrOFpmSmplUHJQRDByNzNnZFJWSllBTzA1d2lDUjJQVGFRcWt1VnFzM1JmU21zYm9HbG9obF9PUlBBenNVRlFoR3RRTDVteU1MV040RFVpRkNDRTJ4WDBIUXhVZEMxa1N1Q0NaTnNLR1RjZVpvMEpycDYwOHdWT19wTFBNeTRfSHZhR0h2MGJRVWNERVVQV2lmcm16ekhUMzhOVUhKMzZ2NV9hd1M0STB0REx4M2xKQXpZTHVkU3l0d01TZHQ5NnVFU1JHZTBtQVM0WDkxbnVXX1ZiMGNGd2RYSnVKNnF4SThVQjVmeXI2QkRSYXVBT3pjQk9ZdzhMcnMwZzJiQ2pJWWFGWUgzbmR3dlIyUWlLT052VkpBQkw0cEg3dk1US1ZaZEtqTEZnd2VBczNmRnlnYjUzQ1RRRkdjRlBVREZuT2ZjdWJjSXhiQTJ3R2J2alFsWkVPaWNpWEk0VGViRUZlSmUweVVXR0VfMm9kdnFIV3g0V011SjdtYklpQ3JJYjB4b1hHN1o4SGlMTU1zYnBmZk5aN0pmaERBbUo1ZFNXUzFlMXpKbTFxQU8yWTR5cXhTTTBGOS1Od3RDWXJXa2xLaUlKa0R3cWV5d0ZxZHFIQjlSRGZwc2JvU0VNaURURFBVcXNrMHFYcVExcVdBd0FzQS1POW1sNTVzRkVqVFk2WVNxc1RRZDVya0pzS21uNkZtMklZQXlYTDdaU1JObU1fNDFoeU1NR0Q4Ynp5RG5WRmZsOWtPTW9QbnJCNVNHQjY5eUZSME9STzc2WnVxLTFOUlNqWXFYYUcybTVtREJMSDVnSnNpdFJQSElDcGUzLUtueG5LOWFCbTJzRjk5SDYzNEdpeV9TY2pKaXhxQXFQRkNyLTgxZHlyMnVxT3hhZGxUSmFWLVBPUkRtdFVidXdNd3pMOWpoVXNiWnRmX1NzRjU3eFpRdmdXYXVvekpvajRkYmo3SDNqN3F0SG9KQTc0QUF5WGozOG9DVFJzc2wxOHpON2t6X2NnTF9keHMwN1RTdGE4LVVWSVhURFI3LXVsVzd4bXdKdWZFYU9ON2J4RXEwdHZCeHo3R25LdU1wamtIVjVzYVlCUk9NUG05TkpvcWo3dUdxQmxYNEUzdTY2eTFQMTFnUXBkYXprdTY2Qno2Y1FndmQyLW1wcU16Z2pvQkY1dFZualgwclA1aEhYMHZ2d1dlenJxNFIyOEJqSDZTQldnelpNM2dWYW1zWGRNWTIwT2IzLWJMdTRmNDhGMDhTYnNFOHAzWGtYamhCdWd3RzBKTThWT3BDRzdBNlNvTlR2VWhSaWc1c3plOVM1YXlMTEJxQ0FBZmpxSXIwRzdnSW45b0hFQ0pmM1FnOXhmdi1HbVIwSmZpbU5WdElMNWJRUjZiRTJCanRjMXpHSk5NTHZxaUxhZnRnWkFwZTNwVm5FTER6NHZueVZNUExsWkF4cHhSNzRGTWFic0FXNEV4U19iaEVxRUVsTmxVVzJGbGFFcEI2ZkJrdUh6d0NtZ1ViWTNHQlljYU9oeTE2MUJJUnlVR0pWXzU1ZXI5Q0FVSkNfRWR1SUJxODFQdlZqYkpLemU4ZWVTUHpQbnpfTmdTLUZmQldjRWd6LU1udGp5ME1CN3dnUmdZcWVEZmZSdXRINUtaMHJzZXR3b2hDUTJkcy1mc1piN3ZIQ3B6WUY2eFVKQ0t3ZVItT3dTanc5Z3dVcmV5Zzk2RGhkZFJfcXNXdmc3UzdGOTlwVTd2YWo3RDUtY0cxVlp6OG1TQ0UzMWp5LTBjQkxQMFJILWI5ZEs3a2o3RkRDYjR5SHRzTWNYUWZDWFFrQWtzYXdZZlRwOGRpZEFpTzJoUzlzN0d6dWQ1RThXbUFvZUt6NjhzQXZDVHVxV0NqbE1jRmpCMmFnOFhzUURPVUZZejIwWnZFYVhpclVtRzRpRlpDTThHMjNxSWJ3VDd5VFdvblhseW8zUFRGLTRYOEVlWWw1NVIzSFhDbndfOFVxTV9teDFaR2lpcVl5aklKc2ZOVTgtMkhHd3hCaWktdU9ZSHBmdVlDT1oya3JoTkFITTZmZ3BYUlI2YmJjeU92TVk5c2o4Y004R2JWTEtITjFaaDNPM0p5LVNGMllyZ3ZnREJkWVcwWFpiZl9qLW01RU56WlEyWks3RHFhV1pEWVRFMVpsLU1ybUtWeGU5elV6OXBISUM0Z1JlLXZkbzB5SjdQMTdSVkdfX2hVbWNyX2VBSTZnQ1BPaVZHU2VVdEJ3eWFBQjlUWFNxNjdLOTcwSk1JdExjN2UzZ1RMSWVSQkFidUI0NWgxMldPaWRWTmpvbC05T0tFblFCbFRrWFFxMV91Uy0ycHJPcDRrdEFWeThxYkJvbFdNdi1tT09wRE52T01pcWtOZEJkcml4bUVrakRDZWZfLW1WUkl0VDhvNVdrWlctam50blVfZWVrNWpKOHdGVXRYdEMtTkEtZ2NERnFGbm5yd3NDLUttQUUyMkRDSWkycUo4T09nam1UazFsVUNjWHZwS1Q4MURnVWVoNE5NSFM3ZDk1dnVyY0l3bWFjVjBjM2hUc2h1ZzNJS0Q2NGNacTJwZU5tOVNWcEtpc2cwbFVrNjV1WVUyRzM4VGpNbnZmclJ3OUZBblhUU0VOUzZpMG8tVzZlVHphUjl4SktaaWhBSjhsaFNET2MzYnJTRjlzMjNiM2lKU1Fxdzhwa0V1cXJTeWZ1WTB2SVN4U0NneFVnSF9kV21ZWVFxVEhoSXZ4VkpmUk9wbTBiaHVMSjlDbVFyMExORUVfZEY5dkpDRFVsTnBSN3k5QzA5VC05Y3l4ajBHaGtTd05xUENwRnppVDdQNVdwRVd5SVRSTUlZX21PSENkUFMxQ2FnQWVRcEpfQldaTlI2dGlTOWJPWUwyRlRjMUNVS3BKSWM3amx0bGJFWmQ1c01VaGRHa1RudVJWQmRvT2NlZTNnVmVJZkJhLWo5bFlyUUZaUWppT3Vfbkt1NzFVZXJTQVBnMHpsV3hVSkcxdEpGSVh4WVZfcG9WTHk1eXlvWlRnY3ViUGxLR1dtYnlzS09MemVTNTMxM3F6X3VJbDY2VHp1SUxuOTVacFpQaXduaXFoTzJpbktTY3NDX01CVkNYdGhTdVlXeW8xSkI2alZlX1h3VjctS1dUMlhjYk5ITnl5M2RWTkJwOWdidWl1RWlmNmExUDhDTlVyRmNzQjRGQlBOaklld1I5MDZNWkM4TUR6bUtfWm1tb3M0c0M4Ql9IcWctMXhaWFZZQnBLay10YUpmNWNBZ2F3dmZxaVJ1a1hYYkNDWHpKUFJvZjNJQUQyN3dZTUJLWEpYdzVGcll4dU9hMHEwRlJVMTVUWG1JN3RSbVFJWWE0eDFTZGVhZ2hMYVBGcFRwNjRaSVZBa0pJbllHbnN6aml4Uk5mXzdreDdJc0xNallZa3RFekZZa282bXZEX3d6NXFzUmIwcGV6cENLcVQ5TU0zcnB2TkE2NVZsdFgwMGt0cjFxOTdXajVHejNCU2pBN2pfVWNhdmp1R2dqV3Mycm5jNWx4bU41dUhPMnF2T1lFLWtNV0Q2S1NaWFp0bkQ2d29LRS1QZnR2bUFqUEFiQ2RCT1RucmRESm5NVW9jdGw2TlJlZG8xVkVLalJkclBXaEhPWXk1Ylk2SjVFZHdiY2I4TWlFcFd2azFSRWJBRFVkdjI4aUluM0pMdmlJODE3MkdhRW1BdXV1NEpHcnlXVVM5ejdRUmRYb3R6SnF6MDVVcHFxRFFHQW42bUJCTURYUmhLUzNhcWswQkhHNGhGQ0ZMaXhva0pBOFZmMkdoMTVqa2xUZ2pOc1VwajN6cE5iaWZ4LTc2WmRpSmxpcGxPUl91MDlSVHN2TUs5Q3lrNW83QzEtX1Y5NlJqNUJVUkoxT0NLamhoNkNCV1RvZ3UyckNFSUVlY1FlT0lnWmdFYy1yclpHc1BPUXhtTFdKdVp5SjRLcEtqUFJPMWttTjVMRlVneGkydVN4d3YySnAwTXRGODVkXzFjMzNXMUpYOFp1aHNrVGNFeExaUDVLekJWTzdlX2syclVuQzRid054eDVHUlhKRTI2OUlhcGFFd3Nad1RrSmRBOVc0YnJxTXN5SnNmYW4yTXlOUmxoSHpzdUhpeUZib3ZpWEFwQmVsMVQyYTZReHNqTHE2QmFHUWxhUXFSZV90Rk5PVUl6UzNpcDdCdUtGN3hqYjdNVUdtbU45VVg1Q2pHb1NzMkRnRElucVlXejVXUGRkZG1KMlZqc3dUSVM2emdHS0dOLW1uR0NHU3c3MDhfWldEbFlDVkxmdnpDc2ZFYTB3X0Vtc25NRUtsZHQ0OHhXT2FwQ0VUaVI3bjJsMFVNRGtPQjA4blB6QWF4dWtyaUg5bDltMzlwUGhOVE5CUHE4NHhYOE5MTy1hVnh3cDVvTEZaRm1uZFN5UzZWTERMTjdEd2hXNGtLQS0wcnlVQ1gwenAyRk1DalM4SC11cHZHY28yTVJMd3QwYnFzb3gtd0lYUlU0Mi1vYTRlTGM0cElBRFJ0M3dBc3U4dWp0OFFBTFhZN2tDNFJNYW5zYmp5N2RVRkprbVk3LXdkQXJqSmUzQy1KQW9QVTM3RWltam43Qk9SVy1peFZyVTNBd2taQl9TMkVBWHo2azViTVNNYnJFS25vODQtNElMbGIzcFpfcmh3TDlVc2hFcnE3TmJMWFVZOVRwOVhqRGtrVzRlTjB6OFBtQ1h3R25QQnVGZGxMZ2dvVW0wNWVuQkxOLW43eUR3NGFQZThqNHc5RGNVOHhMRU13aE5CbzF5TmN3bE5SR05NY25SRmF3cGNCNWtMS2FYd1BWUVpibzJiWDBGSk0yeXVpcGJKX2JBSzB4aFExNzBmZkZRY015R1RHWFhtdWNYMnVEckNWTmhnTkJvWDhmN1NicmVJSndJaER1em1nYldJUEpKMFgxUGtRWjBBUkFJZXkyTnJBaVFxZWp2c0d4dmhadDJ2Q0kwRFF6b1UyOXhxVlJfUFFybkNvYzE2bl9ESDdjQ1J0WFotZUZYdkV3WEpPbkNBUVFkSi1qY1JKY00wTXRxR0t6MXVYN3V5eUVJMjlJbWR0amFTdEZVcmF0N1piQnlwd1UzempDTlFxVnNUSEtkc3MyT3EtU2NJdHhaaWpmbXBScUs5STRqZFhHd2drTlQ1cVRCQ2puZ2dDYU1FTW8yTVZwMjhEUjNpNFV4dHIyZTIyd1Q4a1NMZVY5T0NtSU50amp0LVVaVTRnaDNaLS02YzNsX0Jxd09IMzFxemhHTmlBb3FkcVAyMnBVUVJmcFNwWUpBaktHcVRIMk1Ta1d1eGx6SjB2Z2Fmam5JbHJOSnVJVy1QeUpwcUpwQzZTeWlCQzAwRnlvYWxzWFliRFBNSWJvbE1xT0N2V2VkVkRSYkVZRVAyN1YtWG1CNGdSNGwzZm5zM2lxY3JrSkRSUDVVend0Ny1lMTR2b3VQckhtdzEzQ2t3UGJqZ2xsR2Q4Nmx5OW9aS0p3Qy1jS3FGWnpnem9vVDg2cUhicUtheHNTR0t2WXlabUxhSnF1emg4ZHNsamotQ2dvZjdBY2tadExOelVrVzlpRFRaWG5qMlB6czNtYmVCWEwyNndPLXktTWJlaEpqUVp4MzVZck95TWFyZ1RqeE9wbTNSak5hTWxzWjMtcU01NHFYbHh3QXJVWEVDbVNXRkN4Q1l5QjNrd29NRkp6TEJxT193ekNTSWF3dG5jWUF5Q2xOSkdaSi1hNklnUVdTY040SlhoMVJRYVZ4X3o4RU1mbWhFWkFCTF9YWndYT0FrNS1GcEVPZEZlbmJ0OW00MTc3Vm5IckFIUzB4REotTG4zcWNWemdwNHh0V3dvNm9aR3gxX1RSS0NXR1ptY0tveEROalQ3NFhVZlQ0QzdmYmNUV211NzZOZmQ5NHZHT1JqdnA5eVhlZkY5M1c4QVM5LXp6X2ZGQmlsTGk3ajNOUkRHcmp4UXZYUE04bkkxdldUZnZYWXl4RXBLTkw4NWxRZno3MVVibzVDUnA1SElsVFNfQUpnbks2RnU3N0dDaHJBLThGWHBFUTd3TWpCUVNyYkozRFU4MmVodGJzSUlSMmgxbk9RVnhId2hWejM4RG9NYzIwR0Rqbk5GRDZZWG9GNkpIWFdXY05OcmpLYXg1RDJCWDZCYktOSDBpU0JTWXBsTjhsU19HSFgwN1BCTTlFOEdQRVJHMG1uTmJ6clhGMkFmM3ZfZ1VZenZIQjBHZnhTYjAwZDFBU01pZ1dnRnhEaUM3cHlGeWE4NlJ2U1ZMVGNuaFJ5TGJiYy1iT1Zscjc5Y0tFNE1rcGdXYm4zcVdaZ2Q0MlFvbFgxMUZlelJnZW1Ja2FLRVd4bHpTSmRPS1RiblBnd1hCeUM3ZmFoa3lFTmk1dXhBTU51aHo3dlRTMWUyWktyVzI3OXlBWTdnd0lqQk44bUFVSnVqWUgwMHJIbFhoSDlaaUltWHp5Z3ZNdHM4cVNxUThwSG9QTVVFREpLRWxDNVZCY0RSaUpUTmhlZU9TdXBBZGNrbFBQV0tDYUUwbVlDM3VUY0x0V2syMS1jX0otOVZ2dTNFNzNKWXJUbE4wR1NMV1ZhcVY3bjZ3QkJoTEtwSEg0bmNkRkk3Y1pjV19UYmQ4OGhyUmJYZ21SbmpqVHJEd21RbDdOTFNUN0Z4R2dxR2lDUTNOQjNoa0NoUUpENVp3dV9QLWRmRnVFaUtDWFc3NlZoaTM4ekk2cjRUVkJWdU53WTdHQUphdDNRM3lEUE5Pb1AycDFraTlXVjRoLVZsWTBLUThEaEFLeXdKVl9rLXJNZWNGaEhwQ1VzN2hXRGdjajdsbmlPdlVOZTZDSjNXUWJkRy1leGpadjlSRXoxTjZpVGtYby00OGc0THhyc1Z6ay01b3JKTTQ3V2RzSzJaMi15cFMwcWRmUG5hc09CX1gzTVVMZU5CcGtHNUoyT0dMNjRvN18zSlV6Mk54OFlwaG11aFNvZmdEOXpOWjlkc3FCdUdrVkdIQkR0NVpZUG9VUVhDV1hLYVV6Q0FFRFc1S2tlWGdPSzVVWnA2ZVcyekZndXc5RlBmekpjVjAtd0h2dHRhWVdqRHN4RmpvNkN5MDc3TjJXRzVEZkNLa3FIM1VFNDBCejJtNjlpTkxhTUVMMm0zUHBkVHNROFVfdFdyNElCUUNXYXhLdUI2R1NsMWw3ak0xMEJ6akpmTFJadXJXR2MwQkxlSUVuc05ka0tMNmNOWWZ4cGpkQzFKNXppTTBQZ3dsUGMyOFJXeDAxeXlkXzVhTWQyR2NjVk4xVzRjeWlfRHRINUotSUFzeVhvUjM4V0xUeGpqR2U3UnJWRlJSMHFxaVRwVW1BQ0IzRU5KNUZWSXVXcmItNGMwZ0ZXWXlId19mSjEyUllSSFFOMkdzZEpibFN2cXAyc2ZQM3FWSVBWdjFXRzhKUmozbHFYRDFaNDA0SFNMeW5jM0tlbV9hVF9WVUo2MVdTR1lCQTVXMm5UcGhSMkJXV25WMkg3RzdLaWJacm94MmliVExReEdtamtLaGtxX2hNZ0NLS2ZaaXlnRWtEN3pZb1YzV1RRWmhaZmZib3cyMlVHTzdMWVVIUWlYZ3hHWEdINElxaXY5aHRqNklSS29PeG1CRl9aRENqS1kwOXQ1a2pFN29FWjNVeTNIckhyNjhMVVhzT2tkZ1lCcU5UQnZ0c3RRbDdZOG55a0dpNUtjbDlKZ2JUTUl5cDJuQk1ZYzdCMlo3cm80YllkZWFVclFfeUQ1MjNOcV9BMEx4OExWdkF4MUkxSUMyaTFoa3hRbjJWa2VIQ2NHR0F3Qy05V2oxeE9GSmZrRUlJS0Y3dGpNdUhHRE9KMW1PdjB4OUxvbG5nVGw4M3Q4T01zR2VFNVY5a3FHTTJPdFpwcWtqeG4tQngwUFpwd1hJV2FHM2s4a0kxa1ptNWg4MHg3dlhxeWVETGJjRGhYdzQ0eEIwWktYRDItWEk1WmdMNExFX0JLekR3OVJaQTNYRjJ0eTJCX3JqOG9Uby04V01ZbGt6dlJaZVpGWXV2Y2tyNVlGZGFQR2I3bjR2Qkh0ZDZySlRzV2R6SmllRFBSS05IaG1vQUVUQmxMdEMyWk1ZNkxpbkVoUFNWbk11X24wcGtaMXVXcmhWZzgtU3JrNEhnWmNnZUdwdVNnVWRSNXVOaUNIWkZKa1B4V0tYTk1pNGRIUnE1ZERPS3laR19Jczh0LUlPRDRlbXFGVjJKMHVwWHhWcmFfSHR1UWN2b19oY2prMWc0ZzFlWVQ1czdLMzBjM3RfR3g0ajlmWmJ0aXhxQkxsZHE1ZHhVcmFTR193Q0NRYV9BTHF4bm5ySVVNWmZlbGJ3WFpITWVta3pabmlQOE5zLVRRa3VFY2VINzRkblR1Znh4U1dGNFZRSzZBWnI5WnA4VjBUeFNSZ0JjRDVGT3lWUzhaOVV2bXkwRnFBWVNOTHdLYi12aTkwbW9MV2pESlVqblJXMDRLallYMm1TSlZxakNnVlJOZ3AwOXRWczRwYUszOUNnZHhnUDVrS1ZfZGlTN2xWVVl0bEkxeEZrOEN5cVJqaHYzbkl2WmZIbzRucHV3eFMxY2QyQTVqLUY1WlpvazVYcE53cHBIOXpnMFRqMG5IcFFqT3FmMkdiVktuUGlWMHJ3cEpvbWV4SGEyMmtpTjdyYzJVazczWlhkRmxQdGNwNmp5S0E0a3JoS19KNzZKZkNCeVBhVGlTV1U1WEM5RjRPN3hUeXBCay1YS0w1SWVBWDl3NEtFUGZLV29zbGs3N3h0MXowV0UzbkVsbVR5WFFNLXVKVlJnNWExQlBKTHl5R2RDVFZMalZaN2dZbl9QMlF6dzIwTUtWNEZaekR4QU40MWFQSnUyZEdMYmU2czI0QUhkUmhDT1RTNWF4SDVTejg4NGp5UWMwRDJqZjBDUVk0Nkp3YkpENzZFQUFpMGc4cGwwR2luc0FEVUU0RS1tc0tkMlVtSGxucGp1TngwLVpvdEVZckdQRlZzT3Z1R1hnN3M3NFFBNGFwTGJ6VHhVOWZpVGFmdmU0Q05tWE9uSlEtOGdIR1VudEZleW5VZUQ1MUd0dlduQllmZkxSak9wM0taNTlWcEFvWnFCaVZIeVVIeU9vTWFmOVNtU2hMNTQyUHNwZjV3a2lVSFBvWWtpbmt6VnlBRXd4LVkyV1ljSmVadG1tdk5jc1hPaS1OSWEzVzVHZmhQY3h0RjJLV1Z0blhKamhpWUJuaVJMU0RGU3kyd0ZWQTduM3dEbl8tUWZ0MlczQ2YtdlB5MW1jY0lvZUJqVWZ4MUIzaGFxME9rYjRwTENmQ0NBNVVTSVRKT3MzS2pHbHJNVEJrVTBoVlk1WE9NTy1QZXZ0YldRRVJ2MHBGNDdiWk4wUlA0bGNUNzNxN3g0X0pfRWhMNnRBNHl1clU1dHNYc19PNXBnWlBlXzNYczBNMndvU3V2VE54UHdtZzNtdjdvS0FiRXpGNlFFMzZCVHlFZ3M4YzBBVWR4NkRKLS1wX0FLemRzYVRVNkZUczNUWjJuZnFUbzBZamItYkJST1NQaUxZajNjcUc5cGFlQmJGS0p5TjhBajZYTmpBbTFqWC1INXIzaGRncTd4TVZ2RThxQVFOamZYRk9hNEcxWnMxaENPN2lPc0Y5T2MzbFZDbVVzTDczNDFzbGlYMXhIUmdfMFQzcmJyU3RVdzNfSnMzMTd0Tm9Sa2NlQnF5ejFPdjk0dzFBdkxWU3o3MlFKT2F6elJGUjRXWmpRcEVFV1lIRi1pT0ZHR1BDZnI3d3RYMVd0YURURWZVMXVSTnhPYUhpNmJCQlVtZXp0QmZyNGlfLUo2WVZFanYwazZSa2hNQWljSDBOVElONHF2SlQ2Z0JCVGhQU3d0SjFwNS1tTXc1TGdlcDdtbEFKaUxpUnliLUwzYjd1TmZ6a3AtcFo4aWlmeUpRNGdJb04xbWlFSTNNaElpT1dTeUxNaXhkY1kxTEVaN01Bb0dZbUZXTlNpeDg5QThhaWpNTmdkY291a3p4LUVUMV9OY24xMUtNdTBfQmFjZk03SDdNTmJPSjBKeXJ3ODhGbTRyVUFtTk5FTm1CTUp2cWh4MUV0NGhkS09DeHJwTFhyNHlfQ0w4X2o4eXBYQXhvQ0RfYWR2SDRpdDFwMGFJV1F0QlhDMDZDeTJpUlk2aEZybzBGREpXbEljajZ6RGtEMGg0am9Ob2xSaXplQkxWQmV3VnZmOUJRWFY1enp3TzBfNWQtYkZJODBjcE1jV1lxRmU3bHhtU3V2eUZ6UGh2b0ZLcmdHeS1La1VlWGRmT0lzbHFHNm1kcERwT0Q2X1BpdFl5ZmxLNjNpMkMtVXdVN1dTR3VUQlpiY2xfdEFTRkU1UE1CTEVVa1JqN2JqUWEydEgtZ0FaQ1ZPRmc1V0FSNTRHLXhFeEprOFFEVmtTSmpYY3p0WXdXVXFiMU5aV1JIcGNfWW0wdnA2RW1XdFlTVVJtTXV5NlY5enFoYnJlYkxWYVh0UDJJRGh0YnlxV1oxMVBOd1RDYllENzFRanN6MUwxU1pHakxaM2RXX0FnQTQwcGJNeGVyVnFHWG5oS2szTVNXa2RzS0s3cWFxM0VGMDcwUmlVYUQ0dHU4a25QWVdvb3NJWnp2aEhmVDRxcUs5NFduS19ONkRodlp1TmUzR192LWEtczJ5ZDlUcTNUalJsZDNCTF8tbnYyT2o0bWRvdWRhQW5yc1BSaTd4TEtOQl8ydkFqZ0RHRF9FODBCZFliX3VrS2FKTkFHRFZzMHJZX2ZTekZ5cUtKMFNWZjk5Q3JvWkdZaHMwaEMzOUs4OWVyZS1ZTFJFcG93UUNEQmMxZkJmUnJxUlBxMXBEWnJ1OHJjMUNyU0I5ZjJJak5Jb0o4cE80ZmJMTE1lbnd5ekhqal9sQ1kyTEtfbTFYaEd2RFIyVVZrNDFteTQ3ckVuU1J0b0dKWDJIOUNGd29ZVzN2RU5XR2tlSGcwUnQ5cFlOZTZQSGtUODdtMEp6TFlEWnBRcUZMM2hIdjgyOW5VRkVGNjBzZ1R5MTR4bHQxbE1OV1J4dHBwUUozdWl5N1h4Zm5pUXV0RlBpMng1aTVScFVfSFFNamtsUmxoX3lKdFhvTUtLNFJ5SUFpTi1XTnBhZ1lVTjhPUlZKUUpvUTRmT0Mtb0pBdnZmSzVHb0E3VGRiUXdSdnhNM1VnTThydTVMYmdReUFZTDc3MVVFby0zSUxLMFJnM3hJcW1hUTJETlQ5dmVrendkaXRBMGJBX2kwdjZBbkw0ZHpicWE1Qkt3Q0p2SHBkNmZRdDhlVlhzWGtWWTVMSkdsYjJxNzNqNUJiZGszZlZqZjBZSUI2eTlkbE5NTHFZWF9RN2ZTb0xZTmxEMjdERmFJYk1PcmlZVWhEVXRZbUl2dXlVMWpYaUVzLU5fVElKT3cxODRqUmY4UFZnSGZuX1UyWkstN2d3ZndJWkF3emd3amt1MWRJSlVGQnZhdWg3ZWwtSFpvWmV2ZDhRYk1ORjVzRjlubjE4bWlGNkJCMmZiOWw0dThRVDhQQUUwYWpUZFNNcUZSbVNadnByRUJncTVjNkpYMnJqNFVxOHpYcDF2OTRQVHM2U0Mwdl9SY1I1MVlFMGgxdzJrVXVUZXVEN3lKNHloVzlCUDZ1a1pPNXVwWWdKSUQ2em5FLWFsRUk2dzZJdC12LTBxMnhhV0YtbFpHamZLOVdpRTZNdzdjRFdHZzk4blJDTmJyc1ItTjE0ZmcuaTY2ejBVOTg3QmVFNHZNU0RsdHJLQSINCn0.F97n9ow8AlifFZTfh4QoC6P0rfMSBwVblnkl2pBlzZ-jvYS0mYOwJYwyB7TKG_JlWuPxJYdyDY5xPKEXhOxrQPY-448PVrSLAiuR3f5R2PFqVl4WXio87gfbC8z7PAd0y0vNJcTD8PRFbf-SsZZESA6S5rnrrpAN1EsuDMkEVimFaSQo9TTc2PYXPH1qe5m18LMF2bteqIiwVEW7-4waAZF0VMVAVlaYYOGx8AzdFuGgTPFe67leOo2Zam3YvBsGX6gH3EzaY69hQS5lS4km09WcNnH8RDMVeC2VsWiPaVTyZ9z9limS-P-0YkikQP5VbjiOPRCIhHOu6S6k4xQHoA" +}
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust2.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust2.json new file mode 100644 index 000000000..8fef32927 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust2.json @@ -0,0 +1,6 @@ +{ + "v": 10, + "respID": "2LVPaGlWAwzxURkrcTQX", + "inResponseTo": "_63ff9ef67370024c4d2d8b9bfd380578", + "signedPayload": "ew0KICAiYWxnIjogIlJTMjU2IiwNCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9zbDIuMDtjb21tYW5kIiwNCiAgIng1dCNTMjU2IjogIjBGUmRDYkFxVTF2YlQtOUt3S0JUcU5GQXBkcU9HT25Fa0o1dGp6MFp0anciDQp9.ew0KICAibmFtZSI6ICJxdWFsaWZpZWRlSUQiLA0KICAicmVzdWx0Ijogew0KICAgICJFSUQtSURFTlRJVFktTElOSyI6ICJQSE5oYld3NlFYTnpaWEowYVc5dUlFRnpjMlZ5ZEdsdmJrbEVQU0p6ZW5JdVltMXBMbWQyTG1GMExVRnpjMlZ5ZEdsdmJrbEVNVFV5T0RnNE1ESTJORE0wTURJNU5EVWlJRWx6YzNWbFNXNXpkR0Z1ZEQwaU1qQXhPQzB3TmkweE0xUXhNRG8xTnpvME5Dc3dNVG93TUNJZ1NYTnpkV1Z5UFNKb2RIUndPaTh2Y0c5eWRHRnNMbUp0YVM1bmRpNWhkQzl5WldZdmMzcHlMMmx6YzNWbGNpSWdUV0ZxYjNKV1pYSnphVzl1UFNJeElpQk5hVzV2Y2xabGNuTnBiMjQ5SWpBaUlIaHRiRzV6T25OaGJXdzlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qRXVNRHBoYzNObGNuUnBiMjRpSUhodGJHNXpPbkJ5UFNKb2RIUndPaTh2Y21WbVpYSmxibU5sTG1VdFoyOTJaWEp1YldWdWRDNW5kaTVoZEM5dVlXMWxjM0JoWTJVdmNHVnljMjl1WkdGMFlTOHlNREF5TURJeU9DTWlJSGh0Ykc1ek9tUnphV2M5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU1pSUhodGJHNXpPbVZqWkhOaFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4THpBMEwzaHRiR1J6YVdjdGJXOXlaU01pSUhodGJHNXpPbk5wUFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZUzFwYm5OMFlXNWpaU0krQ2drOGMyRnRiRHBCZEhSeWFXSjFkR1ZUZEdGMFpXMWxiblErQ2drSlBITmhiV3c2VTNWaWFtVmpkRDRLQ1FrSlBITmhiV3c2VTNWaWFtVmpkRU52Ym1acGNtMWhkR2x2Ymo0S0NRa0pDVHh6WVcxc09rTnZibVpwY20xaGRHbHZiazFsZEdodlpENTFjbTQ2YjJGemFYTTZibUZ0WlhNNmRHTTZVMEZOVERveExqQTZZMjA2YzJWdVpHVnlMWFp2ZFdOb1pYTThMM05oYld3NlEyOXVabWx5YldGMGFXOXVUV1YwYUc5a1Bnb0pDUWtKUEhOaGJXdzZVM1ZpYW1WamRFTnZibVpwY20xaGRHbHZia1JoZEdFK0Nna0pDUWtKUEhCeU9sQmxjbk52YmlCemFUcDBlWEJsUFNKd2NqcFFhSGx6YVdOaGJGQmxjbk52YmxSNWNHVWlQanh3Y2pwSlpHVnVkR2xtYVdOaGRHbHZiajQ4Y0hJNlZtRnNkV1UrZEhGRFVVVkROeXRCY1VkRlpXVk1Nemt3VmpWS1p6MDlQQzl3Y2pwV1lXeDFaVDQ4Y0hJNlZIbHdaVDUxY200NmNIVmliR2xqYVdRNlozWXVZWFE2WW1GelpXbGtQQzl3Y2pwVWVYQmxQand2Y0hJNlNXUmxiblJwWm1sallYUnBiMjQrUEhCeU9rNWhiV1UrUEhCeU9rZHBkbVZ1VG1GdFpUNU5ZWGc4TDNCeU9rZHBkbVZ1VG1GdFpUNDhjSEk2Um1GdGFXeDVUbUZ0WlNCd2NtbHRZWEo1UFNKMWJtUmxabWx1WldRaVBrMTFjM1JsY20xaGJtNDhMM0J5T2taaGJXbHNlVTVoYldVK1BDOXdjanBPWVcxbFBqeHdjanBFWVhSbFQyWkNhWEowYUQ0eE9UUXdMVEF4TFRBeFBDOXdjanBFWVhSbFQyWkNhWEowYUQ0OEwzQnlPbEJsY25OdmJqNEtDUWtKQ1R3dmMyRnRiRHBUZFdKcVpXTjBRMjl1Wm1seWJXRjBhVzl1UkdGMFlUNEtDUWtKUEM5ellXMXNPbE4xWW1wbFkzUkRiMjVtYVhKdFlYUnBiMjQrQ2drSlBDOXpZVzFzT2xOMVltcGxZM1ErQ2drOGMyRnRiRHBCZEhSeWFXSjFkR1VnUVhSMGNtbGlkWFJsVG1GdFpUMGlRMmwwYVhwbGJsQjFZbXhwWTB0bGVTSWdRWFIwY21saWRYUmxUbUZ0WlhOd1lXTmxQU0oxY200NmNIVmliR2xqYVdRNlozWXVZWFE2Ym1GdFpYTndZV05sY3pwcFpHVnVkR2wwZVd4cGJtczZNUzR5SWo0OGMyRnRiRHBCZEhSeWFXSjFkR1ZXWVd4MVpUNDhaSE5wWnpwU1UwRkxaWGxXWVd4MVpUNDhaSE5wWnpwTmIyUjFiSFZ6UG5sMlIwMVFSRFZaYWtobVpXOHhkbHBoU0VGNFEwWkNNeXRCUW0xaVlWQnpjRE5HTVhGRGRHY3ZaWFpsVVZSSWNsQnlSVXhPVDJaT1VuWTBhV0V3WlhjNFRsQnlaVFpRUjJKRFZHTU5DbnBrT1ZGdVZqSmlSRE5yVFhCa1VqUlRjMlpRVFVnd2VGQkdXRFV4T0dsUlZEQTFUWHBhT1dRM01WVnpiRGxzZHpack1HcHdTMjFGVlVWMlpWcGpRVVZKTVhGa00ySjNTWEJVTURnTkNtRjZabG8xTDFCa1JUWlpSVmcyVlhwUE5FSk1VbHB3ZUdOTlJtTXdhRGxaYW5vclZ6QktjRVYxVTFKUE0xZFFjRVpvY2xZeVZVOUtVU3R4ZUhrdk5EWklZek5JVERkTlFsRlNWMm9OQ2twVU9XUndlV0l2T0dSbFpWQkRialJGTldoTFRWSlRjblZGUjJwaGFFOVlMMHcwTTNWSFVVOU5VRVZ4V1hCTFNIZzRhazlTTDBsUE16WnJTSFZWWm5GT1RuVlhiRWhDYlVzMldFME5DbmN3TUZsclYyTkRVRUkwYW1KUk5URTBSVk16UjFJMlJIQkpNbGRVVVRCaFRGbHRWR1YzUFQwOEwyUnphV2M2VFc5a2RXeDFjejQ4WkhOcFp6cEZlSEJ2Ym1WdWRENUJVVUZDUEM5a2MybG5Pa1Y0Y0c5dVpXNTBQand2WkhOcFp6cFNVMEZMWlhsV1lXeDFaVDQ4TDNOaGJXdzZRWFIwY21saWRYUmxWbUZzZFdVK1BDOXpZVzFzT2tGMGRISnBZblYwWlQ0OEwzTmhiV3c2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwUGdvSlBHUnphV2M2VTJsbmJtRjBkWEpsUGdvSkNUeGtjMmxuT2xOcFoyNWxaRWx1Wm04K0Nna0pDVHhrYzJsbk9rTmhibTl1YVdOaGJHbDZZWFJwYjI1TlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekV3TDNodGJDMWxlR010WXpFMGJpTWlJQzgrQ2drSkNUeGtjMmxuT2xOcFoyNWhkSFZ5WlUxbGRHaHZaQ0JCYkdkdmNtbDBhRzA5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU55YzJFdGMyaGhNU0lnTHo0S0NRa0pQR1J6YVdjNlVtVm1aWEpsYm1ObElGVlNTVDBpSWo0S0NRa0pDVHhrYzJsbk9sUnlZVzV6Wm05eWJYTStDZ2tKQ1FrSlBHUnphV2M2VkhKaGJuTm1iM0p0SUVGc1oyOXlhWFJvYlQwaWFIUjBjRG92TDNkM2R5NTNNeTV2Y21jdlZGSXZNVGs1T1M5U1JVTXRlSEJoZEdndE1UazVPVEV4TVRZaVBnb0pDUWtKQ1FrOFpITnBaenBZVUdGMGFENXViM1FvWVc1alpYTjBiM0l0YjNJdGMyVnNaam82Y0hJNlNXUmxiblJwWm1sallYUnBiMjRwUEM5a2MybG5PbGhRWVhSb1Bnb0pDUWtKQ1R3dlpITnBaenBVY21GdWMyWnZjbTArQ2drSkNRa0pQR1J6YVdjNlZISmhibk5tYjNKdElFRnNaMjl5YVhSb2JUMGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM4d09TOTRiV3hrYzJsbkkyVnVkbVZzYjNCbFpDMXphV2R1WVhSMWNtVWlJQzgrQ2drSkNRazhMMlJ6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1R4a2MybG5Pa1JwWjJWemRFMWxkR2h2WkNCQmJHZHZjbWwwYUcwOUltaDBkSEE2THk5M2QzY3Vkek11YjNKbkx6SXdNREF2TURrdmVHMXNaSE5wWnlOemFHRXhJaUF2UGdvSkNRa0pQR1J6YVdjNlJHbG5aWE4wVm1Gc2RXVSthVXN6TW10cmJVNWtVelZIV2xSemJHOHhTbVJDWVdsRFRsVnJQVHd2WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDRLQ1FrSlBDOWtjMmxuT2xKbFptVnlaVzVqWlQ0S0NRa0pQR1J6YVdjNlVtVm1aWEpsYm1ObElGUjVjR1U5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU5OWVc1cFptVnpkQ0lnVlZKSlBTSWpiV0Z1YVdabGMzUWlQZ29KQ1FrSlBHUnphV2M2UkdsblpYTjBUV1YwYUc5a0lFRnNaMjl5YVhSb2JUMGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM4d09TOTRiV3hrYzJsbkkzTm9ZVEVpSUM4K0Nna0pDUWs4WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDQ0TWtadVlVeGxja2x6YVVOM1RFRlhVVEZYUVVjcmJVUlVWVTA5UEM5a2MybG5Pa1JwWjJWemRGWmhiSFZsUGdvSkNRazhMMlJ6YVdjNlVtVm1aWEpsYm1ObFBnb0pDVHd2WkhOcFp6cFRhV2R1WldSSmJtWnZQZ29KQ1R4a2MybG5PbE5wWjI1aGRIVnlaVlpoYkhWbFBnb2dJQ0FnY1UxMU1uTXJkV2xwVlhVMk0zRmpOWEZhYmxWWFpVeEZSREpuVm5GRFkwTmtRMGN4ZHpFMVoxSkdTV3Q0UzNOWVZGRlRRVE5LVjBoRFJYaHhjams1ZDBjMFYwMXRjRTF0U21oaFR3MEtkRGc0TjJOUlRtOUdURFJaYTBzMVRXcEhOR28wUjI1Q1ZHZFRhRVpXY0c0MWRXaFBkblpITUZsd1lVSlhNMlYyYVdSYVRYWkllV0psV1VSSVZHeHBia2sxVWtaU1pVaEdXRU5zVGcwS1dGQmhUMWxWTHpVek5GRnhaMWhLU1hrMFpXdHVkRFJ2UXk5TE0xRnVaVWhoU1VKbmVrSjFkMlpIUjIxbGEwVnlPVGROUkV0NllXWjBhMDVwTVVSS1dFNDRkMkZJVmtWTVdubHRPUTBLUjJGM1JraExjRUpGY2s5aGVqQXZVRVpxZUZGUVpsQkRaVW93UzJoNGRqbFFWVmh5YUZkUlMySkhZWEp1VlU1MUx5dFRNVEZqUzA5eGMzQmpiR2htUzFac2QxUlNhQzlXVkdsaFZBMEtSbUU0THpoYVMwSTVNM2cyV21SSVQwMHlZblY1VERaMVRqQTFjblpMWW05d1ozcG5ObEU5UFFvZ0lEd3ZaSE5wWnpwVGFXZHVZWFIxY21WV1lXeDFaVDQ4WkhOcFp6cExaWGxKYm1adlBqeGtjMmxuT2xnMU1EbEVZWFJoUGp4a2MybG5PbGcxTURsRFpYSjBhV1pwWTJGMFpUNU5TVWxHZFhwRFEwSkxUMmRCZDBsQ1FXZEpSRWRUYTJWTlFUQkhRMU54UjFOSllqTkVVVVZDUWxGVlFVMUpSMlpOVVhOM1ExRlpSRlpSVVVkRmQwcENEUXBXUkVaSlRVVlpSMEV4VlVWRFozY3ZVVk14VldOdVZucGtRMEpJV2xoTmRVbEhXWFZKUms1d1dUSm9iR050YUd4aFdGSjZZek5zZW1SSFZuUmFVMEp3RFFwaVUwSnNZa2RXY21SSVNYVkpSVkpvWkVkV2RXUnRWbmxoTWxadlkybENTR0pYU2tsTlUwbDNTVUZaUkZaUlVVeEVRbXhvVEZoT2NGb3lOSFJaTWpsNURRcGpSemw1V1ZoU2JFeFhlSEJhTW1nd1RGUkJlVTFUU1hkSlFWbEVWbEZSUkVSQ2JHaE1XRTV3V2pJMGRGa3lPWGxqUnpsNVdWaFNiRXhYZUhCYU1tZ3dEUXBNVkVGNVRVSTBXRVJVUlRGTlJHTjVUMFJGTVU1RWEzZE9WbTlZUkZSSmQwMUVZM2xQUkVWNlRrUnJkMDVXYjNkbllsbDRRM3BCU2tKblRsWkNRVmxVRFFwQmEwWlZUVkkwZDBoQldVUldVVkZMUkVKV1JWbFlVbXhpYms1cVlVaFdNR1Z0ZEhaaVZ6RndZek5PY0dJeU5IaEpha0ZuUW1kT1ZrSkJjMDFIVms0d0RRcFpWekYwWlcxR2IySklTbXhhTW14NlpFZFdlVmx0Vm05aU1sWjVXa2RWZUV4cVFYTkNaMDVXUWtGTlRVcFdUbkJhTWpWb1pFaFdlV015Vm5sa2JXeHFEUXBhVTBKRldWaFNiR0p1VG1waFNGWXdaVzEwZG1KWE1YQmpNMDV3WWpJMGVFWlVRVlJDWjA1V1FrRlZWRVJFVFhsT1ZHdDVUMFJOZVUxNmF6VlBSRVZqRFFwTlFtOUhRMU54UjFOSllqTkVVVVZLUVZGM1RscElUbkpSUjFKNllYazFibVJwTldoa1JFTkRRVk5KZDBSUldVcExiMXBKYUhaalRrRlJSVUpDVVVGRURRcG5aMFZRUVVSRFEwRlJiME5uWjBWQ1FVNHJaRUpUUlVKSGFqSnFWVmhKU3pGTmNETnNWbmhqTDFwaEszQktUV2w1UzNKWU0wY3hXbmhuV0M5cGEzZzNEUXBFT1hOamMxQlpUWFEwTnpOTWJFRlhiRGxqYlVOaVNHSktTeXRRVmpKWVRrNWtWVkpNVFZWRFNWZ3JOSFpWVG5NeVRVaGxSRlJSZEZnNFFsaHFTa1p3RFFwM1NsbFRiMkZTU2xFek9VWldVeTh4Y2pWelYyTnlZVGxJYUdSdE4zYzFSM1I0THpKMWEzbEVXREJyWkd0NFlYZHJhRkEwUlZGRmVta3ZVMGtyUm5WbkRRcHVLMWR4WjFFeGJrRmtiR0o0WWk5a1kwSjNOWGN4YURsaU0yeHRkWGRWWmpSNk0yOXZVVmRWUkRKRVowRXZhMHRrTVV0bGFrNVNORE50VEZWemJYWlREUXA2WlhaUWVGUTVlbk0zT0hCUFVqRlBZV05DTjBsemVsUldTbEJZWlU5RllXRk9Xa2h1YmtJdlZXVlBNMmM0VEVWV0x6TlBhMWhqVldkalRXdGlTVWxwRFFwaFFraHNiR3czTVZCeE1FTlBhamxyY1dwWWIyVTNUM0pTYWt4Wk5Xa3pTM2RQY0dFMlZFMURRWGRGUVVGaFQwTkJaVlYzWjJkSWFFMUNSVWRCTVZWa0RRcEVaMUZMUWtGb1RVTkJObVZIZGxNeGRXcEJUMEpuVGxaSVVUaENRV1k0UlVKQlRVTkNURUYzUkdkWlNFdHBaMEZEWjBWSVFWRlJSRUZSU0M5TlFrMUhEUXBCTVZWa1NYZFJUVTFCY1VGRFJXdGpWMFJ3VURaQk1FUk5RV3RIUVRGVlpFVjNVVU5OUVVGM1JrRlpTRXRwWjBGRFowVkNRVkZSU2tSQlpFTlZNRWwwRFFwU1JrNU1UVWc0UjBORGMwZEJVVlZHUW5kRlFrSklUWGRqVkVKSFFtZG5ja0puUlVaQ1VXTjNRVzlaTm1GSVVqQmpSRzkyVEROa00yUjVOV2hNV0ZKNURRcGtXRTR3VEcxR01Fd3lUbXhqYmxKNlRESkZkR015Ykc1aWFURnFZak5LZDJJelNtaGtSMVYwWWtkc2JtRklVWFJOUkVwb1RHMU9lV1JFUVc1Q1oyZHlEUXBDWjBWR1FsRmpkMEZaV1dKaFNGSXdZMFJ2ZGt3eU9XcGpNMEYxV1ZNeE1HTnVWbnBrUXpWb1pFTTVkbGt6VG5kTlJsRkhRVEZWWkVsQlVrNU5SWE4zRFFwVFVWbEhTMmxuUVVWUlJWTk5SRGgzVUZGWlNVdDNXVUpDVVZWSVFXZEZWMDFYYURCa1NFRTJUSGs1TTJRelkzVlpVekV3WTI1V2VtUkROV2hrUXpsckRRcGlNazU2VERKT2Qwd3lSWFJqTW14dVlta3hRbUpZVW5wak1teHVZbTFHTUdSWVNYZG5XalJIUVRGVlpFaDNVMEpzYWtOQ2EzcERRbXRMUTBKcVlVTkNEUXBwYjJGQ2FESjRhMWxZUVRaTWVUbHpXa2RHZDB4dFJYUmtTRW94WXpOUmRWbFlVWFppTTFVNVdWTXhlbUZYWkhWTVYwNTJZMjVDZG1OdFJqQmFVekZ6RFFwaFYyUnZaRU13ZDAxcGVIWlFWVVYwVmtoS01XTXpVWE5aZWpGQ1ZrUTVhbHBZU2pCaFYxcHdXVEpHTUZwWVNteGtiVGxxV1ZoU2NHSXlOWE5oV0U0d0RRcFFNa3BvWXpKVkwySXlTbkZhVjA0d1dUSjRhR016VFRsYVYyeHJVVEpXZVdSSGJHMWhWMDVvWkVkc2RtSnJSakZrUjJoMlkyMXNNR1ZVUVU1Q1oydHhEUXBvYTJsSE9YY3dRa0ZSVlVaQlFVOURRVkZGUVVoUk0xcERUWFJCWW1GNlpVMUliVmRCTW5wb1dXeEljVWhuUzFadlkxWllSVVJuYlU1dFYweEhjVVpsRFFvNFJVRkVSa2x6T0hWSGNtdDBRbTFYUTFWSldHSlljemRVU0dObWVITXlTalEzZGtoMVkyOXdjMlJyWVdKT2JGaEZhbnB1WkZKbWJtTXJNVlpKYm1KdkRRcDZUWEpaWkRkcVpVUk9WRXN2ZEVscWFVOUZXV1J5ZVVsd1pXdFdPVU5tWVhjM2VYVTJiV1ZtVFhwbGRURmhRWGRtTjBKdVN5OW9kV2wzU2xkdVpXNXdEUXBDTjJsRUwxQjJXaXR0ZW5WRE4xSk9aa3BtUmlzclUzUnBRbFI0YVROV1dYaE9SMDFxVFRGalZUaEhkemxXVjJNd1VqTkZkV3BQWVZoWFowTkRPR2sxRFFwR1IyaFdkazlaYUU1WVpuTjRTbGhpVG5obGQwVkRhbkJCVEhaRWJFWk1UQ3RwUXpRNVJ5dEJSRk52VW5Zd1UyczVNVTlRZFN0alNXMURhak55Y3pOUkRRcDBZWE5KTDNBNVRGbGhZMGMyWXk5blNUTjBSVEJwYUhGbk9WSmljMHRJV0ZGc00xQlBka1ZTU2tFOVBUd3ZaSE5wWnpwWU5UQTVRMlZ5ZEdsbWFXTmhkR1UrUEM5a2MybG5PbGcxTURsRVlYUmhQand2WkhOcFp6cExaWGxKYm1adlBnb0pDVHhrYzJsbk9rOWlhbVZqZEQ0S0NRa0pQR1J6YVdjNlRXRnVhV1psYzNRZ1NXUTlJbTFoYm1sbVpYTjBJajRLQ1FrSkNUeGtjMmxuT2xKbFptVnlaVzVqWlNCVlVrazlJaUkrQ2drSkNRa0pQR1J6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1FrSlBHUnphV2M2VkhKaGJuTm1iM0p0SUVGc1oyOXlhWFJvYlQwaWFIUjBjRG92TDNkM2R5NTNNeTV2Y21jdlZGSXZNVGs1T1M5U1JVTXRlSEJoZEdndE1UazVPVEV4TVRZaVBnb0pDUWtKQ1FrSlBHUnphV2M2V0ZCaGRHZytibTkwS0dGdVkyVnpkRzl5TFc5eUxYTmxiR1k2T21SemFXYzZVMmxuYm1GMGRYSmxLVHd2WkhOcFp6cFlVR0YwYUQ0S0NRa0pDUWtKUEM5a2MybG5PbFJ5WVc1elptOXliVDRLQ1FrSkNRazhMMlJ6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1FrOFpITnBaenBFYVdkbGMzUk5aWFJvYjJRZ1FXeG5iM0pwZEdodFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF3THpBNUwzaHRiR1J6YVdjamMyaGhNU0lnTHo0S0NRa0pDUWs4WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDV0TWpWR056UXZOMWRMVlV4QmIwVXlWemRDYzBneVdVWlFUelE5UEM5a2MybG5Pa1JwWjJWemRGWmhiSFZsUGdvSkNRa0pQQzlrYzJsbk9sSmxabVZ5Wlc1alpUNEtDUWtKUEM5a2MybG5PazFoYm1sbVpYTjBQZ29KQ1R3dlpITnBaenBQWW1wbFkzUStDZ2s4TDJSemFXYzZVMmxuYm1GMGRYSmxQZ284TDNOaGJXdzZRWE56WlhKMGFXOXVQZz09IiwNCiAgICAiRUlELUNJVElaRU4tUUFBLUxFVkVMIjogImh0dHA6Ly9laWRhcy5ldXJvcGEuZXUvTG9BL3N1YnN0YW50aWFsIiwNCiAgICAiRUlELUNDUy1VUkwiOiAiaHR0cHM6Ly93d3cuYS10cnVzdC5hdC90b2RvIiwNCiAgICAiRUlELUFVVEgtQkxPQ0siOiAiUEQ5NGJXd2dkbVZ5YzJsdmJqMGlNUzR3SWlCbGJtTnZaR2x1WnowaVZWUkdMVGdpSUhOMFlXNWtZV3h2Ym1VOUltNXZJajgrUEhOaGJXd3lPa0Z6YzJWeWRHbHZiaUI0Yld4dWN6cHpZVzFzTWowaWRYSnVPbTloYzJsek9tNWhiV1Z6T25Sak9sTkJUVXc2TWk0d09tRnpjMlZ5ZEdsdmJpSWdTVVE5SWw4Mk0yWm1PV1ZtTmpjek56QXdNalJqTkdReVpEaGlPV0ptWkRNNE1EVTNPQ0lnU1hOemRXVkpibk4wWVc1MFBTSXlNREU0TFRBMkxURXpWREUzT2pRMk9qQTVLekF5T2pBd0lpQldaWEp6YVc5dVBTSXlMakFpSUhodGJHNXpPbmh6UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZU0krUEhOaGJXd3lPa2x6YzNWbGNpQkdiM0p0WVhROUluVnlianB2WVhOcGN6cHVZVzFsY3pwMFl6cFRRVTFNT2pJdU1EcHVZVzFsYVdRdFptOXliV0YwT21WdWRHbDBlU0krYUhSMGNITTZMeTkzZDNjdVlTMTBjblZ6ZEM1aGRDOTBiMlJ2UEM5ellXMXNNanBKYzNOMVpYSStQR1J6YVdjNlUybG5ibUYwZFhKbElIaHRiRzV6T21SemFXYzlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5Mekl3TURBdk1Ea3ZlRzFzWkhOcFp5TWlJRWxrUFNKemFXZHVZWFIxY21VdE1TMHhJajQ4WkhOcFp6cFRhV2R1WldSSmJtWnZQanhrYzJsbk9rTmhibTl1YVdOaGJHbDZZWFJwYjI1TlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk5VVVpOHlNREF4TDFKRlF5MTRiV3d0WXpFMGJpMHlNREF4TURNeE5TSWdMejQ4WkhOcFp6cFRhV2R1WVhSMWNtVk5aWFJvYjJRZ1FXeG5iM0pwZEdodFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4THpBMEwzaHRiR1J6YVdjdGJXOXlaU055YzJFdGMyaGhNalUySWlBdlBqeGtjMmxuT2xKbFptVnlaVzVqWlNCSlpEMGljbVZtWlhKbGJtTmxMVEV0TVNJZ1ZWSkpQU0lpUGp4a2MybG5PbFJ5WVc1elptOXliWE0rUEdSemFXYzZWSEpoYm5ObWIzSnRJRUZzWjI5eWFYUm9iVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2VkZJdk1UazVPUzlTUlVNdGVITnNkQzB4T1RrNU1URXhOaUkrUEhoemJEcHpkSGxzWlhOb1pXVjBJSGh0Ykc1ek9uaHpiRDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TVRrNU9TOVlVMHd2VkhKaGJuTm1iM0p0SWlCbGVHTnNkV1JsTFhKbGMzVnNkQzF3Y21WbWFYaGxjejBpYzJGdGJESWlJSFpsY25OcGIyNDlJakV1TUNJZ2VHMXNibk02YzJGdGJESTlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qSXVNRHBoYzNObGNuUnBiMjRpUGp4NGMydzZiM1YwY0hWMElHMWxkR2h2WkQwaWVHMXNJaUI0Yld3NmMzQmhZMlU5SW1SbFptRjFiSFFpSUM4K1BIaHpiRHAwWlcxd2JHRjBaU0J0WVhSamFEMGlMeUlnZUcxc2JuTTlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5MekU1T1RrdmVHaDBiV3dpUGp4b2RHMXNJSGh0Ykc1elBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHhPVGs1TDNob2RHMXNJajQ4YUdWaFpENDhkR2wwYkdVK1UybG5ibUYwZFhJZ1pHVnlJRUZ1YldWc1pHVmtZWFJsYmp3dmRHbDBiR1UrUEhOMGVXeGxJRzFsWkdsaFBTSnpZM0psWlc0aUlIUjVjR1U5SW5SbGVIUXZZM056SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FKQ1FrSkNTNXViM0p0WVd4emRIbHNaU0I3SUdadmJuUXRjMmw2WlRvZ2JXVmthWFZ0T3lCOUlBb2dJQ0FnSUNBZ0lDQWdJQ0FnSUFrSkNRa0pMbWwwWVd4cFkzTjBlV3hsSUhzZ1ptOXVkQzF6YVhwbE9pQnRaV1JwZFcwN0lHWnZiblF0YzNSNWJHVTZJR2wwWVd4cFl6c2dmUW9KQ1FrSkNRa0pDUzUwYVhSc1pYTjBlV3hsSUhzZ2RHVjRkQzFrWldOdmNtRjBhVzl1T25WdVpHVnliR2x1WlRzZ1ptOXVkQzEzWldsbmFIUTZZbTlzWkRzZ1ptOXVkQzF6YVhwbE9pQnRaV1JwZFcwN0lIMGdDZ2tKQ1FrSkNRa0pMbWcwYzNSNWJHVWdleUJtYjI1MExYTnBlbVU2SUd4aGNtZGxPeUI5SUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQUtDUWtKQ1FrSkNRa3VhR2xrWkdWdUlIdGthWE53YkdGNU9pQnViMjVsT3lCOUlBb2dJQ0FnSUNBZ0lDQWdJQ0FnSUFrSkNRazhMM04wZVd4bFBqd3ZhR1ZoWkQ0OFltOWtlVDQ4YURRZ1kyeGhjM005SW1nMGMzUjViR1VpUGtGdWJXVnNaR1ZrWVhSbGJqbzhMMmcwUGp4d0lHTnNZWE56UFNKMGFYUnNaWE4wZVd4bElqNUVZWFJsYmlCNmRYSWdVR1Z5YzI5dVBDOXdQangwWVdKc1pTQmpiR0Z6Y3owaWNHRnlZVzFsZEdWeWN5SStQSGh6YkRwcFppQjBaWE4wUFNKemRISnBibWNvTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTl6WVcxc01qcEJkSFJ5YVdKMWRHVlRkR0YwWlcxbGJuUXZjMkZ0YkRJNlFYUjBjbWxpZFhSbFcwQk9ZVzFsUFNkMWNtNDZiMmxrT2pJdU5TNDBMalF5SjEwdmMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVXBJajQ4ZEhJK1BIUmtJR05zWVhOelBTSnBkR0ZzYVdOemRIbHNaU0krVm05eWJtRnRaVG9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakl1TlM0MExqUXlKMTB2YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVaUlDOCtQQzkwWkQ0OEwzUnlQand2ZUhOc09tbG1Qang0YzJ3NmFXWWdkR1Z6ZEQwaWMzUnlhVzVuS0M5ellXMXNNanBCYzNObGNuUnBiMjR2YzJGdGJESTZRWFIwY21saWRYUmxVM1JoZEdWdFpXNTBMM05oYld3eU9rRjBkSEpwWW5WMFpWdEFUbUZ0WlQwbmRYSnVPbTlwWkRveExqSXVOREF1TUM0eE1DNHlMakV1TVM0eU5qRXVNakFuWFM5ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTa2lQangwY2o0OGRHUWdZMnhoYzNNOUltbDBZV3hwWTNOMGVXeGxJajVPWVdOb2JtRnRaVG9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0eU1DZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhlSE5zT21sbUlIUmxjM1E5SW5OMGNtbHVaeWd2YzJGdGJESTZRWE56WlhKMGFXOXVMM05oYld3eU9rRjBkSEpwWW5WMFpWTjBZWFJsYldWdWRDOXpZVzFzTWpwQmRIUnlhV0oxZEdWYlFFNWhiV1U5SjNWeWJqcHZhV1E2TVM0eUxqUXdMakF1TVRBdU1pNHhMakV1TlRVblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU2tpUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1SFpXSjFjblJ6WkdGMGRXMDZJRHd2ZEdRK1BIUmtJR05zWVhOelBTSnViM0p0WVd4emRIbHNaU0krUEhoemJEcDJZV3gxWlMxdlppQnpaV3hsWTNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5kWEp1T205cFpEb3hMakl1TkRBdU1DNHhNQzR5TGpFdU1TNDFOU2RkTDNOaGJXd3lPa0YwZEhKcFluVjBaVlpoYkhWbElpQXZQand2ZEdRK1BDOTBjajQ4TDNoemJEcHBaajQ4ZUhOc09tbG1JSFJsYzNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5kWEp1T205cFpEb3hMakl1TkRBdU1DNHhNQzR5TGpFdU1TNHlOakV1T1RBblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0krUEhSeVBqeDBaQ0JqYkdGemN6MGlhWFJoYkdsamMzUjViR1VpUGxadmJHeHRZV05vZERvZ1BDOTBaRDQ4ZEdRZ1kyeGhjM005SW01dmNtMWhiSE4wZVd4bElqNDhlSE5zT25SbGVIUStTV05vSUcxbGJHUmxJRzFwWTJnZ2FXNGdWbVZ5ZEhKbGRIVnVaeUJoYmk0Z1NXMGdic09rWTJoemRHVnVJRk5qYUhKcGRIUWdkMmx5WkNCdGFYSWdaV2x1WlNCTWFYTjBaU0JrWlhJZ1pzTzhjaUJ0YVdOb0lIWmxjbWJEdkdkaVlYSmxiaUJXWlhKMGNtVjBkVzVuYzNabGNtakRwR3gwYm1semMyVWdZVzVuWlhwbGFXZDBMQ0JoZFhNZ1pHVnVaVzRnYVdOb0lHVnBibVZ6SUdGMWMzZkRwR2hzWlc0Z2QyVnlaR1V1UEM5NGMydzZkR1Y0ZEQ0OEwzUmtQand2ZEhJK1BDOTRjMnc2YVdZK1BDOTBZV0pzWlQ0OGNDQmpiR0Z6Y3owaWRHbDBiR1Z6ZEhsc1pTSStSR0YwWlc0Z2VuVnlJRUZ1ZDJWdVpIVnVaend2Y0Q0OGRHRmliR1VnWTJ4aGMzTTlJbkJoY21GdFpYUmxjbk1pUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1SlpHVnVkR2xtYVd0aGRHOXlPaUE4TDNSa1BqeDBaQ0JqYkdGemN6MGlibTl5YldGc2MzUjViR1VpUGp4NGMydzZkbUZzZFdVdGIyWWdjMlZzWldOMFBTSXZjMkZ0YkRJNlFYTnpaWEowYVc5dUwzTmhiV3d5T2tGMGRISnBZblYwWlZOMFlYUmxiV1Z1ZEM5ellXMXNNanBCZEhSeWFXSjFkR1ZiUUU1aGJXVTlKMmgwZEhBNkx5OWxhV1F1WjNZdVlYUXZaVWxFTDJGMGRISnBZblYwWlhNdlUyVnlkbWxqWlZCeWIzWnBaR1Z5Vlc1cGNYVmxTV1FuWFM5ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTSWdMejQ4TDNSa1Bqd3ZkSEkrUEhoemJEcHBaaUIwWlhOMFBTSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5ellXMXNNanBCZEhSeWFXSjFkR1ZUZEdGMFpXMWxiblF2YzJGdGJESTZRWFIwY21saWRYUmxXMEJPWVcxbFBTZG9kSFJ3T2k4dlpXbGtMbWQyTG1GMEwyVkpSQzloZEhSeWFXSjFkR1Z6TDFObGNuWnBZMlZRY205MmFXUmxja1p5YVdWdVpHeDVUbUZ0WlNkZEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxLU0krUEhSeVBqeDBaQ0JqYkdGemN6MGlhWFJoYkdsamMzUjViR1VpUGs1aGJXVTZJRHd2ZEdRK1BIUmtJR05zWVhOelBTSnViM0p0WVd4emRIbHNaU0krUEhoemJEcDJZV3gxWlMxdlppQnpaV3hsWTNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5hSFIwY0RvdkwyVnBaQzVuZGk1aGRDOWxTVVF2WVhSMGNtbGlkWFJsY3k5VFpYSjJhV05sVUhKdmRtbGtaWEpHY21sbGJtUnNlVTVoYldVblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0lnTHo0OEwzUmtQand2ZEhJK1BDOTRjMnc2YVdZK1BIaHpiRHBwWmlCMFpYTjBQU0p6ZEhKcGJtY29MM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2RvZEhSd09pOHZaV2xrTG1kMkxtRjBMMlZKUkM5aGRIUnlhV0oxZEdWekwxTmxjblpwWTJWUWNtOTJhV1JsY2tOdmRXNTBjbmxEYjJSbEoxMHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VwSWo0OGRISStQSFJrSUdOc1lYTnpQU0pwZEdGc2FXTnpkSGxzWlNJK1UzUmhZWFE2SUR3dmRHUStQSFJrSUdOc1lYTnpQU0p1YjNKdFlXeHpkSGxzWlNJK1BIaHpiRHAyWVd4MVpTMXZaaUJ6Wld4bFkzUTlJaTl6WVcxc01qcEJjM05sY25ScGIyNHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFUzUmhkR1Z0Wlc1MEwzTmhiV3d5T2tGMGRISnBZblYwWlZ0QVRtRnRaVDBuYUhSMGNEb3ZMMlZwWkM1bmRpNWhkQzlsU1VRdllYUjBjbWxpZFhSbGN5OVRaWEoyYVdObFVISnZkbWxrWlhKRGIzVnVkSEo1UTI5a1pTZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhMM1JoWW14bFBqeHdJR05zWVhOelBTSjBhWFJzWlhOMGVXeGxJajVVWldOb2JtbHpZMmhsSUZCaGNtRnRaWFJsY2p3dmNENDhkR0ZpYkdVZ1kyeGhjM005SW5CaGNtRnRaWFJsY25NaVBqeDBjajQ4ZEdRZ1kyeGhjM005SW1sMFlXeHBZM04wZVd4bElqNUVZWFIxYlRvOEwzUmtQangwWkNCamJHRnpjejBpYm05eWJXRnNjM1I1YkdVaVBqeDRjMnc2ZG1Gc2RXVXRiMllnYzJWc1pXTjBQU0p6ZFdKemRISnBibWNvTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTlBU1hOemRXVkpibk4wWVc1MExEa3NNaWtpSUM4K1BIaHpiRHAwWlhoMFBpNDhMM2h6YkRwMFpYaDBQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNKemRXSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5QVNYTnpkV1ZKYm5OMFlXNTBMRFlzTWlraUlDOCtQSGh6YkRwMFpYaDBQaTQ4TDNoemJEcDBaWGgwUGp4NGMydzZkbUZzZFdVdGIyWWdjMlZzWldOMFBTSnpkV0p6ZEhKcGJtY29MM05oYld3eU9rRnpjMlZ5ZEdsdmJpOUFTWE56ZFdWSmJuTjBZVzUwTERFc05Da2lJQzgrUEM5MFpENDhMM1J5UGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1VmFISjZaV2wwT2p3dmRHUStQSFJrSUdOc1lYTnpQU0p1YjNKdFlXeHpkSGxzWlNJK1BIaHpiRHAyWVd4MVpTMXZaaUJ6Wld4bFkzUTlJbk4xWW5OMGNtbHVaeWd2YzJGdGJESTZRWE56WlhKMGFXOXVMMEJKYzNOMVpVbHVjM1JoYm5Rc01USXNNaWtpSUM4K1BIaHpiRHAwWlhoMFBqbzhMM2h6YkRwMFpYaDBQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNKemRXSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5QVNYTnpkV1ZKYm5OMFlXNTBMREUxTERJcElpQXZQang0YzJ3NmRHVjRkRDQ2UEM5NGMydzZkR1Y0ZEQ0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGljM1ZpYzNSeWFXNW5LQzl6WVcxc01qcEJjM05sY25ScGIyNHZRRWx6YzNWbFNXNXpkR0Z1ZEN3eE9Dd3lLU0lnTHo0OEwzUmtQand2ZEhJK1BIUnlQangwWkNCamJHRnpjejBpYVhSaGJHbGpjM1I1YkdVaVBsUnlZVzV6WVd0MGFXOXVjMVJ2YTJWdU9pQThMM1JrUGp4MFpDQmpiR0Z6Y3owaWJtOXliV0ZzYzNSNWJHVWlQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNJdmMyRnRiREk2UVhOelpYSjBhVzl1TDBCSlJDSWdMejQ4TDNSa1Bqd3ZkSEkrUEhoemJEcHBaaUIwWlhOMFBTSXZjMkZ0YkRJNlFYTnpaWEowYVc5dUwzTmhiV3d5T2tGMGRISnBZblYwWlZOMFlYUmxiV1Z1ZEM5ellXMXNNanBCZEhSeWFXSjFkR1ZiUUU1aGJXVTlKM1Z5YmpwdmFXUTZNUzR5TGpRd0xqQXVNVEF1TWk0eExqRXVNall4TGprd0oxMHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VpUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo0S0NRa0pDUWtKQ1FrSkNRbFdiMnhzYldGamFIUmxiaTFTWldabGNtVnVlam9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0NU1DZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhkSElnWTJ4aGMzTTlJbWhwWkdSbGJpSStQSFJrSUdOc1lYTnpQU0pwZEdGc2FXTnpkSGxzWlNJK1JHRjBZVlZTVERvZ1BDOTBaRDQ4ZEdRZ1kyeGhjM005SW01dmNtMWhiSE4wZVd4bElqNDhlSE5zT25aaGJIVmxMVzltSUhObGJHVmpkRDBpTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTl6WVcxc01qcERiMjVrYVhScGIyNXpMM05oYld3eU9rRjFaR2xsYm1ObFVtVnpkSEpwWTNScGIyNHZjMkZ0YkRJNlFYVmthV1Z1WTJVaUlDOCtQQzkwWkQ0OEwzUnlQang0YzJ3NmFXWWdkR1Z6ZEQwaUwzTmhiV3d5T2tGemMyVnlkR2x2Ymk5ellXMXNNanBEYjI1a2FYUnBiMjV6TDBCT2IzUlBiazl5UVdaMFpYSWlQangwY2lCamJHRnpjejBpYUdsa1pHVnVJajQ4ZEdRZ1kyeGhjM005SW1sMFlXeHBZM04wZVd4bElqNUJkWFJvUW14dlkydFdZV3hwWkZSdk9pQThMM1JrUGp4MFpDQmpiR0Z6Y3owaWJtOXliV0ZzYzNSNWJHVWlQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNJdmMyRnRiREk2UVhOelpYSjBhVzl1TDNOaGJXd3lPa052Ym1ScGRHbHZibk12UUU1dmRFOXVUM0pCWm5SbGNpSWdMejQ4TDNSa1Bqd3ZkSEkrUEM5NGMydzZhV1krUEM5MFlXSnNaVDQ4TDJKdlpIaytQQzlvZEcxc1Bqd3ZlSE5zT25SbGJYQnNZWFJsUGp3dmVITnNPbk4wZVd4bGMyaGxaWFErUEM5a2MybG5PbFJ5WVc1elptOXliVDQ4WkhOcFp6cFVjbUZ1YzJadmNtMGdRV3huYjNKcGRHaHRQU0pvZEhSd09pOHZkM2QzTG5jekxtOXlaeTh5TURBeEx6RXdMM2h0YkMxbGVHTXRZekUwYmlNaUlDOCtQQzlrYzJsbk9sUnlZVzV6Wm05eWJYTStQR1J6YVdjNlJHbG5aWE4wVFdWMGFHOWtJRUZzWjI5eWFYUm9iVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01TOHdOQzk0Yld4bGJtTWpjMmhoTWpVMklpQXZQanhrYzJsbk9rUnBaMlZ6ZEZaaGJIVmxQbXBoTUhSSlVEQkJVVEU0ZGk4NFpsVmpOR1kxYVhsSGNIWXhXVGhFYWpGUGJDODVNa2RTU0V0Q2EyYzlQQzlrYzJsbk9rUnBaMlZ6ZEZaaGJIVmxQand2WkhOcFp6cFNaV1psY21WdVkyVStQR1J6YVdjNlVtVm1aWEpsYm1ObElFbGtQU0psZEhOcExXUmhkR0V0Y21WbVpYSmxibU5sTFRFdE1TSWdWSGx3WlQwaWFIUjBjRG92TDNWeWFTNWxkSE5wTG05eVp5OHdNVGt3TXlOVGFXZHVaV1JRY205d1pYSjBhV1Z6SWlCVlVrazlJaU5sZEhOcExYTnBaMjVsWkhCeWIzQmxjblJwWlhNdE1TMHhJajQ4WkhOcFp6cEVhV2RsYzNSTlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekEwTDNodGJHVnVZeU56YUdFeU5UWWlJQzgrUEdSemFXYzZSR2xuWlhOMFZtRnNkV1UrTVZGVWFXNTBPR1Y1UXpsNFVFbExXR0ZxYzJ0cmVUWmlMM2MzY20xV1JEUldZMjQwUjFkMVJrMVZjejA4TDJSemFXYzZSR2xuWlhOMFZtRnNkV1UrUEM5a2MybG5PbEpsWm1WeVpXNWpaVDQ4TDJSemFXYzZVMmxuYm1Wa1NXNW1iejQ4WkhOcFp6cFRhV2R1WVhSMWNtVldZV3gxWlNCSlpEMGljMmxuYm1GMGRYSmxkbUZzZFdVdE1TMHhJajVLT0ROMFdUUnhUMWhGWVhWNWMxVXhMM1pUZWtzMk1EbDBNRWRKUm5sQlJUZFVkR05LYmpsRmNXZGFXa3RHTmxNMWVVRllURTlzZEhsc1JVdFBZV015TW1zMUsxaHlaRlZ0ZFV0NGFtNHdMekZQWTNwSFJqRTNlR1pYYXpORWFtbHdUMDlqZFVOM2VYQlZTV3BWTW5KVEt6RldkMnhxVUU4NGNIY3hTSGR3VEZaa1JtbFJjVzkzZVU5NFRGTkJlV05VUlV4Ukx6bHhRVTFaTm05UFpscFBiMEZhVTNaVFpXOVJVazVhVFN0YUwyTjZOalZDZUhwdFZrUklkMjgwYmxkemJTOXdVWEpSYmtkblVGQTFORmRNVWpSc1YyOXZWV2xqU1ZkdVEyMW5ZbVV6WVdkUVoybFBNVTlITVV4SWNuTkVNbXBrY0VKeGJITkJjWGR2Y0U1Qk5ta3dXbkE1Y3pFNVNEWk1VbWxsTjBKNE9EUnpSbmxLWlhNMU5qWTFaRkp4WlhoWFpub3ZOVGhaU0ZndmMzWkdOWEpDZUhjMVVHcEtZbGhYYmxKNlptcHpORXM0YzBSeVdsQmFhSEZSU0hwQ1Zub3pTV2M5UFR3dlpITnBaenBUYVdkdVlYUjFjbVZXWVd4MVpUNDhaSE5wWnpwTFpYbEpibVp2UGp4a2MybG5PbGcxTURsRVlYUmhQanhrYzJsbk9sZzFNRGxEWlhKMGFXWnBZMkYwWlQ1TlNVbEdNV3BEUTBKTU5tZEJkMGxDUVdkSlJWRnpNVEpxVkVGT1FtZHJjV2hyYVVjNWR6QkNRVkZ6UmtGRVEwSnZWRVZNVFVGclIwRXhWVVZDWjNkRFVWWlJlRk5FUWtkQ1owNVdRa0Z2VFZBd1JYUldTRW94WXpOUloxSXlWbnBNYVVKdFRHbENWR0ZYVG05YVdFcHZXbGRzTUdNelRqVmpNMUpzWWxkVloyRlhNR2RhVjNoc1lUTlNlVXhwUWtWWldGSnNZbTVhYkdOdGRHeGhTRWxuVWpJeGFWTkVSV3BOUTBWSFFURlZSVU4zZDJGWlV6RjZZVmRrZFV4V1FubGFWekZ3WkZjd2RGWkhWbnBrUXpGVVlWZGpkRTFFU1hoSmVrRm9RbWRPVmtKQlRVMUhiVVYwWXpKc2JtSnBNVkZqYlZaMFlWaFdkRXhXVW14ak0xRjBWVEpzYmt4VVFYbE5RalJZUkZSRk5FMUVXWGhOZWtFMFRsUmpNVTlHYjFoRVZFbDZUVVJaZUUxNlFUUk9WR014VDBadmQxbEVSVXhOUVd0SFFURlZSVUpuZDBOUlZsRjRSbnBCVmtKblRsWkNRVTFOUkdzeGFHVkRRazVrV0U0d1dsaEtkRmxYTlhWTlVrMTNSVkZaUkZaUlVVVkVRWEJPWkZoT01GcFlTblJaVnpWMVRWRjNkME5uV1VSV1VWRnhSRUZPVGxsWVozaEdWRUZVUW1kT1ZrSkJWVTFFUkZWNFRVUmpNVTFFV1RCUFJFMTRUVlJEUTBGVFNYZEVVVmxLUzI5YVNXaDJZMDVCVVVWQ1FsRkJSR2RuUlZCQlJFTkRRVkZ2UTJkblJVSkJUWEo0YWtSM0sxZEplRE16Y1U1aU1sZG9kMDFSYUZGa0wyZEJXbTB5YWpkTFpIaGtZV2R5V1ZBemNqTnJSWGcyZWpaNFEzcFVibnBWWWl0SmJYUkljMUJFVkRZemRXcDRiWGRyTTAwelpsVktNV1J0ZHprMVJFdFlWV1ZGY2toNmVrSTVUVlI0Vml0a1prbHJSVGxQVkUweVpsaGxPVlpNU21aYVkwOXdUa2syVTNCb1JrSk1NMjFZUVVKRFRtRnVaREk0UTB0Vk9WQkhjek15WldaNk0xSlBiVUpHSzJ4TmVuVkJVekJYWVdOWVJFSllUa2xtVjBrNEwyeDBRMkZTVEd0clZIUXhhalpTV1dFeFpHeEVhVlZRY1hOamRpdFBhRE5PZUhrcmVrRlZSVlp2ZVZVdldHRmpiUzh2U0ZodWFuZHdLMEpQV1ZOcVJWVnhOMmhDYnpKdlZHd3ZlU3RPTjJoclJHcEVlRXR0UzFOb09HWkplbXRtZVVSMEszQkNOMnhJTm1wVVlteHdVbmRhYVhWc2VrMU9Ua2RLUm01QmFuZGxTVEl3VDJSbFFrVjBlR3RsWnpaVFRteHJNRTVIYVRKS2F6TnpRMEYzUlVGQllVOURRV3hSZDJkblNsRk5TVWRFUW1kbmNrSm5SVVpDVVdOQ1FWRlNNMDFJVlhkU1VWbEpTM2RaUWtKUlZVaE5RVXRIVDFkb01HUklRVFpNZVRrelpETmpkVmxUTVRCamJsWjZaRU0xYUdSRE9XcGFXRW93WTNrNWFFeFlUbkJhTWpSMFkwaEtiR0pYYkRGaVV6RjBZakpLY0dKSFZYUk5SRTVvVEcxT2VXUkVRWE5DWjJkeVFtZEZSa0pSWTNkQldWbG5ZVWhTTUdORWIzWk1NamxxWXpOQmRHUkhWbnBrUXpWb1RGaFNlV1JZVGpCTWJVWXdUREk1YW1NelFYZEZkMWxFVmxJd2FrSkJkM2REYjBGSlVtZGhabXByUjA5R1lqQjNZMmRaU1V0M1dVSkNVVlZJUVZGTlJWcHFRbXROUVc5SFEwTnpSMEZSVlVaQ2QzTkRUVUZuUjBKblVVRnFhMWxDUVZSQlNVSm5XVVZCU1RWSFFWRlJkMFYzV1VkQ1FVTlBVbWRGUjAxQmEwZENkMUZCYW10WlFrSm5SWGRNVVZsSFFrRkRUMUpuUlVaTlEwMTNTVkpaWW1GSVVqQmpTRTAyVEhrNU0yUXpZM1ZaVXpFd1kyNVdlbVJETldoa1F6bDNXa2hOZGtWM1NrWlVha0ZTUW1kT1ZraFJORVZEWjFGSlVqWjRPRVZqYzNGUGVITjNSR2RaUkZaU01GQkJVVWd2UWtGUlJFRm5Za0ZOUVd0SFFURlZaRVYzVVVOTlFVRjNXVUZaUkZaU01HZENSbXQzVm5wQlNVSm5XVVZCU1hOM1FWRkZkMU4zV1VkTGFXZEJSVkZGVlUxRlJYZFFkMWxKUzNkWlFrSlJWVWhCWjBWWFRUSm9NR1JJUVRaTWVUa3paRE5qZFZsVE1UQmpibFo2WkVNMWFHUkRPV3RpTWs1NlRESk9kMHd5UlhSak1teHVZbWt4ZDJOdFZuUmhXRlowVEZjeGRsbHRiSE5hVkVOQ2NtZFpSRlpTTUdaQ1NVZHRUVWxIYWsxSlIyZHZTVWRrYjBsSFlXaHZSMWhpUjFKb1kwUnZka3d5ZUd0WldFRjBaRWRXZW1SRE5XaE1XRko1WkZoT01FeHRSakJNTWpreFVGZEZkR015Ykc1aWFURlJZMjFXZEdGWVZuUk1WbEpzWXpOUmRGVXliRzVNVkVGNVNVTm9WRk5GUlhSTmFsVXlTMU40ZGxCVlJYUldTRW94WXpOUmMxbDZNVUpXUkRscVdsaEtNR0ZYV25CWk1rWXdXbGhLYkdSdE9XcFpXRkp3WWpJMWMyRllUakJRTWtwb1l6SlZMMkl5U25GYVYwNHdXVEo0YUdNelRUbGFWMnhyVVRKV2VXUkhiRzFoVjA1b1pFZHNkbUpyUmpGa1IyaDJZMjFzTUdWVVFVNUNaMnR4YUd0cFJ6bDNNRUpCVVhOR1FVRlBRMEZSUlVGTk1GQkVMekl6U20xUE16Wk5Uazk1SzNwYVFpOVVUSE5oUmpjNE1HMXRUMHRxY0dzeFdITllRWHBWVGt0YU5sTnlkQ3R0TUhVcksybFhiemxNT0VoR0wyeHllRk5FT0VkWVNtTkVURmxYUm1aNE56QnlORW81ZDFVNFN6ZHdSRWt4YmpsRmNXSkJjekJTSzNaWlZtNU1OVlZXVUM5MVZWRmxkekpYYkhBMU9GQkdjR2RCV0N0VUwxTkZNR05sWlV0NVRUaFlSVzVZVTNwbFRpOUZVM1JzUml0S1EyRkJPSFZ0Y1dwdFJFVnVZV1V6Y1hWeFUxVnNLMHhsYTFCVk9HazRSME56YmpVNWRYaDBibFZ1ZUVsTlMzY3paR2N2TjBRM1dUaE1ObFoxTkU1WE5FeGpiemRtYVRsRGNtRklRelJTVEV4MFpIaFliSFpQZGxGcFJWbHZSU3Q1TVRkbk1Ia3ZRemhPTkVSelkyaGFhWHBaZDNBd2NFOVNUMkpqWmt0V1RuQndWWFZMZFhOTmFIUnRVMnBzTUZaeEx5OWhkamhVVlhGU2NEVkdlalpYWTNwMFVFZEhVM2N3Um1WbGRsVkxSRzlETDBFOVBUd3ZaSE5wWnpwWU5UQTVRMlZ5ZEdsbWFXTmhkR1UrUEM5a2MybG5PbGcxTURsRVlYUmhQand2WkhOcFp6cExaWGxKYm1adlBqeGtjMmxuT2s5aWFtVmpkQ0JKWkQwaVpYUnphUzF6YVdkdVpXUXRNUzB4SWo0OFpYUnphVHBSZFdGc2FXWjVhVzVuVUhKdmNHVnlkR2xsY3lCNGJXeHVjenBsZEhOcFBTSm9kSFJ3T2k4dmRYSnBMbVYwYzJrdWIzSm5MekF4T1RBekwzWXhMak11TWlNaUlGUmhjbWRsZEQwaUkzTnBaMjVoZEhWeVpTMHhMVEVpUGp4bGRITnBPbE5wWjI1bFpGQnliM0JsY25ScFpYTWdTV1E5SW1WMGMya3RjMmxuYm1Wa2NISnZjR1Z5ZEdsbGN5MHhMVEVpUGp4bGRITnBPbE5wWjI1bFpGTnBaMjVoZEhWeVpWQnliM0JsY25ScFpYTStQR1YwYzJrNlUybG5ibWx1WjFScGJXVStNakF4T0Mwd05pMHhNMVF4TlRvME5qb3dPVm84TDJWMGMyazZVMmxuYm1sdVoxUnBiV1UrUEdWMGMyazZVMmxuYm1sdVowTmxjblJwWm1sallYUmxQanhsZEhOcE9rTmxjblErUEdWMGMyazZRMlZ5ZEVScFoyVnpkRDQ4WkhOcFp6cEVhV2RsYzNSTlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekEwTDNodGJHVnVZeU56YUdFeU5UWWlJQzgrUEdSemFXYzZSR2xuWlhOMFZtRnNkV1UrYW1WQmJFcHdTVEZIWkV0WlVXMVNOM1pRY25KVWNrZFdPVWRNT1M5MVdXeExNM0JyU1ROUWVtNHpiejA4TDJSemFXYzZSR2xuWlhOMFZtRnNkV1UrUEM5bGRITnBPa05sY25SRWFXZGxjM1ErUEdWMGMyazZTWE56ZFdWeVUyVnlhV0ZzUGp4a2MybG5PbGcxTURsSmMzTjFaWEpPWVcxbFBrTk9QV0V0YzJsbmJpMVFjbVZ0YVhWdExWUmxjM1F0VTJsbkxUQXlMRTlWUFdFdGMybG5iaTFRY21WdGFYVnRMVlJsYzNRdFUybG5MVEF5TEU4OVFTMVVjblZ6ZENCSFpYTXVJR1l1SUZOcFkyaGxjbWhsYVhSemMzbHpkR1Z0WlNCcGJTQmxiR1ZyZEhJdUlFUmhkR1Z1ZG1WeWEyVm9jaUJIYldKSUxFTTlRVlE4TDJSemFXYzZXRFV3T1VsemMzVmxjazVoYldVK1BHUnphV2M2V0RVd09WTmxjbWxoYkU1MWJXSmxjajR4TVRJd056WXhORGcxUEM5a2MybG5PbGcxTURsVFpYSnBZV3hPZFcxaVpYSStQQzlsZEhOcE9rbHpjM1ZsY2xObGNtbGhiRDQ4TDJWMGMyazZRMlZ5ZEQ0OEwyVjBjMms2VTJsbmJtbHVaME5sY25ScFptbGpZWFJsUGp4bGRITnBPbE5wWjI1aGRIVnlaVkJ2YkdsamVVbGtaVzUwYVdacFpYSStQR1YwYzJrNlUybG5ibUYwZFhKbFVHOXNhV041U1cxd2JHbGxaQ0F2UGp3dlpYUnphVHBUYVdkdVlYUjFjbVZRYjJ4cFkzbEpaR1Z1ZEdsbWFXVnlQand2WlhSemFUcFRhV2R1WldSVGFXZHVZWFIxY21WUWNtOXdaWEowYVdWelBqeGxkSE5wT2xOcFoyNWxaRVJoZEdGUFltcGxZM1JRY205d1pYSjBhV1Z6UGp4bGRITnBPa1JoZEdGUFltcGxZM1JHYjNKdFlYUWdUMkpxWldOMFVtVm1aWEpsYm1ObFBTSWpjbVZtWlhKbGJtTmxMVEV0TVNJK1BHVjBjMms2VFdsdFpWUjVjR1UrWVhCd2JHbGpZWFJwYjI0dmVHaDBiV3dyZUcxc1BDOWxkSE5wT2sxcGJXVlVlWEJsUGp3dlpYUnphVHBFWVhSaFQySnFaV04wUm05eWJXRjBQand2WlhSemFUcFRhV2R1WldSRVlYUmhUMkpxWldOMFVISnZjR1Z5ZEdsbGN6NDhMMlYwYzJrNlUybG5ibVZrVUhKdmNHVnlkR2xsY3o0OEwyVjBjMms2VVhWaGJHbG1lV2x1WjFCeWIzQmxjblJwWlhNK1BDOWtjMmxuT2s5aWFtVmpkRDQ4TDJSemFXYzZVMmxuYm1GMGRYSmxQanh6WVcxc01qcERiMjVrYVhScGIyNXpJRTV2ZEVKbFptOXlaVDBpTWpBeE9DMHdOaTB4TTFReE56bzBOam93T1Nzd01qb3dNQ0lnVG05MFQyNVBja0ZtZEdWeVBTSXlNREU0TFRBMkxURXpWREU0T2pBeE9qQTVLekF5T2pBd0lqNDhjMkZ0YkRJNlFYVmthV1Z1WTJWU1pYTjBjbWxqZEdsdmJqNDhjMkZ0YkRJNlFYVmthV1Z1WTJVK2FIUjBjSE02THk5bGFXUXVaM1l1WVhRdmJXOWhMV2xrTFdGMWRHZ3ZjMnd5TUM5a1lYUmhWWEpzUDNCbGJtUnBibWRwWkQwME9UYzFOelUxTXpjNE16azBNRFF4TkRnMlBDOXpZVzFzTWpwQmRXUnBaVzVqWlQ0OEwzTmhiV3d5T2tGMVpHbGxibU5sVW1WemRISnBZM1JwYjI0K1BDOXpZVzFzTWpwRGIyNWthWFJwYjI1elBqeHpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RK1BITmhiV3d5T2tGMGRISnBZblYwWlNCR2NtbGxibVJzZVU1aGJXVTlJbEJXVUMxV1JWSlRTVTlPSWlCT1lXMWxQU0oxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0eE1DSWdUbUZ0WlVadmNtMWhkRDBpZFhKdU9tOWhjMmx6T201aGJXVnpPblJqT2xOQlRVdzZNaTR3T21GMGRISnVZVzFsTFdadmNtMWhkRHAxY21raVBqeHpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0I0Yld4dWN6cDRjMms5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01ERXZXRTFNVTJOb1pXMWhMV2x1YzNSaGJtTmxJaUI0YzJrNmRIbHdaVDBpZUhNNmMzUnlhVzVuSWo0eUxqRThMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsUGp3dmMyRnRiREk2UVhSMGNtbGlkWFJsUGp4ellXMXNNanBCZEhSeWFXSjFkR1VnUm5KcFpXNWtiSGxPWVcxbFBTSlFVa2xPUTBsUVFVd3RUa0ZOUlNJZ1RtRnRaVDBpZFhKdU9tOXBaRG94TGpJdU5EQXVNQzR4TUM0eUxqRXVNUzR5TmpFdU1qQWlJRTVoYldWR2IzSnRZWFE5SW5WeWJqcHZZWE5wY3pwdVlXMWxjenAwWXpwVFFVMU1Pakl1TURwaGRIUnlibUZ0WlMxbWIzSnRZWFE2ZFhKcElqNDhjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VnZUcxc2JuTTZlSE5wUFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZUzFwYm5OMFlXNWpaU0lnZUhOcE9uUjVjR1U5SW5oek9uTjBjbWx1WnlJK1RYVnpkR1Z5YldGdWJqd3ZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1UrUEM5ellXMXNNanBCZEhSeWFXSjFkR1UrUEhOaGJXd3lPa0YwZEhKcFluVjBaU0JHY21sbGJtUnNlVTVoYldVOUlrZEpWa1ZPTFU1QlRVVWlJRTVoYldVOUluVnlianB2YVdRNk1pNDFMalF1TkRJaUlFNWhiV1ZHYjNKdFlYUTlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qSXVNRHBoZEhSeWJtRnRaUzFtYjNKdFlYUTZkWEpwSWo0OGMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVWdlRzFzYm5NNmVITnBQU0pvZEhSd09pOHZkM2QzTG5jekxtOXlaeTh5TURBeEwxaE5URk5qYUdWdFlTMXBibk4wWVc1alpTSWdlSE5wT25SNWNHVTlJbmh6T25OMGNtbHVaeUkrVFdGNFBDOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaVDQ4TDNOaGJXd3lPa0YwZEhKcFluVjBaVDQ4YzJGdGJESTZRWFIwY21saWRYUmxJRVp5YVdWdVpHeDVUbUZ0WlQwaVFrbFNWRWhFUVZSRklpQk9ZVzFsUFNKMWNtNDZiMmxrT2pFdU1pNDBNQzR3TGpFd0xqSXVNUzR4TGpVMUlpQk9ZVzFsUm05eWJXRjBQU0oxY200NmIyRnphWE02Ym1GdFpYTTZkR002VTBGTlREb3lMakE2WVhSMGNtNWhiV1V0Wm05eWJXRjBPblZ5YVNJK1BITmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxJSGh0Ykc1ek9uaHphVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01TOVlUVXhUWTJobGJXRXRhVzV6ZEdGdVkyVWlJSGh6YVRwMGVYQmxQU0o0Y3pwemRISnBibWNpUGpFNU5EQXRNREV0TURFOEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxQand2YzJGdGJESTZRWFIwY21saWRYUmxQanh6WVcxc01qcEJkSFJ5YVdKMWRHVWdSbkpwWlc1a2JIbE9ZVzFsUFNKVFpYSjJhV05sVUhKdmRtbGtaWEl0Vlc1cGNYVmxTV1FpSUU1aGJXVTlJbWgwZEhBNkx5OWxhV1F1WjNZdVlYUXZaVWxFTDJGMGRISnBZblYwWlhNdlUyVnlkbWxqWlZCeWIzWnBaR1Z5Vlc1cGNYVmxTV1FpSUU1aGJXVkdiM0p0WVhROUluVnlianB2WVhOcGN6cHVZVzFsY3pwMFl6cFRRVTFNT2pJdU1EcGhkSFJ5Ym1GdFpTMW1iM0p0WVhRNmRYSnBJajQ4YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVZ2VHMXNibk02ZUhOcFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4TDFoTlRGTmphR1Z0WVMxcGJuTjBZVzVqWlNJZ2VITnBPblI1Y0dVOUluaHpPbk4wY21sdVp5SSthSFIwY0hNNkx5OWlhVzVrYVc1bkxtOWxjM1JsY25KbGFXTm9MbWQyTG1GMEwyRjFkR2d2YzNBdlRXVjBZV1JoZEdFOEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxQand2YzJGdGJESTZRWFIwY21saWRYUmxQanh6WVcxc01qcEJkSFJ5YVdKMWRHVWdSbkpwWlc1a2JIbE9ZVzFsUFNKVFpYSjJhV05sVUhKdmRtbGtaWEl0Um5KcFpXNWtiSGxPWVcxbElpQk9ZVzFsUFNKb2RIUndPaTh2Wldsa0xtZDJMbUYwTDJWSlJDOWhkSFJ5YVdKMWRHVnpMMU5sY25acFkyVlFjbTkyYVdSbGNrWnlhV1Z1Wkd4NVRtRnRaU0lnVG1GdFpVWnZjbTFoZEQwaWRYSnVPbTloYzJsek9tNWhiV1Z6T25Sak9sTkJUVXc2TWk0d09tRjBkSEp1WVcxbExXWnZjbTFoZERwMWNta2lQanh6WVcxc01qcEJkSFJ5YVdKMWRHVldZV3gxWlNCNGJXeHVjenA0YzJrOUltaDBkSEE2THk5M2QzY3Vkek11YjNKbkx6SXdNREV2V0UxTVUyTm9aVzFoTFdsdWMzUmhibU5sSWlCNGMyazZkSGx3WlQwaWVITTZjM1J5YVc1bklqNUNhVzVrYVc1bklGTmxjblpwWTJVZ1pzTzhjaUJ2WlM1bmRpNWhkRHd2YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVK1BDOXpZVzFzTWpwQmRIUnlhV0oxZEdVK1BITmhiV3d5T2tGMGRISnBZblYwWlNCR2NtbGxibVJzZVU1aGJXVTlJbE5sY25acFkyVlFjbTkyYVdSbGNpMURiM1Z1ZEhKNVEyOWtaU0lnVG1GdFpUMGlhSFIwY0RvdkwyVnBaQzVuZGk1aGRDOWxTVVF2WVhSMGNtbGlkWFJsY3k5VFpYSjJhV05sVUhKdmRtbGtaWEpEYjNWdWRISjVRMjlrWlNJZ1RtRnRaVVp2Y20xaGREMGlkWEp1T205aGMybHpPbTVoYldWek9uUmpPbE5CVFV3Nk1pNHdPbUYwZEhKdVlXMWxMV1p2Y20xaGREcDFjbWtpUGp4ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTQjRiV3h1Y3pwNGMyazlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5Mekl3TURFdldFMU1VMk5vWlcxaExXbHVjM1JoYm1ObElpQjRjMms2ZEhsd1pUMGllSE02YzNSeWFXNW5JajVCVkR3dmMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVStQQzl6WVcxc01qcEJkSFJ5YVdKMWRHVStQQzl6WVcxc01qcEJkSFJ5YVdKMWRHVlRkR0YwWlcxbGJuUStQQzl6WVcxc01qcEJjM05sY25ScGIyNCsiDQogIH0NCn0.WgPyI2KiVzp2DzbC6AfbDlQbXEYk-hL78-bfzj_b_IXwyHmuENwHA8MslDHOe1bYd3mlSTnoAUE20igmXM6gnFOe4pQes2i5d8YAnYRspbwhj86sn5_vMyGfHtBsApP3MqjcSHL24vo6DHqKYqN85FMGq6GnPub9HGbeIgMAvECuH0ZCqY5MDWj4FI2OA5Jrn2fyBY1CebF5NdTSUeBJMjG_q-cpTnWmkcELKXTNJg9ihkHR8FkBjt8xh2YWh9Opk_0RrUIZI5U9YC4Xc-Hgj7C7YplA4Pr0_SUHdqH_86xF7GcMMuC5Bs8EU22lejxhxwz0BzPPg2Ws0LJ8RGAm0A" +}
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json new file mode 100644 index 000000000..0513709e2 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json @@ -0,0 +1,8 @@ +{"result": + { + "EID-IDENTITY-LINK": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDpBc3NlcnRpb24geG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmFzc2VydGlvbiIgeG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgeG1sbnM6ZWNkc2E9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlIyIgeG1sbnM6cHI9Imh0dHA6Ly9yZWZlcmVuY2UuZS1nb3Zlcm5tZW50Lmd2LmF0L25hbWVzcGFjZS9wZXJzb25kYXRhLzIwMDIwMjI4IyIgeG1sbnM6c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiBBc3NlcnRpb25JRD0ic3pyLmJtaS5ndi5hdC1Bc3NlcnRpb25JRDE0Njc2MTY4NDU1MTg2OTkiIElzc3VlSW5zdGFudD0iMjAxNi0wNy0wNFQwOToyMDo0NSswMTowMCIgSXNzdWVyPSJodHRwOi8vcG9ydGFsLmJtaS5ndi5hdC9yZWYvc3pyL2lzc3VlciIgTWFqb3JWZXJzaW9uPSIxIiBNaW5vclZlcnNpb249IjAiPgoJPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJCTxzYW1sOlN1YmplY3Q+CgkJCTxzYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJCQk8c2FtbDpDb25maXJtYXRpb25NZXRob2Q+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmNtOnNlbmRlci12b3VjaGVzPC9zYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD4KCQkJCTxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhPgoJCQkJCTxwcjpQZXJzb24gc2k6dHlwZT0icHI6UGh5c2ljYWxQZXJzb25UeXBlIj48cHI6SWRlbnRpZmljYXRpb24+PHByOlZhbHVlPkFUL0NaL3hXRTB2RldhcnpwelNMNExZbHBzdDliNnZnMD08L3ByOlZhbHVlPjxwcjpUeXBlPnVybjpwdWJsaWNpZDpndi5hdDplaWRhc2lkK0FUK0NaPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24+PHByOk5hbWU+PHByOkdpdmVuTmFtZT5YWFhNYXJpYS1UaGVyZXNpYSBLdW5pZ3VuZGE8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPlhYWEhhYnNidXJnLUxvdGhyaW5nZW48L3ByOkZhbWlseU5hbWU+PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4xOTgwLTAyLTI5PC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj4KCQkJCTwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KCQkJPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJPC9zYW1sOlN1YmplY3Q+Cgk8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXplblB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJ1cm46cHVibGljaWQ6Z3YuYXQ6bmFtZXNwYWNlczppZGVudGl0eWxpbms6MS4yIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT48ZWNkc2E6RUNEU0FLZXlWYWx1ZT48ZWNkc2E6RG9tYWluUGFyYW1ldGVycz48ZWNkc2E6TmFtZWRDdXJ2ZSBVUk49InVybjpvaWQ6MS4yLjg0MC4xMDA0NS4zLjEuNyIvPjwvZWNkc2E6RG9tYWluUGFyYW1ldGVycz48ZWNkc2E6UHVibGljS2V5PjxlY2RzYTpYIFZhbHVlPSI0OTYyOTAyMjY5NzQ3NDYwMjQ5NzcwNzQ3MzIzODI0NjkxNDYxMDIxNzUzNTY4OTc5ODUyNzMxMzYyMDE1NzEwOTYxNDM1NTI0Mjk4OCIgc2k6dHlwZT0iZWNkc2E6UHJpbWVGaWVsZEVsZW1UeXBlIi8+PGVjZHNhOlkgVmFsdWU9Ijc3MTExNTYwNzEzNzU1OTE0NDUwNzM2MDQxNzUxNjE1MTEyNDAyMzEwNjQ5ODMyMTQ3NzMxNjA5MjIxNzEwNDY1MDY1NTAxMzU2NDkyIiBzaTp0eXBlPSJlY2RzYTpQcmltZUZpZWxkRWxlbVR5cGUiLz48L2VjZHNhOlB1YmxpY0tleT48L2VjZHNhOkVDRFNBS2V5VmFsdWU+PC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIEF0dHJpYnV0ZU5hbWU9IkNpdGl6ZW5QdWJsaWNLZXkiIEF0dHJpYnV0ZU5hbWVzcGFjZT0idXJuOnB1YmxpY2lkOmd2LmF0Om5hbWVzcGFjZXM6aWRlbnRpdHlsaW5rOjEuMiI+PHNhbWw6QXR0cmlidXRlVmFsdWU+PGRzaWc6UlNBS2V5VmFsdWU+PGRzaWc6TW9kdWx1cz4xQkZPaXRpUVVjMWxBSERHa3NuZVhXWkdLR2FGQmN1MDNIRWlJRnNqSGpOdC9JZlJaNEl6cUhvdFVLSXR4bkNkTnRzRmMxTWtNSmcrCmcwQVhIc3VVNk1OZ2NiY1hQYVBmbUhwKzgrQkpoK2FtREYzRm5BTjRjZUc4b0ZBR1ZFWnRlT2dmZFdrMXI1UlEyU0srMFB1WFB1THAKVGVlN0l6WHRrc1JlWmtWRWFkVUN4bi9oaVJYWmEwZEFCZ2tGZTNrU1hiRHI1dEtYT0YwRkN0TEtoWkJJOXorTmJYK2FUU0tPbUFPcQo0anl5bW9vNUVQM0wraVBlY3JVd0hpakQwQm04OWgxSmp4UDUyMWZrWWUzU2krMEo0MG9rcm1DQ1FIQnIrSXpCMXVYOThwS2h2czdYCjZyUGpPSjZsQndQN1hqSzdEMTI4UC9jZzRlSDZ2NThjQ2ZiTGNRPT08L2RzaWc6TW9kdWx1cz48ZHNpZzpFeHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PjwvZHNpZzpSU0FLZXlWYWx1ZT48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJCjxkc2lnOlNpZ25hdHVyZSBJZD0ic2lnbmF0dXJlLTEtMSIgeG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzaWc6U2lnbmVkSW5mbz48ZHNpZzpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUiLz48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz48ZHNpZzpSZWZlcmVuY2UgSWQ9InJlZmVyZW5jZS0xLTEiIFVSST0iIj48ZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PC9kc2lnOlRyYW5zZm9ybXM+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHNpZzpEaWdlc3RWYWx1ZT5FK0JYSDBDMkY2RVlIamRKck9VS3IrRHNLVDg9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U+PC9kc2lnOlNpZ25lZEluZm8+PGRzaWc6U2lnbmF0dXJlVmFsdWU+SHZqNDBtOXJpZHAySE96ODFNVEFxemYwcStzWkM1WWVLcEpQNDNlSzVHMUhOSDEvRE5HVS9yLzZJVlBpYlU5WQpZR1lKb1hwem54UkZpYkVRNmRGQ0hBYU5QeUFEbWRHSHlKU1dyeUk1eXBBYXA0WThNSm5hVUdTV1k0OUlaYmh0ClBqZktXQjJqVU56ajFUMnU2ZWJJaWZBVGhBSzhacUlFK2U1dWFSK3FyckxpY3hJaFhjU1pveVNjYkt4TXVUMVEKcDZ6TnNOQk9IdWpiVkFmS0ZVRThXbUdJbnl2dW9EZ2VyVXJBMFhzdFdXZzJNOWdoeXRjREp3WnBUWXdYdm1tbwpHVjQ3dWUwSVRydE0rUXFXVmJ0K2RITzgzNjlKRm5HUTloLzZoLzRqOWl5TnV4Zkc3dS9FeUhRaVN1eTArRlA4CjFsa0xzZzFZWCsycE4wSEVseVhWcXc9PTwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlFcXpDQ0JCU2dBd0lCQWdJSEFOdXg4MW9OZXpBTkJna3Foa2lHOXcwQkFRVUZBREJBTVNJd0lBWURWUVFECkV4bEpRVWxMSUZSbGMzUWdTVzUwWlhKdFpXUnBZWFJsSUVOQk1RMHdDd1lEVlFRS0V3UkpRVWxMTVFzd0NRWUQKVlFRR0V3SkJWREFlRncweE16QTVNamN3TlRNek16ZGFGdzB5TXpBNU1qY3dOVE16TXpkYU1JSGtNUXN3Q1FZRApWUVFHRXdKQlZERU5NQXNHQTFVRUJ4TUVSM0poZWpFbU1DUUdBMVVFQ2hNZFIzSmhlaUJWYm1sMlpYSnphWFI1CklHOW1JRlJsWTJodWIyeHZaM2t4U0RCR0JnTlZCQXNUUDBsdWMzUnBkSFYwWlNCbWIzSWdRWEJ3YkdsbFpDQkoKYm1admNtMWhkR2x2YmlCUWNtOWpaWE56YVc1bklHRnVaQ0JEYjIxdGRXNXBZMkYwYVc5dWN6RVVNQklHQTFVRQpCQk1MVFU5QkxWTlRJRlJsYzNReEdEQVdCZ05WQkNvVEQwVkhTVm9nVkdWemRIQnZjblJoYkRFa01DSUdBMVVFCkF4TWJSVWRKV2lCVVpYTjBjRzl5ZEdGc0lFMVBRUzFUVXlCVVpYTjBNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUYKQUFPQ0FROEFNSUlCQ2dLQ0FRRUF1RGpPeWYrbVkrb1FMMkZRenp1YWlDOEMyM3ZWS2JxL24yWmk3QnFTaWJaSAptdHFNSmZtajRwVCtoV1NOSHZWdldzYXhGY3g0S2VOcWRDTXp3bncxcjRQM1NmKzJvNXVGa3U1S0hFTUxNb2tSCnlZUUc5VnFZL0trQjk0eWU3UHY2elQ4Z3ZLcXhHRmc5NlVhbUVDZXA0c3dQYVNackE4QU9FUjVXQXR5R0R6S0kKVHorYTV6ZkZhVFhEb2JhN2Y5OFBDV1I5NnlLaUZqVk9oenAzOFdWejRWSmd6K2I4WlNZN1hzdjVLbjdEWGpPTApTVFg0TWV2RkxraTNyRlB1cDMrNHZHVG9hTUJXM1BFajY3SFhCZHFSODU1TGU2K0U2clZ4T1Jxc1hxbFZ3aHNJCjZudVMwQ08yTFdZbUJOUjFJQjBtWHRlZVlIL0hmeHZ1WmMrN3lEamRQUUlEQVFBQm80SUJoRENDQVlBd0RnWUQKVlIwUEFRSC9CQVFEQWdiQU1Bd0dBMVVkRXdFQi93UUNNQUF3SFFZRFZSME9CQllFRkVtY0g2Vlk0QkcxRUFHQgpUTG9OUjl2SC9nNnlNRkFHQTFVZEh3UkpNRWN3UmFCRG9FR0dQMmgwZEhBNkx5OWpZUzVwWVdsckxuUjFaM0poCmVpNWhkQzlqWVhCemJ5OWpjbXh6TDBsQlNVdFVaWE4wWDBsdWRHVnliV1ZrYVdGMFpVTkJMbU55YkRDQnFnWUkKS3dZQkJRVUhBUUVFZ1owd2dab3dTZ1lJS3dZQkJRVUhNQUdHUG1oMGRIQTZMeTlqWVM1cFlXbHJMblIxWjNKaAplaTVoZEM5allYQnpieTlQUTFOUVAyTmhQVWxCU1V0VVpYTjBYMGx1ZEdWeWJXVmthV0YwWlVOQk1Fd0dDQ3NHCkFRVUZCekFDaGtCb2RIUndPaTh2WTJFdWFXRnBheTUwZFdkeVlYb3VZWFF2WTJGd2MyOHZZMlZ5ZEhNdlNVRkoKUzFSbGMzUmZTVzUwWlhKdFpXUnBZWFJsUTBFdVkyVnlNQ0VHQTFVZEVRUWFNQmlCRm5Sb2IyMWhjeTVzWlc1NgpRR1ZuYVhvdVozWXVZWFF3SHdZRFZSMGpCQmd3Rm9BVWFLSmVFZHJlTDRCclJFUy9qZnBsTm9Fa3AyOHdEUVlKCktvWklodmNOQVFFRkJRQURnWUVBbEZHalV4WExzN1NBVDhOdFhTcnYyV3JqbGtsYVJuSFRGSExRd3lWbzhKV2IKZ3ZSa0hIRFV2Mm84b2ZYVVkyUjJXSjM4ZHhlRG9jY2diWHJKYi9RaGk4SVk3WWhDd3YvVHVJWkRpc3lBcW84VwpPUktTaXAvNkhXbEdDU1IvVmdvZXQxR3RDbUYwRm9VeEZVSUdTQXVRMnl5dDRmSXp0NUdKclUxWDV1ampJMXc9PC9kc2lnOlg1MDlDZXJ0aWZpY2F0ZT48L2RzaWc6WDUwOURhdGE+PC9kc2lnOktleUluZm8+PC9kc2lnOlNpZ25hdHVyZT48L3NhbWw6QXNzZXJ0aW9uPg==", + "EID-CITIZEN-QAA-LEVEL": "http://eidas.europa.eu/LoA/substantial", + "EID-CCS-URL": "https://localhost.org/demovda", + "EID-AUTH-BLOCK": "PHNhbWwyOkFzc2VydGlvbiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiBJRD0iXzU3MDEwYjdmY2M5M2NjNGNmM2YyYjc2NDM4OTEzN2MyIiBJc3N1ZUluc3RhbnQ9IjIwMTYtMDYtMDZUMTA6NDA6MDAuMDAwIiBWZXJzaW9uPSIyLjAiPg0KCTxzYW1sMjpJc3N1ZXIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDplbnRpdHkiPmh0dHBzOi8vZGVtby12ZGEuYXQvdmRhLXNlcnZpY2U8L3NhbWwyOklzc3Vlcj48ZHNpZzpTaWduYXR1cmUgSWQ9IlNpZ25hdHVyZS03NmUyZDZmYi0xIiB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHNpZzpTaWduZWRJbmZvIElkPSJTaWduZWRJbmZvLTc2ZTJkNmZiLTEiPjxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNlY2RzYS1zaGEyNTYiLz48ZHNpZzpSZWZlcmVuY2UgSWQ9IlJlZmVyZW5jZS03NmUyZDZmYi0xIiBVUkk9IiI+PGRzaWc6VHJhbnNmb3JtcyB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCgkJCQk8ZHNpZzpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8xOTk5L1JFQy14c2x0LTE5OTkxMTE2Ij48eHNsOnN0eWxlc2hlZXQgeG1sbnM6eHNsPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L1hTTC9UcmFuc2Zvcm0iIGV4Y2x1ZGUtcmVzdWx0LXByZWZpeGVzPSJzYW1sMiIgdmVyc2lvbj0iMS4wIiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PHhzbDpvdXRwdXQgbWV0aG9kPSJ4bWwiIHhtbDpzcGFjZT0iZGVmYXVsdCIvPjx4c2w6dGVtcGxhdGUgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiIG1hdGNoPSIvIj48aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCI+PGhlYWQ+PHRpdGxlPlNpZ25hdHVyIGRlciBBbm1lbGRlZGF0ZW48L3RpdGxlPjxzdHlsZSBtZWRpYT0ic2NyZWVuIiB0eXBlPSJ0ZXh0L2NzcyI+DQogICAgICAgICAgICAgIAkJCQkJLm5vcm1hbHN0eWxlIHsgZm9udC1zaXplOiBtZWRpdW07IH0gDQogICAgICAgICAgICAgIAkJCQkJLml0YWxpY3N0eWxlIHsgZm9udC1zaXplOiBtZWRpdW07IGZvbnQtc3R5bGU6IGl0YWxpYzsgfQ0KCQkJCQkJCQkudGl0bGVzdHlsZSB7IHRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7IGZvbnQtd2VpZ2h0OmJvbGQ7IGZvbnQtc2l6ZTogbWVkaXVtOyB9IA0KCQkJCQkJCQkuaDRzdHlsZSB7IGZvbnQtc2l6ZTogbGFyZ2U7IH0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA0KCQkJCQkJCQkuaGlkZGVuIHtkaXNwbGF5OiBub25lOyB9IA0KICAgICAgICAgICAgICAJCQkJPC9zdHlsZT48L2hlYWQ+PGJvZHk+PGg0IGNsYXNzPSJoNHN0eWxlIj5Bbm1lbGRlZGF0ZW46PC9oND48cCBjbGFzcz0idGl0bGVzdHlsZSI+RGF0ZW4genVyIFBlcnNvbjwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoyLjUuNC40MiddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlZvcm5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoyLjUuNC40MiddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5OYWNobmFtZTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4yMCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPkdlYnVydHNkYXR1bTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjU1J10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PHhzbDppZiB0ZXN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjkwJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5Wb2xsbWFjaHQ6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp0ZXh0PkljaCBtZWxkZSBtaWNoIGluIFZlcnRyZXR1bmcgYW4uIEltIG7DpGNoc3RlbiBTY2hyaXR0IHdpcmQgbWlyIGVpbmUgTGlzdGUgZGVyIGbDvHIgbWljaCB2ZXJmw7xnYmFyZW4gVmVydHJldHVuZ3N2ZXJow6RsdG5pc3NlIGFuZ2V6ZWlndCwgYXVzIGRlbmVuIGljaCBlaW5lcyBhdXN3w6RobGVuIHdlcmRlLjwveHNsOnRleHQ+PC90ZD48L3RyPjwveHNsOmlmPjwvdGFibGU+PHAgY2xhc3M9InRpdGxlc3R5bGUiPkRhdGVuIHp1ciBBbndlbmR1bmc8L3A+PHRhYmxlIGNsYXNzPSJwYXJhbWV0ZXJzIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+SWRlbnRpZmlrYXRvcjogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlclVuaXF1ZUlkJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPk5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J2h0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyQ291bnRyeUNvZGUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5TdGFhdDogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PC90YWJsZT48cCBjbGFzcz0idGl0bGVzdHlsZSI+VGVjaG5pc2NoZSBQYXJhbWV0ZXI8L3A+PHRhYmxlIGNsYXNzPSJwYXJhbWV0ZXJzIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+RGF0dW06PC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCw5LDIpIi8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDYsMikiLz48eHNsOnRleHQ+LjwveHNsOnRleHQ+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9InN1YnN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL0BJc3N1ZUluc3RhbnQsMSw0KSIvPjwvdGQ+PC90cj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+VWhyemVpdDo8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDEyLDIpIi8+PHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE1LDIpIi8+PHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE4LDIpIi8+PC90ZD48L3RyPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5UcmFuc2FrdGlvbnNUb2trZW46IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vQElEIi8+PC90ZD48L3RyPjx4c2w6aWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+DQoJCQkJCQkJCQkJCVZvbGxtYWNodGVuLVJlZmVyZW56OiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjkwJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PHRyIGNsYXNzPSJoaWRkZW4iPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPkRhdGFVUkw6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uL3NhbWwyOkF1ZGllbmNlIi8+PC90ZD48L3RyPjx4c2w6aWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpDb25kaXRpb25zL0BOb3RPbk9yQWZ0ZXIiPjx0ciBjbGFzcz0iaGlkZGVuIj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5BdXRoQmxvY2tWYWxpZFRvOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkNvbmRpdGlvbnMvQE5vdE9uT3JBZnRlciIvPjwvdGQ+PC90cj48L3hzbDppZj48L3RhYmxlPjwvYm9keT48L2h0bWw+PC94c2w6dGVtcGxhdGU+PC94c2w6c3R5bGVzaGVldD48L2RzaWc6VHJhbnNmb3JtPg0KCQkJCTxkc2lnOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1I1dpdGhDb21tZW50cyIvPg0KCQkJPC9kc2lnOlRyYW5zZm9ybXM+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PGRzaWc6RGlnZXN0VmFsdWU+QWFqRkVkQWx5NW45MWkyVVZvcVNuL0JKcjREVlpZeFBYM2RIcE9aUC9vdz08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVyZW5jZT48ZHNpZzpSZWZlcmVuY2UgSWQ9IlJlZmVyZW5jZS03NmUyZDZmYi0yIiBUeXBlPSJodHRwOi8vdXJpLmV0c2kub3JnLzAxOTAzI1NpZ25lZFByb3BlcnRpZXMiIFVSST0iI1NpZ25lZFByb3BlcnRpZXMtNzZlMmQ2ZmItMSI+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PGRzaWc6RGlnZXN0VmFsdWU+Nldac3lKNkYySUJLS3BsWDNacHJzQ0FJOVN0OXVmS0UyNWFlUDI1cDRkQT08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVyZW5jZT48L2RzaWc6U2lnbmVkSW5mbz48ZHNpZzpTaWduYXR1cmVWYWx1ZSBJZD0iU2lnbmF0dXJlVmFsdWUtNzZlMmQ2ZmItMSI+NzY1NndpVGRGWVZCTDlyOGdXemprWVhJWXNhTk9EWDBVUHVQVXRyTlpSYnhZY3BJdDNhVUpVaUZuR0FBVzhiRw0KSytGdnZXYkYweDMzMm9zeFFYRDZtUT09PC9kc2lnOlNpZ25hdHVyZVZhbHVlPjxkc2lnOktleUluZm8+PGRzaWc6WDUwOURhdGE+PGRzaWc6WDUwOUNlcnRpZmljYXRlPk1JSUZDVENDQS9HZ0F3SUJBZ0lFWDcxL21qQU5CZ2txaGtpRzl3MEJBUVVGQURDQm9URUxNQWtHQTFVRUJoTUMNClFWUXhTREJHQmdOVkJBb01QMEV0VkhKMWMzUWdSMlZ6TGlCbUxpQlRhV05vWlhKb1pXbDBjM041YzNSbGJXVWcNCmFXMGdaV3hsYTNSeUxpQkVZWFJsYm5abGNtdGxhSElnUjIxaVNERWpNQ0VHQTFVRUN3d2FZUzF6YVdkdUxWQnkNClpXMXBkVzB0VkdWemRDMVRhV2N0TURJeEl6QWhCZ05WQkFNTUdtRXRjMmxuYmkxUWNtVnRhWFZ0TFZSbGMzUXQNClUybG5MVEF5TUI0WERURTJNRGN3TkRBM01qRXdPRm9YRFRJd01ETXpNVEExTWpFd09Gb3dnYmN4Q3pBSkJnTlYNCkJBWU1Ba0ZVTVRzd09RWURWUVFERERKWVdGaE5ZWEpwWVMxVWFHVnlaWE5wWVNCTGRXNXBaM1Z1WkdFZ1dGaFkNClNHRmljMkoxY21jdFRHOTBhSEpwYm1kbGJqRWZNQjBHQTFVRUJBd1dXRmhZU0dGaWMySjFjbWN0VEc5MGFISnANCmJtZGxiakVrTUNJR0ExVUVLZ3diV0ZoWVRXRnlhV0V0VkdobGNtVnphV0VnUzNWdWFXZDFibVJoTVJVd0V3WUQNClZRUUZEQXc0TWpnM05EZ3hNamM0TVRJeERUQUxCZ05WQkF3TUJFMWhaeTR3V1RBVEJnY3Foa2pPUFFJQkJnZ3ENCmhrak9QUU1CQndOQ0FBUnR1UWdLYTdpR013RHdVM0E3a1J2VzM0NXA2dVU1bUFRQURRWlpHVUZmN0twN21NRGkNCnZUWVNLcFREMjI2MTcrRXVrRGJ2dHVxdVpGd2ZscEtOZkhITW80SUIrakNDQWZZd2dZVUdDQ3NHQVFVRkJ3RUINCkJIa3dkekJIQmdnckJnRUZCUWN3QW9ZN2FIUjBjRG92TDNkM2R5NWhMWFJ5ZFhOMExtRjBMMk5sY25SekwyRXQNCmMybG5iaTFRY21WdGFYVnRMVlJsYzNRdFUybG5MVEF5WVM1amNuUXdMQVlJS3dZQkJRVUhNQUdHSUdoMGRIQTYNCkx5OXZZM053TFhSbGMzUXVZUzEwY25WemRDNWhkQzl2WTNOd01BNEdBMVVkRHdFQi93UUVBd0lHd0RBbkJnZ3INCkJnRUZCUWNCQXdFQi93UVlNQll3Q0FZR0JBQ09SZ0VCTUFvR0NDc0dBUVVGQndzQk1JR2tCZ05WSFI4RWdad3cNCmdaa3dnWmFnZ1pPZ2daQ0dnWTFzWkdGd09pOHZiR1JoY0MxMFpYTjBMbUV0ZEhKMWMzUXVZWFF2YjNVOVlTMXoNCmFXZHVMVkJ5WlcxcGRXMHRWR1Z6ZEMxVGFXY3RNRElzYnoxQkxWUnlkWE4wTEdNOVFWUS9ZMlZ5ZEdsbWFXTmgNCmRHVnlaWFp2WTJGMGFXOXViR2x6ZEQ5aVlYTmxQMjlpYW1WamRHTnNZWE56UFdWcFpFTmxjblJwWm1sallYUnANCmIyNUJkWFJvYjNKcGRIa3dDUVlEVlIwVEJBSXdBREJaQmdOVkhTQUVVakJRTUFnR0JnUUFpekFCQVRCRUJnWXENCktBQVJBUXN3T2pBNEJnZ3JCZ0VGQlFjQ0FSWXNhSFIwY0RvdkwzZDNkeTVoTFhSeWRYTjBMbUYwTDJSdlkzTXYNClkzQXZZUzF6YVdkdUxWQnlaVzFwZFcwd0V3WURWUjBqQkF3d0NvQUlSZ2FmamtHT0ZiMHdFUVlEVlIwT0JBb0UNCkNFTVFVRXBMcjZNa01BMEdDU3FHU0liM0RRRUJCUVVBQTRJQkFRQ2x5Mm1IbVhZNTUybHRNdm4xUTkzb3dweDMNCkwxMGJ4UVRIV3dZN2c4YnlVdlhBdDc3bW9USkU5aHNlZW90ZVkzQ1Y2c3VOL1h6VFZIeVlBRFZKMHkyR3lCWDANCjFvaGhNcjE0TDVuQ0YzNC81WUJ3bkdSYzhxWDhtMGxaZEhaajVmZkJqQTNreWRLWHQvTFhRSEpYYlBtU0VuYnMNCkc1NWMvRjNTc3A4OC93Q1M2ZC9WZ3d0S1RxMnN1RnNHR0RJbGhic1RKN0p6TnpLNm9pdEUzVXZLd05nbzdKWUMNCkZJM1R4bXhpUy84dm5qRnc4V3o1M016bjBaTjAwUERqYi9Nb24vT2hUMUN1Y3dBMmh2eW1KeWhwcG9JN2tQbm8NCmRxZGV3Y0toZzNPcGJHUkVGL3Z5N2pNRjRUSXhBMGJ3VkNvdUFsdmZqSnZoM2MvSElnQS84WlpTTVdrbTwvZHNpZzpYNTA5Q2VydGlmaWNhdGU+PC9kc2lnOlg1MDlEYXRhPjwvZHNpZzpLZXlJbmZvPjxkc2lnOk9iamVjdCBJZD0iT2JqZWN0LTc2ZTJkNmZiLTEiPjx4YWRlczpRdWFsaWZ5aW5nUHJvcGVydGllcyB4bWxuczp4YWRlcz0iaHR0cDovL3VyaS5ldHNpLm9yZy8wMTkwMy92MS4zLjIjIiB4bWxuczpuczM9Imh0dHA6Ly91cmkuZXRzaS5vcmcvMDE5MDMvdjEuNC4xIyIgVGFyZ2V0PSIjU2lnbmF0dXJlLTc2ZTJkNmZiLTEiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOnNsPSJodHRwOi8vd3d3LmJ1ZXJnZXJrYXJ0ZS5hdC9uYW1lc3BhY2VzL3NlY3VyaXR5bGF5ZXIvMS4yIyI+PHhhZGVzOlNpZ25lZFByb3BlcnRpZXMgSWQ9IlNpZ25lZFByb3BlcnRpZXMtNzZlMmQ2ZmItMSI+PHhhZGVzOlNpZ25lZFNpZ25hdHVyZVByb3BlcnRpZXM+PHhhZGVzOlNpZ25pbmdUaW1lPjIwMTgtMDYtMDZUMTE6NTg6MDRaPC94YWRlczpTaWduaW5nVGltZT48eGFkZXM6U2lnbmluZ0NlcnRpZmljYXRlPjx4YWRlczpDZXJ0Pjx4YWRlczpDZXJ0RGlnZXN0Pjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkc2lnOkRpZ2VzdFZhbHVlPkZaTHZCVERTdEVMM0k1VEJZVmJaRjk2alcvMVRCcXhqdDJZYnNJUTN4OGM9PC9kc2lnOkRpZ2VzdFZhbHVlPjwveGFkZXM6Q2VydERpZ2VzdD48eGFkZXM6SXNzdWVyU2VyaWFsPjxkc2lnOlg1MDlJc3N1ZXJOYW1lPkNOPWEtc2lnbi1QcmVtaXVtLVRlc3QtU2lnLTAyLE9VPWEtc2lnbi1QcmVtaXVtLVRlc3QtU2lnLTAyLE89QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJILEM9QVQ8L2RzaWc6WDUwOUlzc3Vlck5hbWU+PGRzaWc6WDUwOVNlcmlhbE51bWJlcj4xNjA2MjU0NDkwPC9kc2lnOlg1MDlTZXJpYWxOdW1iZXI+PC94YWRlczpJc3N1ZXJTZXJpYWw+PC94YWRlczpDZXJ0PjwveGFkZXM6U2lnbmluZ0NlcnRpZmljYXRlPjx4YWRlczpTaWduYXR1cmVQb2xpY3lJZGVudGlmaWVyPjx4YWRlczpTaWduYXR1cmVQb2xpY3lJbXBsaWVkLz48L3hhZGVzOlNpZ25hdHVyZVBvbGljeUlkZW50aWZpZXI+PC94YWRlczpTaWduZWRTaWduYXR1cmVQcm9wZXJ0aWVzPjx4YWRlczpTaWduZWREYXRhT2JqZWN0UHJvcGVydGllcz48eGFkZXM6RGF0YU9iamVjdEZvcm1hdCBPYmplY3RSZWZlcmVuY2U9IiNSZWZlcmVuY2UtNzZlMmQ2ZmItMSI+PHhhZGVzOk1pbWVUeXBlPmFwcGxpY2F0aW9uL3hodG1sK3htbDwveGFkZXM6TWltZVR5cGU+PC94YWRlczpEYXRhT2JqZWN0Rm9ybWF0PjwveGFkZXM6U2lnbmVkRGF0YU9iamVjdFByb3BlcnRpZXM+PC94YWRlczpTaWduZWRQcm9wZXJ0aWVzPjwveGFkZXM6UXVhbGlmeWluZ1Byb3BlcnRpZXM+PC9kc2lnOk9iamVjdD48L2RzaWc6U2lnbmF0dXJlPg0KCTxzYW1sMjpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxOC0wNi0wNlQxMDo0MDowMC4wMDBaIiBOb3RPbk9yQWZ0ZXI9IjIwMTgtMDYtMDZUMTU6MDA6MDAuMDAwWiI+DQoJCTxzYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KCQkJPHNhbWwyOkF1ZGllbmNlPmh0dHBzOi8vZGVtby5lZ2l6Lmd2LmF0L2RlbW8tU1AvcHZwL3Bvc3Q8L3NhbWwyOkF1ZGllbmNlPg0KCQk8L3NhbWwyOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQoJPC9zYW1sMjpDb25kaXRpb25zPg0KCTxzYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJQVlAtVkVSU0lPTiIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMTAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4yLjE8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IlBSSU5DSVBBTC1OQU1FIiBOYW1lPSJ1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4yMCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPlhYWEhhYnNidXJnLUxvdGhyaW5nZW48L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IkdJVkVOLU5BTUUiIE5hbWU9InVybjpvaWQ6Mi41LjQuNDIiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5YWFhNYXJpYS1UaGVyZXNpYSBLdW5pZ3VuZGE8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IkJJUlRIREFURSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPjE5ODAtMDItMjk8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IlNlcnZpY2VQcm92aWRlci1VbmlxdWVJZCIgTmFtZT0iaHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJVbmlxdWVJZCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPmh0dHBzOi8vZGVtby5lZ2l6Lmd2LmF0L2RlbW8tU1AvcHZwL21ldGFkYXRhPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItRnJpZW5kbHlOYW1lIiBOYW1lPSJodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPkRlbW9sb2dpbiBTZXJ2aWNlIHByb3ZpZGVkIGJ5IEVHSVo8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IlNlcnZpY2VQcm92aWRlci1Db3VudHJ5Q29kZSIgTmFtZT0iaHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29kZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPkFUPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJNQU5EQVRFLVJFRkVSRU5DRS1WQUxVRSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5fYXNkZmFkZmFzZmFzZmFzZmFzZmFzZmFzZmFzZmFzZmFzZmFzZmFzPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJPC9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQo8L3NhbWwyOkFzc2VydGlvbj4=" + } +}
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_sic.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_sic.json new file mode 100644 index 000000000..8acd1986d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_sic.json @@ -0,0 +1,6 @@ +{ + "EID-IDENTITY-LINK": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDpBc3NlcnRpb24geG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmFzc2VydGlvbiIgeG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgeG1sbnM6ZWNkc2E9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlIyIgeG1sbnM6bnMzPSJodHRwOi8vd3d3LmJ1ZXJnZXJrYXJ0ZS5hdC9uYW1lc3BhY2VzL3BlcnNvbmVuYmluZHVuZy8yMDAyMDUwNiMiIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJubWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIEFzc2VydGlvbklEPSJsb2NhbGhvc3QtMjAxOC0wNS0yOFQxNjo0NDo0MSswMjowMCIgSXNzdWVJbnN0YW50PSIyMDE4LTA1LTI4VDE0OjQ0OjQxLjM2N1oiIElzc3Vlcj0iaHR0cDovL3Rlcm1pbmFsLmlhaWsudHVncmF6LmF0IiBNYWpvclZlcnNpb249IjEiIE1pbm9yVmVyc2lvbj0iMCI-PHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PjxzYW1sOlN1YmplY3Q-PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48c2FtbDpDb25maXJtYXRpb25NZXRob2Q-dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmNtOnNlbmRlci12b3VjaGVzPC9zYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT48cHI6UGVyc29uIHhzaTp0eXBlPSJwcjpQaHlzaWNhbFBlcnNvblR5cGUiPjxwcjpJZGVudGlmaWNhdGlvbj48cHI6VmFsdWU-QnMwbWNSWWVBTW5XeG5pVVlsM256QT09PC9wcjpWYWx1ZT48cHI6VHlwZT51cm46cHVibGljaWQ6Z3YuYXQ6YmFzZWlkPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24-PHByOk5hbWU-PHByOkdpdmVuTmFtZT5FaWQ8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPlRlc3Q8L3ByOkZhbWlseU5hbWU-PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4yMDAwLTAxLTAxPC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE-PC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24-PC9zYW1sOlN1YmplY3Q-PHNhbWw6QXR0cmlidXRlIEF0dHJpYnV0ZU5hbWU9IkNpdGl6ZW5QdWJsaWNLZXkiIEF0dHJpYnV0ZU5hbWVzcGFjZT0idXJuOnB1YmxpY2lkOmd2LmF0Om5hbWVzcGFjZXM6aWRlbnRpdHlsaW5rOjEuMiI-PHNhbWw6QXR0cmlidXRlVmFsdWU-PGVjZHNhOkVDRFNBS2V5VmFsdWU-PGVjZHNhOkRvbWFpblBhcmFtZXRlcnM-PGVjZHNhOk5hbWVkQ3VydmUgVVJOPSJ1cm46b2lkOjEuMi44NDAuMTAwNDUuMy4xLjciLz48L2VjZHNhOkRvbWFpblBhcmFtZXRlcnM-PGVjZHNhOlB1YmxpY0tleT48ZWNkc2E6WCBWYWx1ZT0iMTkzNjQwODQ0ODkzNjU1NDM4MDYwNTQ2NjYxOTczNDAzODMzNzUxODUzNjU4MDgzMzA2MDY5NzQ2OTk5ODg2Mjc2ODc1Mjk0NTAyMTQiIHhzaTp0eXBlPSJlY2RzYTpQcmltZUZpZWxkRWxlbVR5cGUiLz48ZWNkc2E6WSBWYWx1ZT0iMTA4Njg0MDg1NDc2NTkxMDE3NTA1NjkyODQzMTE0NzMwNDU5MzUxODYzMTI5NDE4Mjg3NTUzMzg2OTM2MjE0NDQwODQxNjY4ODcyMTU2IiB4c2k6dHlwZT0iZWNkc2E6UHJpbWVGaWVsZEVsZW1UeXBlIi8-PC9lY2RzYTpQdWJsaWNLZXk-PC9lY2RzYTpFQ0RTQUtleVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ-PGRzaWc6U2lnbmF0dXJlPjxkc2lnOlNpZ25lZEluZm8-PGRzaWc6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz48ZHNpZzpSZWZlcmVuY2UgVVJJPSIiPjxkc2lnOlRyYW5zZm9ybXM-PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPjxkc2lnOlhQYXRoPm5vdChhbmNlc3Rvci1vci1zZWxmOjpwcjpJZGVudGlmaWNhdGlvbik8L2RzaWc6WFBhdGg-PC9kc2lnOlRyYW5zZm9ybT48ZHNpZzpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjwvZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkc2lnOkRpZ2VzdFZhbHVlPm5JUlRucWZraUpETDhEc3A5ZHRuWUU4YnZxbTRrbUFRVVhOUDRyMzU5Qnc9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U-PGRzaWc6UmVmZXJlbmNlIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNNYW5pZmVzdCIgVVJJPSIjbWFuaWZlc3QiPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkc2lnOkRpZ2VzdFZhbHVlPnk5bXNyVmIxR2FOczNmZ3lkcVp2WnorYnp5cVFHeGRQRDhzazNyL1BnYTA9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U-PC9kc2lnOlNpZ25lZEluZm8-PGRzaWc6U2lnbmF0dXJlVmFsdWU-WHNhNjlWaUFlTjcvTlBQeWlycXAzYWxwY1RsS2ZVMlJaUTBWS1FpTU1mSzExTnRHaFNlRE9aR1BvR1lnQjdaTApLbkw4UWxmVzRUK2I3eHNCcDM5WE5iSS9jVi9zY0c5ZUIweWhYa0x6MjVsdE1jUUJNcUdEcDJHcmNpOEpYQmRaCkFIQWVBS2IrNUZzVHR4MllyMUZIUGhyWnEwN3RFK2NhSXlNb2VOdi95bVBrSWFhT0lUcTZHWTdndFZReFJGNWwKMi9uUmFKWExwc1JIdnVpNmIrWHBxUlFuZFJvaVEvSW41N3lSY0JLVk5lbFBhcUJmekRSMmtjVEt1RCtxWFAvawpaMU1nRUErY1dXcVI0Y085UEdxQms4NUR1MTBBVXMvTjNCbzRqWDZrcTYvMWVKdWlnSDVhTmlTNnVTcnFHZktLCklxUWxYc2N6a0oxLzIxUDgzQmFYZUE9PTwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlIYWpDQ0JWS2dBd0lCQWdJR1JVbkY4RDVTTUEwR0NTcUdTSWIzRFFFQkN3VUFNSGN4Q3pBSkJnTlZCQVlUCkFrRlVNUTB3Q3dZRFZRUUhFd1JIY21GNk1TWXdKQVlEVlFRS0V4MUhjbUY2SUZWdWFYWmxjbk5wZEhrZ2IyWWcKVkdWamFHNXZiRzluZVRFTk1Bc0dBMVVFQ3hNRVNVRkpTekVpTUNBR0ExVUVBeE1aU1VGSlN5QlVaWE4wSUVsdQpkR1Z5YldWa2FXRjBaU0JEUVRBZUZ3MHhOakE0TWpVeE16QTRNemhhRncweE9UQTRNalV4TXpBNE16aGFNSUg4Ck1Rc3dDUVlEVlFRR0V3SkJWREVOTUFzR0ExVUVCeE1FUjNKaGVqRW1NQ1FHQTFVRUNoTWRSM0poZWlCVmJtbDIKWlhKemFYUjVJRzltSUZSbFkyaHViMnh2WjNreFNEQkdCZ05WQkFzVFAwbHVjM1JwZEhWMFpTQm1iM0lnUVhCdwpiR2xsWkNCSmJtWnZjbTFoZEdsdmJpQlFjbTlqWlhOemFXNW5JR0Z1WkNCRGIyMXRkVzVwWTJGMGFXOXVjekVhCk1CZ0dBMVVFQkJNUlUybG5ibUYwZFhKbElGTmxjblpwWTJVeEhqQWNCZ05WQkNvVEZWTmxjblpsY2tKTFZTQkUKWlhabGJHOXdiV1Z1ZERFd01DNEdBMVVFQXhNblUyVnlkbVZ5UWt0VklFUmxkbVZzYjNCdFpXNTBJRk5wWjI1aApkSFZ5WlNCVFpYSjJhV05sTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF4ZC8zCjlpbDYxZ2hJSDc4MXdSR2c1bSsxMk1SeEZCL2VLTFRuOEFqM1lwVG1JOSs0Q1RHOEVTbXUyMGkvZCttUmMvQmcKNXR6dklUaSs5NjRnSXNvdnluQ2RVOVFFd1dGOVNLVFE3dmpUTWZrVFdEbGwrS2ZTV2pPNzFsN0RtOUYvZFJWVwp4S2N4MWo2b1N4Ym5ZWmlvM1VCc1NGK3ZmRXo3Y0p6MkR6QWdBdE05cy8yd1NpWXlXd2ZRTVFjZ0VnQTR1V3RXCi83dnJlOEZEZ3h4dEEzWE9WN0lnS29FZkZBMmM3YTZnVkdVak45ME9XeG40WmRER3BqRFk5bUFuRUpTMnJRb1oKRW5rSTQ3cmZ4MzVGckVQdDdSZGM1bVRTd0R2YkpxTGx4a0NVclBpK0NWL2VzTXhyeVg0K21pdmFnaHhWeTNHVApTcFR4ZjJJQWdYMnVYMlZiVXdJREFRQUJvNElDZERDQ0FuQXdEZ1lEVlIwUEFRSC9CQVFEQWdlQU1Bd0dBMVVkCkV3RUIvd1FDTUFBd2dnRVhCZ2dyQmdFRkJRY0JBUVNDQVFrd2dnRUZNSGNHQ0NzR0FRVUZCekFDaG10c1pHRncKT2k4dmJHUmhjQzVwWVdsckxuUjFaM0poZWk1aGRDOWpiajFwWVdsckxYUmxjM1F0YVc1MFpYSnRaV1JwWVhSbApMV05oTEc5MVBYQnJhU3hrWXoxcFlXbHJMR1JqUFhSMVozSmhlaXhrWXoxaGREOWpRVU5sY25ScFptbGpZWFJsCk8ySnBibUZ5ZVRCSUJnZ3JCZ0VGQlFjd0FvWThhSFIwY0RvdkwyTmhMbWxoYVdzdWRIVm5jbUY2TG1GMEwyTmwKY25SekwybGhhV3N0ZEdWemRDMXBiblJsY20xbFpHbGhkR1V0WTJFdVkyVnlNRUFHQ0NzR0FRVUZCekFCaGpSbwpkSFJ3T2k4dmIyTnpjQzVwWVdsckxuUjFaM0poZWk1aGRDOXBZV2xyTFhSbGMzUXRhVzUwWlhKdFpXUnBZWFJsCkxXTmhNQjhHQTFVZEl3UVlNQmFBRkVKdXI2L3FRU3AvbEZjRmhZTGdrVVloeVZkQ01Ca0dBMVVkSUFRU01CQXcKRGdZTUt3WUJCQUdWRWdFQ0J3RUJNSUhLQmdOVkhSOEVnY0l3Z2I4d2dieWdnYm1nZ2JhR2QyeGtZWEE2THk5cwpaR0Z3TG1saGFXc3VkSFZuY21GNkxtRjBMMk51UFdsaGFXc3RkR1Z6ZEMxcGJuUmxjbTFsWkdsaGRHVXRZMkVzCmIzVTljR3RwTEdSalBXbGhhV3NzWkdNOWRIVm5jbUY2TEdSalBXRjBQMk5sY25ScFptbGpZWFJsVW1WMmIyTmgKZEdsdmJreHBjM1E3WW1sdVlYSjVoanRvZEhSd09pOHZZMkV1YVdGcGF5NTBkV2R5WVhvdVlYUXZZM0pzY3k5cApZV2xyTFhSbGMzUXRhVzUwWlhKdFpXUnBZWFJsTFdOaExtTnliREFOQmdjcUtBQUtBUWNCQkFJRkFEQWRCZ05WCkhRNEVGZ1FVQ0djbU5FZ3JGTHdyZWRNcFJwYS8zNGpFcVk4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFJQWcKL0Z0K3ZNMERVS0tpcGNGMnhTWkN3ZXFFcjZiRjlJOEZydXhLeUhnNFdjV2lVdkZzOTZXa3dqL0dBOFlNSmtqRQpTS2FkMW5QK2hGamlyYVlVNmRTZnBPbkFVSnlMVjBxNURNOFkwY2w4R0RxYXpFMmtOR056am1IOUh2R1k5Q1dwCnZ3RjhodEJuQlg4TjRFdncydDg2ZUQ0VjUwN2syRXY4Sk9QV0tpZlp3TzBPQ25Qa2tCZnEzMEg1R1ZtOUpBOFcKam9FWFlRenpYMlRCWXJ4cWtXTm9zQXNOOVN0Y092djlzZlRUdFcrb3pLNS9WUHZBcDlTVU9qQzVFd3c3QnVLcQp5QnhEclRTUThobGZXMmo4Y010Q21nMDBMSVNuc3BpcThQZHZJV2t0RE8wc3JpeWgzWXVJSVV4ODZPRTlyQmNHCjIwcXI5czJvWFl6VnhxK1Q2aElFekRDMXYvc1BicGVZRmRVNkRXN2J6LzNPYlBjS2prR0Q3SjA2WkRaRmJnWHIKYXVjcjAxWkZqZGdCY2RIMFV6bXNJYUFNRytIWTVSVTk5QVo1YlA1UkgrRGJTVFpMbGNtOFp6bmU1L2Iwck4rYQoyUTFjdHB0UW5hUGxaWVFNY1RTcVhjYk03VW16bjRMZ25PZWRqZkFjcDhQazByK2Jab2pyekZHdW9pOWZxa3FlCnFUdXArUGtHaitJOEQrcE9HL3NTTWFQeC9nUFo0bGxPOXYxN1ZHSEtIK095R0lzZWZ3ZCtqWGhNVEpNZHQ1a08KNmZMeVRGRjFNUDRMZDY0cFJ1Ym9hZ1pxZTNkbXk5SEN5N0FWbnE5ZElsL0JsaExqaExTVFlXdnd0ZHVoMzNXVgpxZWd3QmxkcjZQOXZ1SlRzT3JyZTdiUnZrQStWbnVaaGxOVzlBQzEvPC9kc2lnOlg1MDlDZXJ0aWZpY2F0ZT48L2RzaWc6WDUwOURhdGE-PC9kc2lnOktleUluZm8-PGRzaWc6T2JqZWN0Pjxkc2lnOk1hbmlmZXN0IElkPSJtYW5pZmVzdCI-PGRzaWc6UmVmZXJlbmNlIFVSST0iIj48ZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzE5OTkvUkVDLXhwYXRoLTE5OTkxMTE2Ij48ZHNpZzpYUGF0aD5ub3QoYW5jZXN0b3Itb3Itc2VsZjo6ZHNpZzpTaWduYXR1cmUpPC9kc2lnOlhQYXRoPjwvZHNpZzpUcmFuc2Zvcm0-PC9kc2lnOlRyYW5zZm9ybXM-PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8-PGRzaWc6RGlnZXN0VmFsdWU-QWZHRytDVVAvZUY3bFpCaTgzMkVZYk9lS1MwYzNpYTljQ1p5OEUvYS9QZz08L2RzaWc6RGlnZXN0VmFsdWU-PC9kc2lnOlJlZmVyZW5jZT48L2RzaWc6TWFuaWZlc3Q-PC9kc2lnOk9iamVjdD48L2RzaWc6U2lnbmF0dXJlPjwvc2FtbDpBc3NlcnRpb24-", + "EID-CITIZEN-QAA-LEVEL": "eid-citizen-qaa-level", + "EID-AUTH-BLOCK": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDI6QXNz\r\nZXJ0aW9uIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6\r\nYXNzZXJ0aW9uIiBJRD0iXzQwOTcyZmQ3NzdjNTlkYTFlYmVlZDJiOGQ2MzNhMzAw\r\nIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDYtMDdUMTQ6NTc6MzdaIiBWZXJzaW9uPSIy\r\nLjAiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSI+\r\nCgk8c2FtbDI6SXNzdWVyIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6\r\nMi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5odHRwczovL3NlcnZlcmJrdWRlbW8u\r\naWFpay50dWdyYXouYXQvZWlkPC9zYW1sMjpJc3N1ZXI+Cgk8ZHM6U2lnbmF0dXJl\r\nIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiBJ\r\nZD0iU2lnbmF0dXJlLWx1cmx5d2ZjLTEiPjxkczpTaWduZWRJbmZvIElkPSJTaWdu\r\nZWRJbmZvLWx1cmx5d2ZjLTEiPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFs\r\nZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4j\r\nIi8+PGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMu\r\nb3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI2VjZHNhLXNoYTI1NiIvPjxkczpSZWZl\r\ncmVuY2UgSWQ9IlJlZmVyZW5jZS1sdXJseXdmYy0xIiBVUkk9IiI+PGRzOlRyYW5z\r\nZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3Jn\r\nL1RSLzE5OTkvUkVDLXhzbHQtMTk5OTExMTYiPjx4c2w6c3R5bGVzaGVldCB4bWxu\r\nczp4c2w9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvWFNML1RyYW5zZm9ybSIgZXhj\r\nbHVkZS1yZXN1bHQtcHJlZml4ZXM9InNhbWwyIiB2ZXJzaW9uPSIxLjAiIHhtbG5z\r\nOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48\r\neHNsOm91dHB1dCBtZXRob2Q9InhtbCIgeG1sbnM6eG1sPSJodHRwOi8vd3d3Lncz\r\nLm9yZy9YTUwvMTk5OC9uYW1lc3BhY2UiIHhtbDpzcGFjZT0iZGVmYXVsdCIvPjx4\r\nc2w6dGVtcGxhdGUgbWF0Y2g9Ii8iIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8x\r\nOTk5L3hodG1sIj48aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94\r\naHRtbCI+PGhlYWQ+PHRpdGxlPlNpZ25hdHVyIGRlciBBbm1lbGRlZGF0ZW48L3Rp\r\ndGxlPjxzdHlsZSBtZWRpYT0ic2NyZWVuIiB0eXBlPSJ0ZXh0L2NzcyI+CiAgICAg\r\nICAgICAgICAgCQkJCQkubm9ybWFsc3R5bGUgeyBmb250LXNpemU6IG1lZGl1bTsg\r\nfSAKICAgICAgICAgICAgICAJCQkJCS5pdGFsaWNzdHlsZSB7IGZvbnQtc2l6ZTog\r\nbWVkaXVtOyBmb250LXN0eWxlOiBpdGFsaWM7IH0KCQkJCQkJCQkudGl0bGVzdHls\r\nZSB7IHRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7IGZvbnQtd2VpZ2h0OmJvbGQ7\r\nIGZvbnQtc2l6ZTogbWVkaXVtOyB9IAoJCQkJCQkJCS5oNHN0eWxlIHsgZm9udC1z\r\naXplOiBsYXJnZTsgfSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\r\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\r\nICAgCgkJCQkJCQkJLmhpZGRlbiB7ZGlzcGxheTogbm9uZTsgfSAKICAgICAgICAg\r\nICAgICAJCQkJPC9zdHlsZT48L2hlYWQ+PGJvZHk+PGg0IGNsYXNzPSJoNHN0eWxl\r\nIj5Bbm1lbGRlZGF0ZW46PC9oND48cCBjbGFzcz0idGl0bGVzdHlsZSI+RGF0ZW4g\r\nenVyIFBlcnNvbjwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx4c2w6aWYg\r\ndGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3Rh\r\ndGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoyLjUuNC40Midd\r\nL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5\r\nbGUiPlZvcm5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2\r\nYWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRl\r\nU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoyLjUuNC40\r\nMiddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4\r\nc2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmli\r\ndXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIu\r\nNDAuMC4xMC4yLjEuMS4yNjEuMjAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0\r\ncj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5OYWNobmFtZTogPC90ZD48dGQgY2xh\r\nc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFz\r\nc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRl\r\nW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4yMCddL3NhbWwy\r\nOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVz\r\ndD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVt\r\nZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4y\r\nLjEuMS41NSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0i\r\naXRhbGljc3R5bGUiPkdlYnVydHNkYXR1bTogPC90ZD48dGQgY2xhc3M9Im5vcm1h\r\nbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9z\r\nYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1\r\ncm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjU1J10vc2FtbDI6QXR0cmlidXRlVmFs\r\ndWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PHhzbDppZiB0ZXN0PSIvc2FtbDI6QXNz\r\nZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVb\r\nQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjkwJ10vc2FtbDI6\r\nQXR0cmlidXRlVmFsdWUiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5Wb2xs\r\nbWFjaHQ6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp0ZXh0Pklj\r\naCBtZWxkZSBtaWNoIGluIFZlcnRyZXR1bmcgYW4uIEltIG7DpGNoc3RlbiBTY2hy\r\naXR0IHdpcmQgbWlyIGVpbmUgTGlzdGUgZGVyIGbDvHIgbWljaCB2ZXJmw7xnYmFy\r\nZW4gVmVydHJldHVuZ3N2ZXJow6RsdG5pc3NlIGFuZ2V6ZWlndCwgYXVzIGRlbmVu\r\nIGljaCBlaW5lcyBhdXN3w6RobGVuIHdlcmRlLjwveHNsOnRleHQ+PC90ZD48L3Ry\r\nPjwveHNsOmlmPjwvdGFibGU+PHAgY2xhc3M9InRpdGxlc3R5bGUiPkRhdGVuIHp1\r\nciBBbndlbmR1bmc8L3A+PHRhYmxlIGNsYXNzPSJwYXJhbWV0ZXJzIj48dHI+PHRk\r\nIGNsYXNzPSJpdGFsaWNzdHlsZSI+SWRlbnRpZmlrYXRvcjogPC90ZD48dGQgY2xh\r\nc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFz\r\nc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRl\r\nW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQ\r\ncm92aWRlclVuaXF1ZUlkJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwv\r\ndHI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpB\r\ndHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8v\r\nZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5\r\nTmFtZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRh\r\nbGljc3R5bGUiPk5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhz\r\nbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmli\r\ndXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5n\r\ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUn\r\nXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDppZj48eHNs\r\nOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0\r\nZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J2h0dHA6Ly9laWQuZ3Yu\r\nYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyQ291bnRyeUNvZGUnXS9z\r\nYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxl\r\nIj5TdGFhdDogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVl\r\nLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0\r\nZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJ\r\nRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlJ10vc2FtbDI6\r\nQXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PC90YWJsZT48cCBj\r\nbGFzcz0idGl0bGVzdHlsZSI+VGVjaG5pc2NoZSBQYXJhbWV0ZXI8L3A+PHRhYmxl\r\nIGNsYXNzPSJwYXJhbWV0ZXJzIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+\r\nRGF0dW06PC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9m\r\nIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFu\r\ndCw5LDIpIi8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2Vs\r\nZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDYs\r\nMikiLz48eHNsOnRleHQ+LjwveHNsOnRleHQ+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9\r\nInN1YnN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL0BJc3N1ZUluc3RhbnQsMSw0KSIv\r\nPjwvdGQ+PC90cj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+VWhyemVpdDo8\r\nL3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0\r\nPSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDEyLDIp\r\nIi8+PHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJz\r\ndWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE1LDIpIi8+\r\nPHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJz\r\ndHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE4LDIpIi8+PC90\r\nZD48L3RyPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5UcmFuc2FrdGlvbnNU\r\nb2trZW46IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1v\r\nZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vQElEIi8+PC90ZD48L3RyPjx4c2w6\r\naWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1l\r\nbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIu\r\nMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIj48dHI+PHRkIGNsYXNz\r\nPSJpdGFsaWNzdHlsZSI+CgkJCQkJCQkJCQkJVm9sbG1hY2h0ZW4tUmVmZXJlbno6\r\nIDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxl\r\nY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3Nh\r\nbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4y\r\nNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDpp\r\nZj48dHIgY2xhc3M9ImhpZGRlbiI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+RGF0\r\nYVVSTDogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9m\r\nIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpDb25kaXRpb25zL3NhbWwy\r\nOkF1ZGllbmNlUmVzdHJpY3Rpb24vc2FtbDI6QXVkaWVuY2UiLz48L3RkPjwvdHI+\r\nPHhzbDppZiB0ZXN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkNvbmRpdGlvbnMv\r\nQE5vdE9uT3JBZnRlciI+PHRyIGNsYXNzPSJoaWRkZW4iPjx0ZCBjbGFzcz0iaXRh\r\nbGljc3R5bGUiPkF1dGhCbG9ja1ZhbGlkVG86IDwvdGQ+PHRkIGNsYXNzPSJub3Jt\r\nYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24v\r\nc2FtbDI6Q29uZGl0aW9ucy9ATm90T25PckFmdGVyIi8+PC90ZD48L3RyPjwveHNs\r\nOmlmPjwvdGFibGU+PC9ib2R5PjwvaHRtbD48L3hzbDp0ZW1wbGF0ZT48L3hzbDpz\r\ndHlsZXNoZWV0PjwvZHM6VHJhbnNmb3JtPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGht\r\nPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2Rz\r\nOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93\r\nd3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkczpEaWdlc3RWYWx1\r\nZT5IbEk0T0lNbG1sVlpJQWtBdkQ1bGdGNWRGeXdxWVhES0wzVEVSaXRZeHlVPTwv\r\nZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PGRzOlJlZmVyZW5jZSBJZD0i\r\nUmVmZXJlbmNlLWx1cmx5d2ZjLTIiIFR5cGU9Imh0dHA6Ly91cmkuZXRzaS5vcmcv\r\nMDE5MDMjU2lnbmVkUHJvcGVydGllcyIgVVJJPSIjU2lnbmVkUHJvcGVydGllcy1s\r\ndXJseXdmYy0xIj48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRo\r\nbT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9k\r\nczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8v\r\nd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48ZHM6RGlnZXN0VmFs\r\ndWU+a3lFdzl5bUlLbm9KSlF3bW85bitmdjF1VGpCUXdaNGpsZk5oSll5akpKTT08\r\nL2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48\r\nZHM6U2lnbmF0dXJlVmFsdWUgSWQ9IlNpZ25hdHVyZVZhbHVlLWx1cmx5d2ZjLTEi\r\nPlQrOTN3ejU3dUVsQUFFb1dZTVNYcVA3YnVIU0drZW9YVlQvTnN5Q1hrM056Zmpn\r\nbC9ERlgreFJqOGJqUDNkUEgKenVtejVUV1N3R25NRUU4bUNJTUxRQT09PC9kczpT\r\naWduYXR1cmVWYWx1ZT48ZHM6S2V5SW5mbyBJZD0iS2V5SW5mbyI+PGRzOlg1MDlE\r\nYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJR2Z6Q0NCR2VnQXdJQkFnSUhBSlpZ\r\nMGlZWFVqQU5CZ2txaGtpRzl3MEJBUXNGQURCM01Rc3dDUVlEVlFRRwpFd0pCVkRF\r\nTk1Bc0dBMVVFQnhNRVIzSmhlakVtTUNRR0ExVUVDaE1kUjNKaGVpQlZibWwyWlhK\r\nemFYUjVJRzltCklGUmxZMmh1YjJ4dloza3hEVEFMQmdOVkJBc1RCRWxCU1VzeElq\r\nQWdCZ05WQkFNVEdVbEJTVXNnVkdWemRDQkoKYm5SbGNtMWxaR2xoZEdVZ1EwRXdI\r\naGNOTVRnd05USTRNVFEwTlRJeFdoY05NakV3TlRJNE1UUTBOVEl4V2pBdwpNUXd3\r\nQ2dZRFZRUXFFd05GYVdReERUQUxCZ05WQkFRVEJGUmxjM1F4RVRBUEJnTlZCQU1U\r\nQ0VWcFpDQlVaWE4wCk1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdB\r\nRUtzK3U5T2RqRm1SR0YxQ2JzYStYU3V2elBvSUcKcFB0Y0pzKzR0aE1iQ3Vid1NR\r\nTXZVT3NzckN6ckMxSmk5WVZ4ZXFIczNEVTJSREVvc29TVVJPSkgzS09DQXlBdwpn\r\nZ01jTUE0R0ExVWREd0VCL3dRRUF3SUhnREFNQmdOVkhSTUJBZjhFQWpBQU1JSUJO\r\nZ1lJS3dZQkJRVUhBUUVFCmdnRW9NSUlCSkRDQmdnWUlLd1lCQlFVSE1BS0dkbXhr\r\nWVhBNkx5OWpZWEJ6YnkxMFpYTjBMbWxoYVdzdWRIVm4KY21GNkxtRjBPakV6T0Rr\r\ndlkyNDlhV0ZwYXkxMFpYTjBMV2x1ZEdWeWJXVmthV0YwWlMxallTeHZkVDF3YTJr\r\ncwpaR005YVdGcGF5eGtZejEwZFdkeVlYb3NaR005WVhRL1kwRkRaWEowYVdacFky\r\nRjBaVHRpYVc1aGNua3dVQVlJCkt3WUJCUVVITUFLR1JHaDBkSEE2THk5allYQnpi\r\neTEwWlhOMExtbGhhV3N1ZEhWbmNtRjZMbUYwTDJObGNuUnoKTDJsaGFXc3RkR1Z6\r\nZEMxcGJuUmxjbTFsWkdsaGRHVXRZMkV1WTJWeU1Fc0dDQ3NHQVFVRkJ6QUJoajlv\r\nZEhSdwpPaTh2WTJGd2MyOHRkR1Z6ZEM1cFlXbHJMblIxWjNKaGVpNWhkQzl2WTNO\r\nd0wybGhhV3N0ZEdWemRDMXBiblJsCmNtMWxaR2xoZEdVdFkyRXdId1lEVlIwakJC\r\nZ3dGb0FVZWRnUEFvSGx5d3Z1dC94RXY5Tm4raENHVVJJd2dhQUcKQTFVZElBU0Jt\r\nRENCbFRDQmtnWU1Ld1lCQkFHVkVnRUNCd0VCTUlHQk1IOEdDQ3NHQVFVRkJ3SUNN\r\nSE1NY1ZSbwphWE1nWTJWeWRHbG1hV05oZEdVZ2QyRnpJR2x6YzNWbFpDQmllU0Jo\r\nSUNvcVkyOXdlU29xSUc5bUlHRnVJRWxCClNVc2dWR1Z6ZENCSmJuUmxjbTFsWkds\r\naGRHVWdRMEVnWVc1a0lHMWhlU0JpWlNCMWMyVmtJR1p2Y2lCMFpYTjAKSUhCMWNu\r\nQnZjMlZ6SUc5dWJIa3VNSUhlQmdOVkhSOEVnZFl3Z2RNd2dkQ2dnYzJnZ2NxR2dZ\r\nSnNaR0Z3T2k4dgpZMkZ3YzI4dGRHVnpkQzVwWVdsckxuUjFaM0poZWk1aGREb3hN\r\nemc1TDJOdVBXbGhhV3N0ZEdWemRDMXBiblJsCmNtMWxaR2xoZEdVdFkyRXNiM1U5\r\nY0d0cExHUmpQV2xoYVdzc1pHTTlkSFZuY21GNkxHUmpQV0YwUDJObGNuUnAKWm1s\r\nallYUmxVbVYyYjJOaGRHbHZia3hwYzNRN1ltbHVZWEo1aGtOb2RIUndPaTh2WTJG\r\nd2MyOHRkR1Z6ZEM1cApZV2xyTG5SMVozSmhlaTVoZEM5amNteHpMMmxoYVdzdGRH\r\nVnpkQzFwYm5SbGNtMWxaR2xoZEdVdFkyRXVZM0pzCk1CMEdBMVVkRGdRV0JCU093\r\nS0VmZDVIa2traXppWkJiNVlqNEhXeTFEREFOQmdrcWhraUc5dzBCQVFzRkFBT0MK\r\nQWdFQUFqakRNU1d4YlVIdmtsUEtTNHhUSkpWN0JsNUd5KysvTFozOU1iOFpDZ2pJ\r\nc0dJUDl3M2hoejBrZmk0egpJejZodmYvWXg5emxLWi93UklVOFI0aXlncVFTWTVa\r\nbTI4V0tWbTNWYmhmczRld040RkpUUDh3OExnVVNISjAyClYrSklIdFV0NWk5VTJh\r\nL0kwMWJteklJZkJZTDBJVzhzMUszVk1BekFEeUhER1cvVTZoOWNrN2RheXc4T1dp\r\nOHQKTlQ0dG5LWDRtRWhINnoya1VQbnY3ZnFGbFNSckQwdXFrZUtaYWQzQTFhMTU1\r\nUzBEZ2oxY1ptTmpSNHNSaFFoaApnYmEvRUd1SE55RVhjaFZhc0lJVG9oT1J1SlY5\r\nQkFxNENja2JTTG8vcUNTZit1aVFVSm0zMzZMd2F2akdaa2VkCk8vYXV2UlRFVGN0\r\nUGlwamRPTlN4Ri9qYmpBUTNmbVlSL1Zxdm9DbTZLM1pnV1R6eGswUzRtZmFycndv\r\nb0R2bEUKcmtTbnJsTGYrRDZFeVF0OUxDdy9pNUx2SC8rRStaUTRBS3dUSG1Kb2s0\r\neGRTZ3l3eU5yeHNjaVpydlVHZ3dlOQpuK0NWM0l6RXltWWZMMjhxeWtLV3BxYlBU\r\nbFNIcWEzU2xJbWRsOHl3Skk0aEFXN216WkRwNE9qaGliUnlkSnNSCjd1aUZuZmhJ\r\nS01URGljblpHZ1BaWnFJdVM0cUd3WUJzelU3N1IrWG13bVpxWkJrTlA4OGVZVzFx\r\nbnhDRkdFdEkKT2lpRVR3TzR6eFhGRjIxQ2VCMDZQRXdSQ1ZnZWJCZzB6Qm5YK2hJ\r\nc1Qvbkpxd0hLOEkwWWgyNEJDdWRFU1VDMgpnRTl4cnVqcmszZTdyK2xPcWJZYnpl\r\nV1JKblhJTGcrU25mbHpDOWtTM0x4UmZKST08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48\r\nL2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48ZHM6T2JqZWN0Pjx4YWRlczpRdWFs\r\naWZ5aW5nUHJvcGVydGllcyB4bWxuczp4YWRlcz0iaHR0cDovL3VyaS5ldHNpLm9y\r\nZy8wMTkwMy92MS4zLjIjIiBUYXJnZXQ9IiNTaWduYXR1cmUtbHVybHl3ZmMtMSI+\r\nPHhhZGVzOlNpZ25lZFByb3BlcnRpZXMgSWQ9IlNpZ25lZFByb3BlcnRpZXMtbHVy\r\nbHl3ZmMtMSI+PHhhZGVzOlNpZ25lZFNpZ25hdHVyZVByb3BlcnRpZXM+PHhhZGVz\r\nOlNpZ25pbmdUaW1lPjIwMTgtMDYtMDdUMTY6NTc6MzcrMDI6MDA8L3hhZGVzOlNp\r\nZ25pbmdUaW1lPjx4YWRlczpTaWduaW5nQ2VydGlmaWNhdGVWMj48eGFkZXM6Q2Vy\r\ndD48eGFkZXM6Q2VydERpZ2VzdD48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0i\r\naHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PGRzOkRp\r\nZ2VzdFZhbHVlPmRXV01DZ29LL09Uc1Bkemk1S0orSFV0RUE5YWhxVitsQkVEK3BD\r\na1d0OFU9PC9kczpEaWdlc3RWYWx1ZT48L3hhZGVzOkNlcnREaWdlc3Q+PC94YWRl\r\nczpDZXJ0PjwveGFkZXM6U2lnbmluZ0NlcnRpZmljYXRlVjI+PHhhZGVzOlNpZ25h\r\ndHVyZVBvbGljeUlkZW50aWZpZXI+PHhhZGVzOlNpZ25hdHVyZVBvbGljeUltcGxp\r\nZWQvPjwveGFkZXM6U2lnbmF0dXJlUG9saWN5SWRlbnRpZmllcj48L3hhZGVzOlNp\r\nZ25lZFNpZ25hdHVyZVByb3BlcnRpZXM+PHhhZGVzOlNpZ25lZERhdGFPYmplY3RQ\r\ncm9wZXJ0aWVzPjx4YWRlczpEYXRhT2JqZWN0Rm9ybWF0IE9iamVjdFJlZmVyZW5j\r\nZT0iI1JlZmVyZW5jZS1sdXJseXdmYy0xIj48eGFkZXM6TWltZVR5cGU+YXBwbGlj\r\nYXRpb24veGh0bWwreG1sPC94YWRlczpNaW1lVHlwZT48L3hhZGVzOkRhdGFPYmpl\r\nY3RGb3JtYXQ+PC94YWRlczpTaWduZWREYXRhT2JqZWN0UHJvcGVydGllcz48L3hh\r\nZGVzOlNpZ25lZFByb3BlcnRpZXM+PC94YWRlczpRdWFsaWZ5aW5nUHJvcGVydGll\r\ncz48L2RzOk9iamVjdD48L2RzOlNpZ25hdHVyZT48c2FtbDI6Q29uZGl0aW9ucyBO\r\nb3RCZWZvcmU9IjIwMTgtMDYtMDdUMTQ6NTc6MzdaIiBOb3RPbk9yQWZ0ZXI9IjIw\r\nMTgtMDYtMDdUMTU6MDI6MzdaIj4KCQk8c2FtbDI6QXVkaWVuY2VSZXN0cmljdGlv\r\nbj4KCQkJPHNhbWwyOkF1ZGllbmNlPmh0dHA6Ly9sYWJkYS5pYWlrLnR1Z3Jhei5h\r\ndDo4MDgwL21vYS1pZC1hdXRoL3NsMjAvZGF0YVVybD9wZW5kaW5naWQ9Nzg0NTg4\r\nMDkxNDYxODg5MjM2MTwvc2FtbDI6QXVkaWVuY2U+CgkJPC9zYW1sMjpBdWRpZW5j\r\nZVJlc3RyaWN0aW9uPgoJPC9zYW1sMjpDb25kaXRpb25zPgoJPHNhbWwyOkF0dHJp\r\nYnV0ZVN0YXRlbWVudD4KCQk8c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0i\r\nUFZQLVZFUlNJT04iIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYx\r\nLjEwIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0\r\ncm5hbWUtZm9ybWF0OnVyaSI+CgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxu\r\nczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNl\r\nIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4yLjE8L3NhbWwyOkF0dHJpYnV0ZVZhbHVl\r\nPgoJCTwvc2FtbDI6QXR0cmlidXRlPgoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5k\r\nbHlOYW1lPSJQUklOQ0lQQUwtTkFNRSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4x\r\nMC4yLjEuMS4yNjEuMjAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpT\r\nQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4KCQkJPHNhbWwyOkF0dHJpYnV0\r\nZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hl\r\nbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPlRlc3Q8L3NhbWwyOkF0\r\ndHJpYnV0ZVZhbHVlPgoJCTwvc2FtbDI6QXR0cmlidXRlPgoJCTxzYW1sMjpBdHRy\r\naWJ1dGUgRnJpZW5kbHlOYW1lPSJHSVZFTi1OQU1FIiBOYW1lPSJ1cm46b2lkOjIu\r\nNS40LjQyIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6\r\nYXR0cm5hbWUtZm9ybWF0OnVyaSI+CgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4\r\nbWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3Rh\r\nbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5FaWQ8L3NhbWwyOkF0dHJpYnV0ZVZh\r\nbHVlPgoJCTwvc2FtbDI6QXR0cmlidXRlPgoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJp\r\nZW5kbHlOYW1lPSJCSVJUSERBVEUiIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAu\r\nMi4xLjEuNTUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIu\r\nMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVl\r\nIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5z\r\ndGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPjIwMDAtMDEtMDE8L3NhbWwyOkF0\r\ndHJpYnV0ZVZhbHVlPgoJCTwvc2FtbDI6QXR0cmlidXRlPgoJCTxzYW1sMjpBdHRy\r\naWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItVW5pcXVlSWQiIE5h\r\nbWU9Imh0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3Zp\r\nZGVyVW5pcXVlSWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1M\r\nOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4KCQkJPHNhbWwyOkF0dHJpYnV0ZVZh\r\nbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEt\r\naW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPmh0dHBzOi8vbGFiZGEuaWFp\r\nay50dWdyYXouYXQ6NTU1My9kZW1vbG9naW4vTG9naW5TZXJ2bGV0RXhhbXBsZS5h\r\nY3Rpb248L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPgoJCTwvc2FtbDI6QXR0cmlidXRl\r\nPgoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlk\r\nZXItRnJpZW5kbHlOYW1lIiBOYW1lPSJodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRy\r\naWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSIgTmFtZUZvcm1hdD0i\r\ndXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmki\r\nPgoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3\r\nLnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0\r\ncmluZyI+RGVtbyBBcHBsaWNhdGlvbjwvc2FtbDI6QXR0cmlidXRlVmFsdWU+CgkJ\r\nPC9zYW1sMjpBdHRyaWJ1dGU+CgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5h\r\nbWU9IlNlcnZpY2VQcm92aWRlci1Db3VudHJ5Q29kZSIgTmFtZT0iaHR0cDovL2Vp\r\nZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29k\r\nZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJu\r\nYW1lLWZvcm1hdDp1cmkiPgoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6\r\neHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIg\r\neHNpOnR5cGU9InhzOnN0cmluZyI+QVQ8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPgoJ\r\nCTwvc2FtbDI6QXR0cmlidXRlPgoJCQoJCQoJPC9zYW1sMjpBdHRyaWJ1dGVTdGF0\r\nZW1lbnQ+Cjwvc2FtbDI6QXNzZXJ0aW9uPg==", + "EID-CCS-URL": "eid-ccs-url" +}
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java index 2a2b7bf80..b9d08a20f 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java @@ -22,8 +22,8 @@ */ package at.gv.egovernment.moa.id.auth.modules.ssotransfer; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; /** * @author tlenz @@ -49,7 +49,7 @@ public class SSOTransferAuthModuleImpl implements AuthModule{ this.priority = priority; } - /* (non-Javadoc) + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) */ @Override diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index 4ce77d861..044366eb6 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -28,21 +28,21 @@ import java.util.List; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.data.AuthenticationRole; -import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; /** * @author tlenz * - */ -public class SSOTransferAuthenticationData implements IAuthData { + */ +public class SSOTransferAuthenticationData implements IMOAAuthData { private IAuthenticationSession authSession = null; boolean isIDPPrivateService = true; @@ -55,21 +55,38 @@ public class SSOTransferAuthenticationData implements IAuthData { } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#getIssueInstant() + * @see at.gv.egovernment.moa.id.data.IAuthData#isBaseIDTransferRestrication() */ @Override - public Date getIssueInstant() { + public boolean isBaseIDTransferRestrication() { + return this.isIDPPrivateService; + } + + + @Override + public Date getAuthenticationIssueInstant() { // TODO Auto-generated method stub return null; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#getIssuer() - */ + @Override - public String getIssuer() { + public String getAuthenticationIssueInstantString() { + // TODO Auto-generated method stub + return null; + } + + + @Override + public String getAuthenticationIssuer() { + // TODO Auto-generated method stub + return null; + } + + + @Override + public String getCiticenCountryCode() { // TODO Auto-generated method stub return null; } @@ -328,15 +345,6 @@ public class SSOTransferAuthenticationData implements IAuthData { } /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#getCcc() - */ - @Override - public String getCcc() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.data.IAuthData#getEIDASQAALevel() */ @Override @@ -354,13 +362,17 @@ public class SSOTransferAuthenticationData implements IAuthData { return this.authSession.getGenericDataFromSession(key, clazz); } + @Override + public String getInterfederatedIDP() { + // TODO Auto-generated method stub + return null; + } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#isBaseIDTransferRestrication() - */ @Override - public boolean isBaseIDTransferRestrication() { - return this.isIDPPrivateService; + public boolean isInterfederatedSSOSession() { + // TODO Auto-generated method stub + return false; } + } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java index c2132c1f9..c9bccb708 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java @@ -35,11 +35,16 @@ import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; /** - * @author tlenz + * @author tlenz * */ public class SSOTransferOnlineApplication implements IOAAuthParameters { + /** + * + */ + private static final long serialVersionUID = 1L; + public SSOTransferOnlineApplication() { } @@ -391,35 +396,88 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters { } /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#hasBaseIdInternalProcessingRestriction() + * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifierFriendlyName() */ @Override - public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException { + public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean containsConfigurationKey(String arg0) { + // TODO Auto-generated method stub return false; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#hasBaseIdTransferRestriction() - */ @Override - public boolean hasBaseIdTransferRestriction() throws ConfigurationException { + public List<String> getTargetsWithNoBaseIdInternalProcessingRestriction() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getTargetsWithNoBaseIdTransferRestriction() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getUniqueIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAreaSpecificTargetIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean hasBaseIdInternalProcessingRestriction() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean hasBaseIdTransferRestriction() { + // TODO Auto-generated method stub return false; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifier() - */ @Override - public String getAreaSpecificTargetIdentifier() throws ConfigurationException { + public String getConfigurationValue(String arg0, String arg1) { // TODO Auto-generated method stub return null; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifierFriendlyName() - */ @Override - public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException { + public Boolean isConfigurationValue(String arg0) { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isConfigurationValue(String arg0, boolean arg1) { + // TODO Auto-generated method stub + return false; + } + + @Override + public List<String> getRequiredLoA() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getLoAMatchingMode() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> foreignbPKSectorsRequested() { // TODO Auto-generated method stub return null; } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java index af64e745e..dc2baab7d 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java @@ -72,11 +72,18 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.gson.JsonObject; import com.google.gson.JsonParser; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; @@ -84,20 +91,16 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import net.glxn.qrgen.QRCode; import net.glxn.qrgen.image.ImageType; @@ -138,7 +141,7 @@ public class SSOTransferServlet{ * @throws IOException */ @RequestMapping(value = { "/TestTransferSSOSession" - }, + }, method = {RequestMethod.GET}) public void testTransferSSOSessionGUIWithoutAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { try { @@ -200,7 +203,7 @@ public class SSOTransferServlet{ InputStream idlstream = idlURL.openStream(); moaSession.setIdentityLink(new IdentityLinkAssertionParser(idlstream).parseIdentityLink()); internalTransferPersonalInformation(req, resp, container, moaSession, true); - + } else { Logger.info("Servlet " + getClass().getName() + " receive a token:" + token + ", which references an empty data object."); @@ -267,6 +270,14 @@ public class SSOTransferServlet{ Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + } catch (ConfigurationException e) { + Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + + } catch (EAAFException e) { + Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + } } else { @@ -367,6 +378,11 @@ public class SSOTransferServlet{ } catch (NoSuchPaddingException e) { e.printStackTrace(); resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + + } catch (EAAFException e) { + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + } @@ -405,10 +421,10 @@ public class SSOTransferServlet{ if (ssomanager.isValidSSOSession(ssoid, null)) { //create first step of SSO Transfer GUI - IAuthenticationSession authSession = authenticationSessionStorage.getInternalMOASessionWithSSOID(ssoid); - if(authSession != null) { + String ssoSessionId = authenticationSessionStorage.getInternalSSOSessionWithSSOID(ssoid); + if(ssoSessionId != null) { internalCreateQRCodeForTransfer(resp, authURL, - authSession.getSessionID(), + ssoSessionId, SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE, config); return; @@ -436,7 +452,7 @@ public class SSOTransferServlet{ } private void internalTransferPersonalInformation(HttpServletRequest req, HttpServletResponse resp, - SSOTransferContainer container, IAuthenticationSession moaSession, boolean developmentMode) throws IOException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, OperatorCreationException, CredentialsNotAvailableException, PKCSException, CertificateException, SessionDataStorageException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException { + SSOTransferContainer container, IAuthenticationSession moaSession, boolean developmentMode) throws IOException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, OperatorCreationException, CredentialsNotAvailableException, PKCSException, CertificateException, SessionDataStorageException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException, EAAFStorageException { Logger.debug(""); JsonObject receivedData = getJSONObjectFromPostMessage(req, developmentMode); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java index e92925dfb..bf215373d 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java @@ -32,9 +32,9 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; -import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; -import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java index be27de9a1..921e3844b 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java @@ -33,9 +33,12 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; @@ -43,9 +46,6 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -61,7 +61,7 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ + */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) @@ -86,13 +86,13 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { String nonce = Random.nextLongRandom(); GUIUtils.buildSSOTransferGUI(guiBuilder, response, authURL, - pendingReq.getRequestID(), nonce, dhKeyIDP.getF()); + pendingReq.getPendingRequestId(), nonce, dhKeyIDP.getF()); //store DH params and nonce to pending-request SSOTransferContainer container = new SSOTransferContainer(); container.setDhParams(dhKeyIDP); - pendingReq.setGenericDataToSession(SSOTransferConstants.PENDINGREQ_DH, container); - pendingReq.setGenericDataToSession(SSOTransferConstants.PENDINGREQ_NONCE, nonce); + pendingReq.setRawDataToTransaction(SSOTransferConstants.PENDINGREQ_DH, container); + pendingReq.setRawDataToTransaction(SSOTransferConstants.PENDINGREQ_NONCE, nonce); //store pending-request requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index 1a216f0df..90b74ebd7 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -43,20 +43,20 @@ import com.google.common.net.MediaType; import com.google.gson.JsonObject; import com.google.gson.JsonParser; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -72,7 +72,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { @Autowired SSOContainerUtils ssoTransferUtils; @Autowired IGUIFormBuilder guiBuilder; - /* (non-Javadoc) + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override @@ -99,8 +99,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } - String nonce = pendingReq.getGenericData(SSOTransferConstants.PENDINGREQ_NONCE, String.class); - SSOTransferContainer container = pendingReq.getGenericData( + String nonce = pendingReq.getRawData(SSOTransferConstants.PENDINGREQ_NONCE, String.class); + SSOTransferContainer container = pendingReq.getRawData( SSOTransferConstants.PENDINGREQ_DH, SSOTransferContainer.class); if (container == null) { throw new TaskExecutionException(pendingReq, "NO DH-Params in pending-request", @@ -186,8 +186,9 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { Logger.debug("MobileDevice is valid. --> Starting session reconstruction ..."); //transfer SSO Assertion into MOA-Session - ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, pendingReq.getMOASession(), attributeExtractor); - + AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moaSession, attributeExtractor); + // store MOASession into database requestStoreage.storePendingRequest(pendingReq); @@ -244,15 +245,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } else { //session is valid --> load MOASession object - try { - defaultTaskInitialization(request, executionContext); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); - } catch (MOAIDException | MOADatabaseException e1) { - Logger.error("Database Error! MOASession is not stored!"); - throw new TaskExecutionException(pendingReq, "Load MOASession FAILED.", e1); - - } - DateTime moaSessionCreated = new DateTime(moasession.getSessionCreated().getTime()); if (moaSessionCreated.plusMinutes(1).isBeforeNow()) { Logger.warn("No SSO session-container received. Stop authentication process after time-out."); @@ -274,7 +268,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } GUIUtils.buildSSOTransferGUI(guiBuilder, response, - authURL, pendingReq.getRequestID(), nonce, container.getDhParams().getF()); + authURL, pendingReq.getPendingRequestId(), nonce, container.getDhParams().getF()); } catch (IOException | MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java index 9cfe12791..1a4a9b80b 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java @@ -30,11 +30,11 @@ import javax.servlet.http.HttpServletResponse; import com.google.gson.JsonObject; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -71,7 +71,7 @@ public class GUIUtils { try { String containerURL = authURL + SSOTransferConstants.SERVLET_SSOTRANSFER_FROM_SMARTPHONE - + "?" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + requestID; + + "?" + EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID + "=" + requestID; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index 568ffb330..cf7723c70 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -97,6 +97,20 @@ import org.w3c.dom.NodeList; import com.google.gson.JsonObject; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.idp.exception.SAMLRequestNotSignedException; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.PVP2AssertionBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; @@ -105,28 +119,17 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferOnlineA import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -140,6 +143,9 @@ import iaik.x509.X509Certificate; @Service("SSOContainerUtils") public class SSOContainerUtils { + @Autowired(required=true) private IPVP2BasicConfiguration pvpConfiguration; + @Autowired(required=true) private PVP2AssertionBuilder assertionBuilder; + private static final String PVP_HOLDEROFKEY_NAME = PVPConstants.URN_OID_PREFIX + "1.2.40.0.10.2.1.1.261.xx.xx"; @@ -207,7 +213,7 @@ public class SSOContainerUtils { Logger.error("SignerCertificate is not parseable.", e); } - + String idlStr = attributeExtractor.getSingleAttributeValue(PVPConstants.EID_IDENTITY_LINK_NAME); try { if (MiscUtil.isNotEmpty(idlStr)) { @@ -271,7 +277,7 @@ public class SSOContainerUtils { } - public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException { + public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException, SAMLRequestNotSignedException, NoCredentialsException, CredentialsNotAvailableException, AssertionValidationExeption { final BasicParserPool ppMgr = new BasicParserPool(); final HashMap<String, Boolean> features = new HashMap<String, Boolean>(); features.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); @@ -295,7 +301,7 @@ public class SSOContainerUtils { } catch (ValidationException e) { Logger.error("Failed to validate Signature", e); throw new SAMLRequestNotSignedException(e); - } + } Credential credential = credentials.getIDPAssertionSigningCredential(); if (credential == null) { @@ -339,7 +345,7 @@ public class SSOContainerUtils { public String generateSignedAndEncryptedSSOContainer(String authURL, IAuthenticationSession authSession, Date date, byte[] hashedSecret) { try { - String entityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL); + String entityID = pvpConfiguration.getIDPEntityId(authURL); AuthnContextClassRef authnContextClassRef = SAML2Utils .createSAMLObject(AuthnContextClassRef.class); authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); @@ -366,9 +372,9 @@ public class SSOContainerUtils { String sessionIndex = SAML2Utils.getSecureIdentifier(); - IAuthData authData = new SSOTransferAuthenticationData(authConfig, authSession); + IMOAAuthData authData = new SSOTransferAuthenticationData(authConfig, authSession); - Assertion assertion = PVP2AssertionBuilder.buildGenericAssertion( + Assertion assertion = assertionBuilder.buildGenericAssertion( entityID, entityID, new DateTime(date.getTime()), @@ -404,7 +410,7 @@ public class SSOContainerUtils { return container.toString(); - } catch (ConfigurationException | EncryptionException | CredentialsNotAvailableException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | NoSuchPaddingException e) { + } catch (EncryptionException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | NoSuchPaddingException | EAAFException e) { Logger.warn("SSO container generation FAILED.", e); } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java index 8ca087e1d..a2441bc1f 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java @@ -39,7 +39,7 @@ import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; import org.bouncycastle.math.ec.ECPoint; import org.bouncycastle.util.BigIntegers; -import at.gv.egovernment.moa.id.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.util.Base64Utils; import iaik.security.random.SeedGenerator; diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java index 49275c6eb..4068d2d99 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java @@ -22,9 +22,9 @@ */ package at.gv.egovernment.moa.id.auth.modules.federatedauth; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; /** * @author tlenz @@ -39,7 +39,7 @@ public class FederatedAuthenticationModuleImpl implements AuthModule { public int getPriority() { // TODO Auto-generated method stub return 0; - } + } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java index c3d5e8032..a1b8631dc 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java @@ -22,7 +22,9 @@ */ package at.gv.egovernment.moa.id.auth.modules.federatedauth.config; +import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; import java.util.List; import org.opensaml.saml2.core.Attribute; @@ -32,12 +34,15 @@ import org.opensaml.saml2.metadata.Organization; import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.xml.security.credential.Credential; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; /** @@ -51,11 +56,14 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo private String authURL; private FederatedAuthCredentialProvider credentialProvider; + private IPVP2BasicConfiguration pvpConfiguration; - public FederatedAuthMetadataConfiguration(String authURL, FederatedAuthCredentialProvider credentialProvider) { + public FederatedAuthMetadataConfiguration(String authURL, + FederatedAuthCredentialProvider credentialProvider, + IPVP2BasicConfiguration pvpConfiguration) { this.authURL = authURL; this.credentialProvider = credentialProvider; - + this.pvpConfiguration = pvpConfiguration; } @@ -118,9 +126,9 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo @Override public List<ContactPerson> getContactPersonInformation() { try { - return PVPConfiguration.getInstance().getIDPContacts(); + return pvpConfiguration.getIDPContacts(); - } catch (ConfigurationException e) { + } catch (EAAFException e) { Logger.warn("Can not load Metadata entry: Contect Person", e); return null; @@ -134,9 +142,9 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo @Override public Organization getOrgansiationInformation() { try { - return PVPConfiguration.getInstance().getIDPOrganisation(); + return pvpConfiguration.getIDPOrganisation(); - } catch (ConfigurationException e) { + } catch (EAAFException e) { Logger.warn("Can not load Metadata entry: Organisation", e); return null; @@ -263,7 +271,39 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo */ @Override public List<RequestedAttribute> getSPRequiredAttributes() { - return null; + /*TODO: + * Work for bug in AttributeQuery Client that includes a wrong EntityID for SP + */ + final List<Trible<String, String, Boolean>> REQUIRED_PVP_ATTRIBUTES = + Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() { + private static final long serialVersionUID = 1L; + { + //add PVP Version attribute + add(Trible.newInstance(PVPConstants.PVP_VERSION_NAME, PVPConstants.PVP_VERSION_FRIENDLY_NAME, true)); + + //request entity information + add(Trible.newInstance(PVPConstants.GIVEN_NAME_NAME, PVPConstants.GIVEN_NAME_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.PRINCIPAL_NAME_NAME, PVPConstants.PRINCIPAL_NAME_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.BIRTHDATE_NAME, PVPConstants.BIRTHDATE_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.EID_CCS_URL_NAME, PVPConstants.EID_CCS_URL_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.EID_IDENTITY_LINK_NAME, PVPConstants.EID_IDENTITY_LINK_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.EID_SOURCE_PIN_NAME, PVPConstants.EID_SOURCE_PIN_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_SOURCE_PIN_TYPE_NAME, PVPConstants.EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_AUTH_BLOCK_NAME, PVPConstants.EID_AUTH_BLOCK_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_SIGNER_CERTIFICATE_NAME, PVPConstants.EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_FULL_MANDATE_NAME, PVPConstants.MANDATE_FULL_MANDATE_FRIENDLY_NAME, false)); + + + + } + }); + + List<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>(); + for (Trible<String, String, Boolean> el : REQUIRED_PVP_ATTRIBUTES) + requestedAttributes.add(PVPAttributeBuilder.buildReqAttribute(el.getFirst(), el.getSecond(), el.getThird())); + + return requestedAttributes; } /* (non-Javadoc) diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java index 000590923..50da5187b 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java @@ -22,14 +22,17 @@ */ package at.gv.egovernment.moa.id.auth.modules.federatedauth.config; +import java.util.List; + import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.xml.security.credential.Credential; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation; /** * @author tlenz @@ -207,5 +210,21 @@ public class FederatedAuthnRequestBuilderConfiguration implements IPVPAuthnReque return null; } + @Override + public List<EAAFRequestedAttribute> getRequestedAttributes() { + return null; + + } + + @Override + public String getProviderName() { + return null; + } + + @Override + public String getScopeRequesterId() { + return null; + } + } diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java index e86d31708..6a733adb8 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java @@ -34,14 +34,15 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthMetadataConfiguration; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; -import at.gv.egovernment.moa.id.auth.servlet.AbstractController; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; -import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; /** @@ -54,6 +55,7 @@ public class FederatedAuthMetadataController extends AbstractController { @Autowired PVPMetadataBuilder metadatabuilder; @Autowired AuthConfiguration authConfig; @Autowired FederatedAuthCredentialProvider credentialProvider; + @Autowired IPVP2BasicConfiguration pvpConfiguration; public FederatedAuthMetadataController() { super(); @@ -76,7 +78,7 @@ public class FederatedAuthMetadataController extends AbstractController { } else { //initialize metadata builder configuration IPVPMetadataBuilderConfiguration metadataConfig = - new FederatedAuthMetadataConfiguration(authURL, credentialProvider); + new FederatedAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration); //build metadata String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig); diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java index 431ed5ef1..5edd36248 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java @@ -32,8 +32,8 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; -import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java index f5896bc25..d0d97e9e8 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java @@ -35,21 +35,21 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthnRequestBuilderConfiguration; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -59,10 +59,11 @@ import at.gv.egovernment.moa.util.MiscUtil; */ @Component("CreateFederatedAuthnRequestTask") public class CreateAuthnRequestTask extends AbstractAuthServletTask { - + @Autowired PVPAuthnRequestBuilder authnReqBuilder; @Autowired FederatedAuthCredentialProvider credential; @Autowired(required=true) MOAMetadataProvider metadataProvider; + @Autowired(required=true) ILoALevelMapper loaMapper; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @@ -72,7 +73,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { throws TaskExecutionException { try{ // get IDP entityID - String idpEntityID = pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class); + String idpEntityID = pendingReq.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class); if (MiscUtil.isEmpty(idpEntityID)) { Logger.info("Interfederation not possible -> not inderfederation IDP EntityID found!"); @@ -81,7 +82,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { } //load IDP configuration from MOA-ID Configuration - IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(idpEntityID); + IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(idpEntityID, IOAAuthParameters.class); //validate IDP if (!idpConfig.isInderfederationIDP() || !idpConfig.isInboundSSOInterfederationAllowed()) { Logger.info("Requested interfederation IDP " + idpEntityID + " is not valid for interfederation."); @@ -117,7 +118,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { //build and transmit AuthnRequest authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response); - } catch (MOAIDException | MetadataProviderException e) { + } catch (MetadataProviderException e) { throw new TaskExecutionException(pendingReq, "Build PVP2.1 AuthnRequest for SSO inderfederation FAILED.", e); } catch (MessageEncodingException | NoSuchAlgorithmException | SecurityException e) { @@ -156,7 +157,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { } private String evaluateRequiredQAALevel() { - IOAAuthParameters sp = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters sp = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); //check if STORK protocol module is in ClassPath Object storkRequst = null; @@ -182,7 +183,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { pendingReq.getClass().isInstance(storkRequst)) { try { - secClass = PVPtoSTORKMapper.getInstance().mapToSecClass( + secClass = loaMapper.mapToSecClass( PVPConstants.STORK_QAA_PREFIX + String.valueOf(storkSecClass)); } catch (Exception e) { diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java index 8f5a231ee..6b6d1a196 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java @@ -23,7 +23,9 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.tasks; import java.io.IOException; +import java.util.Arrays; import java.util.Collection; +import java.util.Collections; import java.util.List; import java.util.Set; @@ -40,41 +42,40 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; -import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnResponseValidationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -87,7 +88,7 @@ import at.gv.egovernment.moa.util.MiscUtil; public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { @Autowired private SAMLVerificationEngineSP samlVerificationEngine; - @Autowired private FederatedAuthCredentialProvider credentialProvider; + @Autowired private FederatedAuthCredentialProvider credentialProvider; @Autowired private SSOManager ssoManager; @Autowired private AttributQueryBuilder attributQueryBuilder; @Autowired private AuthenticationDataBuilder authDataBuilder; @@ -105,17 +106,17 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { try { - IDecoder decoder = null; - MOAURICompare comperator = null; + IDecoder decoder = null; + EAAFURICompare comperator = null; //select Response Binding if (request.getMethod().equalsIgnoreCase("POST")) { decoder = new PostBinding(); - comperator = new MOAURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_POST); + comperator = new EAAFURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_POST); Logger.trace("Receive PVP Response from federated IDP, by using POST-Binding."); } else if (request.getMethod().equalsIgnoreCase("GET")) { decoder = new RedirectBinding(); - comperator = new MOAURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_REDIRECT); + comperator = new EAAFURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_REDIRECT); Logger.trace("Receive PVP Response from federated IDP, by using Redirect-Binding."); } else { @@ -131,7 +132,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { comperator); if (MiscUtil.isEmpty(msg.getEntityID())) { - throw new InvalidProtocolRequestException("sp.pvp2.04", new Object[] {FederatedAuthConstants.MODULE_NAME_FOR_LOGGING}); + throw new InvalidProtocolRequestException("sp.pvp2.04", + new Object[] {FederatedAuthConstants.MODULE_NAME_FOR_LOGGING}); } @@ -145,11 +147,11 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE); //validate assertion - MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg); + PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg); //load IDP and SP configuration - IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(msg.getEntityID()); - IOAAuthParameters spConfig = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class); + IOAAuthParameters spConfig = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); //check if response Entity is valid if (!idpConfig.isInderfederationIDP()) { @@ -159,10 +161,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { msg.getEntityID()}); } - - //load MOASession from database - defaultTaskInitialization(request, executionContext); - + //initialize Attribute extractor AssertionAttributeExtractor extractor = new AssertionAttributeExtractor((Response) processedMsg.getResponse()); @@ -170,12 +169,12 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { //check if SP is also a federated IDP if (spConfig.isInderfederationIDP()) { //SP is a federated IDP --> answer only with nameID and wait for attribute-Query - pendingReq.setGenericDataToSession( - PVPTargetConfiguration.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true); - pendingReq.setGenericDataToSession( - PVPTargetConfiguration.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID()); - pendingReq.setGenericDataToSession( - PVPTargetConfiguration.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel()); + pendingReq.setRawDataToTransaction( + MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true); + pendingReq.setRawDataToTransaction( + MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID()); + pendingReq.setRawDataToTransaction( + MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel()); authenticatedSessionStorage. addFederatedSessionInformation(pendingReq, @@ -185,7 +184,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { //SP is real Service-Provider --> check attributes in response // and start Attribute-Query if required - getAuthDataFromInterfederation(extractor, pendingReq.getOnlineApplicationConfiguration(), + getAuthDataFromInterfederation(extractor, pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class), idpConfig); //store federatedIDP to MOASession @@ -197,8 +196,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { } //store valid assertion into pending-request - pendingReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg); - pendingReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID()); + pendingReq.setRawDataToTransaction(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg); + pendingReq.setRawDataToTransaction(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID()); //store pending-request requestStoreage.storePendingRequest(pendingReq); @@ -223,13 +222,21 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { } catch (AssertionValidationExeption | AuthnResponseValidationException e) { Logger.info("PVP response validation FAILED. Msg:" + e.getMessage()); if (msg != null) { - IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(msg.getEntityID()); - - //remove federated IDP from SSO session if exists - ssoManager.removeInterfederatedSSOIDP(msg.getEntityID(), request); + IOAAuthParameters idpConfig = null; + try { + idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class); + //remove federated IDP from SSO session if exists + ssoManager.removeInterfederatedSSOIDP(msg.getEntityID(), request); + + //select next step + handleAuthnResponseValidationProblem(executionContext, idpConfig, e); + + } catch (EAAFConfigurationException e1) { + Logger.error("Can not handle error during an internal problem. ", e1); + throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e); + + } - //select next step - handleAuthnResponseValidationProblem(executionContext, idpConfig, e); } else throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e); @@ -244,29 +251,46 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { private void getAuthDataFromInterfederation(AssertionAttributeExtractor extractor, IOAAuthParameters spConfig, IOAAuthParameters idpConfig) throws BuildException, ConfigurationException{ + /*TODO: + * only workaround for oe.gv.at project + */ + final List<String> minimalIDLAttributeNamesList = Arrays.asList( + PVPConstants.EID_IDENTITY_LINK_NAME, + PVPConstants.EID_SOURCE_PIN_NAME, + PVPConstants.EID_SOURCE_PIN_TYPE_NAME); + try { Logger.debug("Service Provider is no federated IDP --> start Attribute validation or requesting ... "); - Collection<String> requestedAttr = pendingReq.getRequestedAttributes(metadataProvider); + + //TODO!!!!! + //Collection<String> requestedAttr = pendingReq.getRequestedAttributes(metadataProvider); + Collection<String> requestedAttr = Collections.emptyList(); //check if SAML2 Assertion contains a minimal set of attributes - if (!extractor.containsAllRequiredAttributes()) { + + //TODO: switch back to correct attribute query + if (!extractor.containsAllRequiredAttributes() + && !extractor.containsAllRequiredAttributes(minimalIDLAttributeNamesList) ) { Logger.info("Received assertion does no contain a minimum set of attributes. Starting AttributeQuery process ..."); //build attributQuery request List<Attribute> attributs = attributQueryBuilder.buildSAML2AttributeList(spConfig, requestedAttr.iterator()); - //request IDP to get additional attributes - extractor = authDataBuilder.getAuthDataFromAttributeQuery(attributs, extractor.getNameID(), idpConfig); +// //request IDP to get additional attributes +// extractor = authDataBuilder.getAuthDataFromAttributeQuery(attributs, extractor.getNameID(), +// idpConfig, pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_METADATA); } else { Logger.info("Interfedation response include a minimal set of attributes with are required. Skip AttributQuery request step. "); } + //TODO: switch back to correct attribute query //check if all attributes are include - if (!extractor.containsAllRequiredAttributes( - pendingReq.getRequestedAttributes(metadataProvider))) { + //if (!extractor.containsAllRequiredAttributes(requestedAttr)) { + if (!extractor.containsAllRequiredAttributes() + && !extractor.containsAllRequiredAttributes(minimalIDLAttributeNamesList)) { Logger.warn("PVP Response from federated IDP contains not all requested attributes."); throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{FederatedAuthConstants.MODULE_NAME_FOR_LOGGING}); @@ -274,30 +298,37 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { //copy attributes into MOASession Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames(); + AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); for (String el : includedAttrNames) { - moasession.setGenericDataToSession(el, extractor.getSingleAttributeValue(el)); + String value = extractor.getSingleAttributeValue(el); + + //TODO: check in future version + //update PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME to prefixed version + if (el.equals(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)) { + Logger.trace("Find PVP-attribute " + el + ". Start mapping if neccessary ... "); + if (!value.startsWith(PVPConstants.STORK_QAA_PREFIX)) { + value = PVPConstants.STORK_QAA_PREFIX + value; + Logger.debug("Prefix '" + el + "' with: "+ PVPConstants.STORK_QAA_PREFIX); + } + } + + session.setGenericDataToSession(el, value); Logger.debug("Add PVP-attribute " + el + " into MOASession"); } //set validTo from this federated IDP response - moasession.setGenericDataToSession( + session.setGenericDataToSession( AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO, extractor.getAssertionNotOnOrAfter()); - } catch (AttributQueryException e) { - throw new BuildException("builder.06", null, e); - - } catch (SessionDataStorageException e) { - throw new BuildException("builder.06", null, e); - } catch (AssertionValidationExeption e) { throw new BuildException("builder.06", null, e); - } catch (AssertionAttributeExtractorExeption e) { + } catch (MOAIDException e) { throw new BuildException("builder.06", null, e); - } catch (MOAIDException e) { + } catch (EAAFStorageException e) { throw new BuildException("builder.06", null, e); } @@ -338,7 +369,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { * @throws AssertionValidationExeption * @throws AuthnResponseValidationException */ - private MOAResponse preProcessAuthResponse(MOAResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException { + private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException { Logger.debug("Start PVP21 assertion processing... "); Response samlResp = (Response) msg.getResponse(); diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java index aac253083..38568cdd8 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java @@ -25,10 +25,11 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.utils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider; -import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; /** * @author tlenz @@ -43,9 +44,9 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath() */ @Override - public String getKeyStoreFilePath() { + public String getKeyStoreFilePath() throws ConfigurationException { return FileUtils.makeAbsoluteURL( - authConfig.getBasicMOAIDConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTORE), + authConfig.getBasicConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTORE), authConfig.getRootConfigFileDir()); } @@ -54,7 +55,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getKeyStorePassword() { - return authConfig.getBasicMOAIDConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim(); + return authConfig.getBasicConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim(); } @@ -63,7 +64,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getMetadataKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD).trim(); } @@ -72,7 +73,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getMetadataKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD).trim(); } @@ -81,7 +82,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getSignatureKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD).trim(); } @@ -90,7 +91,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getSignatureKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD).trim(); } @@ -99,7 +100,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getEncryptionKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD).trim(); } @@ -108,7 +109,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getEncryptionKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD).trim(); } diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml index 0463bf8d9..8b232cf29 100644 --- a/id/server/modules/moa-id-modules-saml1/pom.xml +++ b/id/server/modules/moa-id-modules-saml1/pom.xml @@ -6,7 +6,6 @@ <version>${moa-id-version}</version> </parent> - <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-module-saml1</artifactId> <packaging>jar</packaging> diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index f6c8cb6e3..7ab222fa0 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -32,7 +32,6 @@ import java.util.List; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; -import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -41,7 +40,7 @@ import at.gv.egovernment.moa.util.StringUtils; /** * Builder for the authentication data <code><saml:Assertion></code> - * to be provided by the MOA ID Auth component. + * to be provided by the MOA ID Auth component. * * @author Paul Ivancsics * @version $Id$ @@ -277,8 +276,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB if (!useCondition) { assertion = MessageFormat.format(AUTH_DATA, new Object[] { authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), + authData.getAuthenticationIssuer(), + authData.getAuthenticationIssueInstantString(), pkType, pkValue, StringUtils.removeXMLDeclaration(xmlAuthBlock), @@ -302,8 +301,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB assertion = MessageFormat.format(AUTH_DATA_WITH_CONDITIONS, new Object[] { authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), + authData.getAuthenticationIssuer(), + authData.getAuthenticationIssueInstantString(), notBefore, notOnOrAfter, pkType, @@ -400,8 +399,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB if (!useCondition) { assertion = MessageFormat.format(AUTH_DATA_MANDATE, new Object[] { authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), + authData.getAuthenticationIssuer(), + authData.getAuthenticationIssueInstantString(), pkType, pkValue, StringUtils.removeXMLDeclaration(xmlAuthBlock), @@ -426,8 +425,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB assertion = MessageFormat.format(AUTH_DATA_MANDATE_WITH_CONDITIONS, new Object[] { authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), + authData.getAuthenticationIssuer(), + authData.getAuthenticationIssueInstantString(), notBefore, notOnOrAfter, pkType, diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 99d5d9063..21dbb573a 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -28,15 +28,15 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; @@ -49,9 +49,9 @@ public class GetArtifactAction implements IAction { public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData obj) throws AuthenticationException { - String oaURL = (String) req.getOAURL(); + String oaURL = (String) req.getSPEntityId(); - String sourceID = null; + String sourceID = null; if (req instanceof SAML1RequestImpl) { SAML1RequestImpl saml1req = (SAML1RequestImpl) req; sourceID = saml1req.getSourceID(); @@ -68,7 +68,7 @@ public class GetArtifactAction implements IAction { } try { - IOAAuthParameters oaParam = req.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = req.getServiceProviderConfiguration(IOAAuthParameters.class); //TODO: add eIDAS to SAML1 protocol if it is really necessary @@ -85,14 +85,14 @@ public class GetArtifactAction implements IAction { String samlArtifactBase64 = saml1server.BuildSAMLArtifact(oaParam, authData, sourceID); - String oaTargetArea = req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class); + String oaTargetArea = req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class); if (authData.isSsoSession()) { String url = req.getAuthURL() + RedirectServlet.SERVICE_ENDPOINT; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8")); if (MiscUtil.isNotEmpty(oaTargetArea)) url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, - URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8")); + URLEncoder.encode(req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8")); url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); url = httpResp.encodeRedirectURL(url); @@ -104,7 +104,7 @@ public class GetArtifactAction implements IAction { String redirectURL = oaURL; if (MiscUtil.isNotEmpty(oaTargetArea)) { redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_TARGET, - URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8")); + URLEncoder.encode(req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8")); } @@ -121,7 +121,7 @@ public class GetArtifactAction implements IAction { new SLOInformationImpl(req.getAuthURL(), oaParam.getPublicURLPrefix(), authData.getAssertionID(), null, null, req.requestedModule()); return sloInformation; - + } catch (Exception ex) { Logger.error("SAML1 Assertion build error", ex); throw new AuthenticationException("SAML1 Assertion build error.", new Object[]{}, ex); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index 13df30862..dcb7cb7ee 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -72,20 +72,19 @@ import org.xml.sax.SAXException; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; -import at.gv.egovernment.moa.id.auth.servlet.AbstractController; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.ErrorResponseUtils; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.XPathUtils; /** * Web service for picking up authentication data created in the MOA-ID Auth component. @@ -98,7 +97,7 @@ import at.gv.egovernment.moa.util.XPathUtils; * since SAML1 is deprecated MOA-ID >= 2.0.0 * * @author tlenz - */ + */ @Controller public class GetAuthenticationDataService extends AbstractController implements Constants { @@ -257,7 +256,7 @@ public class GetAuthenticationDataService extends AbstractController implements // no SAML artifact given in request statusCode = "samlp:Requester"; statusMessageCode = "1202"; - + } else if (samlArtifactList.getLength() > 1) { // too many SAML artifacts given in request statusCode = "samlp:Requester"; @@ -280,9 +279,7 @@ public class GetAuthenticationDataService extends AbstractController implements try { Throwable error = saml1AuthServer.getErrorResponse(samlArtifact); statusCode = "samlp:Responder"; - - ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); - + if (error instanceof MOAIDException) { statusMessageCode = ((MOAIDException)error).getMessageId(); statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage()); @@ -291,8 +288,9 @@ public class GetAuthenticationDataService extends AbstractController implements statusMessage = StringEscapeUtils.escapeXml(error.getMessage()); } - subStatusCode = errorUtils.getResponseErrorCode(error); - + subStatusCode = statusMessager.getResponseErrorCode(error); + + } catch (Exception e) { //no authentication data for given SAML artifact statusCode = "samlp:Requester"; @@ -340,7 +338,7 @@ public class GetAuthenticationDataService extends AbstractController implements is = Thread.currentThread() .getContextClassLoader() .getResourceAsStream(templateURL); - + VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); BufferedReader reader = new BufferedReader(new InputStreamReader(is )); StringWriter writer = new StringWriter(); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java index 2a7cce89e..51d722dc4 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java @@ -49,9 +49,10 @@ package at.gv.egovernment.moa.id.protocols.saml1; import java.text.ParseException; import java.util.List; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.data.MOAAuthenticationData; +import at.gv.egovernment.moa.id.util.LoALevelMapper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DateTimeUtils; @@ -62,7 +63,7 @@ import at.gv.egovernment.moa.util.DateTimeUtils; * @version $Id$ */ -public class SAML1AuthenticationData extends AuthenticationData { +public class SAML1AuthenticationData extends MOAAuthenticationData { /** * */ @@ -88,7 +89,8 @@ public class SAML1AuthenticationData extends AuthenticationData { private List<ExtendedSAMLAttribute> extendedSAMLAttributesOA; - public SAML1AuthenticationData() { + public SAML1AuthenticationData(LoALevelMapper loaMapper) { + super(loaMapper); this.setMajorVersion(1); this.setMinorVersion(0); this.setAssertionID(Random.nextRandom()); @@ -137,7 +139,7 @@ public void setAssertionID(String assertionID) { public void setIssueInstant(String date) { try { - setIssueInstant(DateTimeUtils.parseDateTime(date)); + setAuthenticationIssueInstant(DateTimeUtils.parseDateTime(date)); } catch (ParseException e) { Logger.error("Parse IssueInstant element FAILED.", e); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index bf4a55e46..c8f01f67d 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.saml1; import java.io.ByteArrayOutputStream; import java.io.IOException; +import java.util.ArrayList; import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -43,11 +44,21 @@ import org.xml.sax.SAXException; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; @@ -57,21 +68,14 @@ import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Pair; +import at.gv.egovernment.moa.id.data.MOAAuthenticationData; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.util.xsd.persondata.IdentificationType; @@ -86,7 +90,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { @Autowired private ITransactionStorage authenticationDataStore; - /** + /** * time out in milliseconds used by {@link cleanup} for authentication data * store */ @@ -103,8 +107,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } Throwable error = null; try { - error = authenticationDataStore - .get(samlArtifact, Throwable.class); + error = authenticationDataStore.get(samlArtifact, Throwable.class); if (error == null) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); @@ -114,7 +117,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { authenticationDataStore.remove(samlArtifact); - } catch (MOADatabaseException e) { + } catch (EAAFException e) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); throw new AuthenticationException("1206", new Object[] { samlArtifact }); } @@ -189,7 +192,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } - } catch (MOADatabaseException e) { + } catch (EAAFException e) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); throw new AuthenticationException("1206", new Object[] { samlArtifact }); } @@ -201,10 +204,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } public String BuildErrorAssertion(Throwable error, IRequest protocolRequest) - throws BuildException, MOADatabaseException { + throws EAAFException { String samlArtifact = new SAMLArtifactBuilder().build( - protocolRequest.getOAURL(), protocolRequest.getRequestID(), + protocolRequest.getSPEntityId(), protocolRequest.getPendingRequestId(), null); authenticationDataStore.put(samlArtifact, error, authDataTimeOut); @@ -319,12 +322,26 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } - String samlAssertion; - //add mandate info's - if (authData.isUseMandate()) { - List<ExtendedSAMLAttribute> oaAttributes = authData.getExtendedSAMLAttributesOA(); + List<ExtendedSAMLAttribute> oaAttributes = authData.getExtendedSAMLAttributesOA(); + + //add additional SAML1 attribute that containts the CountryCode in case of foreigners + if (authData.isForeigner()) { + if (oaAttributes == null) + oaAttributes = new ArrayList<ExtendedSAMLAttribute>(); + + Logger.trace("Entity is marked as foreigner. Adding CountryCode: " + + authData.getCiticenCountryCode() + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, authData.getCiticenCountryCode(), + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + } + + String samlAssertion = null; + //add mandate info's + if (authData.isUseMandate()) { //only provide full mandate if it is included. if (saml1parameter.isProvideFullMandatorData() && authData.getMISMandate() != null) { @@ -420,7 +437,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { authData.getBkuURL(), signerCertificateBase64, oaParam.hasBaseIdTransferRestriction(), - authData.getExtendedSAMLAttributesOA(), + oaAttributes, useCondition, conditionLength); } @@ -428,7 +445,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { //authData.setSamlAssertion(samlAssertion); String samlArtifact = new SAMLArtifactBuilder().build( - authData.getIssuer(), Random.nextRandom(), + authData.getAuthenticationIssuer(), Random.nextRandom(), sourceID); storeAuthenticationData(samlArtifact, samlAssertion); @@ -443,10 +460,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } - private String generateMandateDate(IOAAuthParameters oaParam, AuthenticationData authData + private String generateMandateDate(IOAAuthParameters oaParam, MOAAuthenticationData authData ) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, - ValidateException { + ValidateException, EAAFBuilderException { if (authData == null) throw new AuthenticationException("auth.10", new Object[] { @@ -491,7 +508,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { && Constants.URN_PREFIX_BASEID .equals(identificationType)) { // now we calculate the wbPK and do so if we got it from the - // BKU + // BKU //load IdentityLinkDomainType from OAParam Pair<String, String> targedId = new BPKBuilder().generateAreaSpecificPersonIdentifier( @@ -548,7 +565,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } else { ; - } + } return DOMUtils.serializeNode(prPerson); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 19fadb318..30d740a2a 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -35,18 +35,20 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IModulInfo; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -59,10 +61,10 @@ import at.gv.egovernment.moa.util.URLEncoder; * @deprecated * @author tlenz * - */ + */ @Controller -public class SAML1Protocol extends AbstractAuthProtocolModulController { +public class SAML1Protocol extends AbstractAuthProtocolModulController implements IModulInfo { @Autowired private SAML1AuthenticationServer saml1AuthServer; @@ -92,21 +94,22 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { return NAME; } - public String getPath() { + @Override + public String getAuthProtocolIdentifier() { return PATH; + } - @RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET}) - public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { - if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) { - Logger.info("SAML1 is deaktivated!"); - throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" }); - - } + public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { +// if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) { +// Logger.info("SAML1 is deaktivated!"); +// throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" }); +// +// } SAML1RequestImpl pendingReq = applicationContext.getBean(SAML1RequestImpl.class); - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(NAME); revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); @@ -127,15 +130,15 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { public void preProcess(HttpServletRequest request, - HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException { + HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException, InvalidProtocolRequestException, EAAFConfigurationException, EAAFStorageException { try { - String oaURL = (String) request.getParameter(PARAM_OA); + String oaURL = (String) request.getParameter(MOAIDAuthConstants.PARAM_OA); //oaURL = StringEscapeUtils.escapeHtml(oaURL); - String target = (String) request.getParameter(PARAM_TARGET); + String target = (String) request.getParameter(MOAIDAuthConstants.PARAM_TARGET); target = StringEscapeUtils.escapeHtml(target); - String sourceID = request.getParameter(PARAM_SOURCEID); + String sourceID = request.getParameter(MOAIDAuthConstants.PARAM_SOURCEID); sourceID = StringEscapeUtils.escapeHtml(sourceID); //the target parameter is used to define the OA in SAML1 standard @@ -146,25 +149,25 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { if (MiscUtil.isEmpty(oaURL)) { Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!"); - throw new WrongParametersException("StartAuthentication", PARAM_OA, + throw new WrongParametersException("StartAuthentication", MOAIDAuthConstants.PARAM_OA, "auth.12"); } if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, + throw new WrongParametersException("StartAuthentication", MOAIDAuthConstants.PARAM_OA, "auth.12"); - pendingRequest.setOAURL(oaURL); + pendingRequest.setSPEntityId(oaURL); Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL); if (!ParamValidatorUtils.isValidSourceID(sourceID)) - throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); + throw new WrongParametersException("StartAuthentication", MOAIDAuthConstants.PARAM_SOURCEID, "auth.12"); //load Target only from OA config - IOAAuthParameters oaParam = authConfig.getOnlineApplicationParameter(oaURL); + IOAAuthParameters oaParam = authConfig.getServiceProviderConfiguration(oaURL, IOAAuthParameters.class); if (oaParam == null) throw new InvalidProtocolRequestException("auth.00", @@ -190,7 +193,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST); if (MiscUtil.isNotEmpty(target)) { - pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target); + pendingRequest.setRawDataToTransaction(REQ_DATA_TARGET, target); pendingRequest.setTarget(MOAIDAuthConstants.PREFIX_CDID + target); } else { @@ -198,7 +201,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { pendingRequest.setTarget(targetArea); if (targetArea.startsWith(MOAIDAuthConstants.PREFIX_CDID)) - pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, + pendingRequest.setRawDataToTransaction(REQ_DATA_TARGET, targetArea.substring(MOAIDAuthConstants.PREFIX_CDID.length())); @@ -225,15 +228,15 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable{ - if (!protocolRequest.getOnlineApplicationConfiguration().getSAML1Parameter().isProvideAllErrors()) + if (!protocolRequest.getServiceProviderConfiguration(IOAAuthParameters.class).getSAML1Parameter().isProvideAllErrors()) return false; else { String samlArtifactBase64 = saml1AuthServer.BuildErrorAssertion(e, protocolRequest); String url = protocolRequest.getAuthURL() + "/RedirectServlet"; - url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8")); - url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getSPEntityId(), "UTF-8")); + url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); url = response.encodeRedirectURL(url); response.setContentType("text/html"); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java index 1d3525626..4d3e60dd7 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java @@ -22,18 +22,11 @@ */ package at.gv.egovernment.moa.id.protocols.saml1; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; - -import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; /** * @author tlenz @@ -45,7 +38,7 @@ public class SAML1RequestImpl extends RequestImpl { private static final long serialVersionUID = -4961979968425683115L; - private String sourceID = null; + private String sourceID = null; private String target = null; /** @@ -78,29 +71,29 @@ public class SAML1RequestImpl extends RequestImpl { this.target = target; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() - */ - @Override - public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { - - List<String> reqAttr = new ArrayList<String>(); - reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION); - - SAML1ConfigurationParameters saml1 = this.getOnlineApplicationConfiguration().getSAML1Parameter(); - if (saml1 != null) { - if (saml1.isProvideAUTHBlock()) - reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME); - - if (saml1.isProvideCertificate()) - reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME); - - if (saml1.isProvideFullMandatorData()) - reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME); - } - - return reqAttr; - - } +// /* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() +// */ +// @Override +// public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { +// +// List<String> reqAttr = new ArrayList<String>(); +// reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION); +// +// SAML1ConfigurationParameters saml1 = this.getOnlineApplicationConfiguration().getSAML1Parameter(); +// if (saml1 != null) { +// if (saml1.isProvideAUTHBlock()) +// reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME); +// +// if (saml1.isProvideCertificate()) +// reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME); +// +// if (saml1.isProvideFullMandatorData()) +// reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME); +// } +// +// return reqAttr; +// +// } } diff --git a/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java b/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java index 961c8d0b5..4591e456f 100644 --- a/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java +++ b/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java @@ -46,9 +46,9 @@ package test.at.gv.egovernment.moa.id.auth.parser; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; -import at.gv.egovernment.moa.id.util.Random; import test.at.gv.egovernment.moa.id.UnitTestCase; /* @@ -63,7 +63,7 @@ public class SAMLArtifactParserTest extends UnitTestCase { public SAMLArtifactParserTest(String name) { super(name); } - + public void testParseTypeCode() throws Exception { String sessionID = Random.nextRandom(); String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID, null); diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java index b21c5e93f..3676ca7d7 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java @@ -25,10 +25,10 @@ package at.gv.egovernment.moa.id.monitoring; import java.util.ArrayList; import java.util.List; -import at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger; +import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -94,8 +94,8 @@ public class DatabaseTestModule implements TestModuleInterface{ private String testMOAAdvancedLoggingDatabase() { try { - statLogUtils.testConnection(); - + statLogUtils.internalTesting(); + Logger.trace("Finish Test: AdvancedLoggingDataBase"); return null; diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java index a56be1f46..1aae0f8d0 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java @@ -28,15 +28,15 @@ import java.util.List; import org.w3c.dom.Element; -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; +import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; @@ -46,17 +46,25 @@ import at.gv.egovernment.moa.util.MiscUtil; public class IdentityLinkTestModule implements TestModuleInterface { private static IIdentityLink identityLink = null; + private AuthConfiguration authConfig; - public void initializeTest(long delayParam, String url) throws Exception{ + @Override + public void initializeTest(long delayParam, String url) throws Exception { + Logger.error("NOT implemented yet!!!"); - if (MiscUtil.isNotEmpty(url)) { + } + + public void initializeTest(long delayParam, String url, AuthConfiguration authConfig) throws Exception{ + + if (MiscUtil.isNotEmpty(url)) { URL keystoreURL = new URL(url); InputStream idlstream = keystoreURL.openStream(); identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink(); + this.authConfig = authConfig; } - } + } public List<String> performTests() throws Exception{ Logger.trace("Start MOA-ID IdentityLink Test"); @@ -68,7 +76,7 @@ public class IdentityLinkTestModule implements TestModuleInterface { Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() .build(identityLink, config .getMoaSpIdentityLinkTrustProfileID(false)); - + // invokes the call Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance() .verifyXMLSignature(domVerifyXMLSignatureRequest); @@ -85,7 +93,8 @@ public class IdentityLinkTestModule implements TestModuleInterface { verifyXMLSignatureResponse, config.getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, - oaParam); + oaParam, + authConfig); } catch (ValidateException e) { //check if default Monitoring IDL is used then error is ignored diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java index 9f0083fb8..55b360ce2 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java @@ -29,12 +29,12 @@ import java.util.Map; import org.springframework.beans.factory.annotation.Autowired; -import at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger; +import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; public class TestManager{ @@ -101,7 +101,7 @@ public class TestManager{ IdentityLinkTestModule test2 = new IdentityLinkTestModule(); String idlurl = FileUtils.makeAbsoluteURL(authConfig.getMonitoringTestIdentityLinkURL(), authConfig.getRootConfigFileDir()); try { - test2.initializeTest(0, idlurl); + test2.initializeTest(0, idlurl, authConfig); tests.put(test2.getName(), test2);; } catch (Exception e) { diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index 000851a5f..06c9a341a 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -1,5 +1,5 @@ -<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> +<?xml version="1.0" encoding="UTF-8"?> +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> @@ -27,13 +27,17 @@ <module>moa-id-modules-saml1</module> <module>moa-id-module-openID</module> - <module>moa-id-module-eIDAS</module> + <module>moa-id-module-eIDAS</module> + <!-- <module>moa-id-module-eIDAS-v2</module> --> <module>moa-id-modules-federated_authentication</module> <module>moa-id-module-elga_mandate_service</module> <module>moa-id-module-ssoTransfer</module> <module>moa-id-module-bkaMobilaAuthSAML2Test</module> - </modules> + + <module>moa-id-module-sl20_authentication</module> + <module>moa-id-module-AT_eIDAS_connector</module> + </modules> <dependencies> <dependency> @@ -61,4 +65,4 @@ </dependency> </dependencies> -</project> +</project>
\ No newline at end of file @@ -10,33 +10,25 @@ <properties> <repositoryPath>${basedir}/repository</repositoryPath> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> - - <!-- - <moa-commons-version>2.0.1</moa-commons-version> - <moa-id-version>2.1.2</moa-id-version> - <moa-id-proxy-version>2.0.0</moa-id-proxy-version> - <moa-spss-version>2.0.3</moa-spss-version> - <configtool-version>1.1.4</configtool-version> - <demo-oa-version>2.0.2</demo-oa-version> - <moa-commons-version>2.0.1</moa-commons-version> - --> <!-- Project Version --> - <moa-id-version>3.3.3-snapshot</moa-id-version> + <moa-id-version>3.4.0</moa-id-version> - <moa-id-version-final>3.3.3-snapshot</moa-id-version-final> - <moa-id-version-edu>3.3.3-snapshot</moa-id-version-edu> + <moa-id-version-final>3.4.0</moa-id-version-final> + <moa-id-version-edu>3.4.0</moa-id-version-edu> <moa-id-proxy-version>2.0.1</moa-id-proxy-version> - <configtool-version>2.4.2-snapshot</configtool-version> + <configtool-version>2.5.0</configtool-version> <demo-oa-version>2.0.6</demo-oa-version> - <moa-id-module-elga_mandate_client>1.3</moa-id-module-elga_mandate_client> - - <org.springframework.version>4.3.13.RELEASE</org.springframework.version> - <org.springframework.data.spring-data-jpa>1.11.9.RELEASE</org.springframework.data.spring-data-jpa> - <surefire.version>2.20.1</surefire.version> + <moa-id-module-elga_mandate_client>1.3.2</moa-id-module-elga_mandate_client> + + <!-- =================================================================================== --> + <egiz.eaaf.version>1.0.0</egiz.eaaf.version> + <org.springframework.version>4.3.18.RELEASE</org.springframework.version> + <org.springframework.data.spring-data-jpa>1.11.13.RELEASE</org.springframework.data.spring-data-jpa> + <surefire.version>2.22.0</surefire.version> <jaxb.version>2.3.0</jaxb.version> @@ -44,29 +36,29 @@ <xmltooling.version>1.4.6</xmltooling.version> <xmlsec.version>2.1.0</xmlsec.version> - <hibernate.version>5.2.12.Final</hibernate.version> - <org.apache.commons.commons.dbcp2>2.2.0</org.apache.commons.commons.dbcp2> + <hibernate.version>5.2.17.Final</hibernate.version> + <org.apache.commons.commons.dbcp2>2.4.0</org.apache.commons.commons.dbcp2> - <cxf.version>3.2.0</cxf.version> - <struts.version>2.5.14.1</struts.version> <!-- 2.5.10.1 --> + <cxf.version>3.2.5</cxf.version> + <struts.version>2.5.16</struts.version> <!-- 2.5.10.1 --> <egovutils.version>2.0.0</egovutils.version> <slf4j.version>1.7.25</slf4j.version> - <httpclient.version>4.5.3</httpclient.version> - <httpcore.version>4.4.8</httpcore.version> + <httpclient.version>4.5.6</httpclient.version> + <httpcore.version>4.4.10</httpcore.version> <!-- Maybe problems with Hibernate 5.0.10 --> <mysql-connector.java>6.0.6</mysql-connector.java> <!-- <mysql-connector.java>5.1.40</mysql-connector.java> --> <junit.version>4.12</junit.version> - <org.apache.commons.io.version>2.5</org.apache.commons.io.version> - <org.apache.commons.lang3.version>3.6</org.apache.commons.lang3.version> + <org.apache.commons.io.version>2.6</org.apache.commons.io.version> + <org.apache.commons.lang3.version>3.7</org.apache.commons.lang3.version> <org.apache.commons.collections4.version>4.1</org.apache.commons.collections4.version> <org.apache.commons.collections3.version>3.2.2</org.apache.commons.collections3.version> - <jodatime.version>2.9.9</jodatime.version> + <jodatime.version>2.10</jodatime.version> <jackson-version>2.9.1</jackson-version> <apache-cli-version>1.4</apache-cli-version> @@ -436,7 +428,37 @@ <version>1.46</version> </dependency> --> - <dependency> + + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf-core</artifactId> + <version>${egiz.eaaf.version}</version> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf-core</artifactId> + <type>test-jar</type> + <version>${egiz.eaaf.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_pvp2_idp</artifactId> + <version>${egiz.eaaf.version}</version> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_pvp2_sp</artifactId> + <version>${egiz.eaaf.version}</version> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_pvp2_core</artifactId> + <version>${egiz.eaaf.version}</version> + </dependency> + + + <dependency> <groupId>MOA.id.server</groupId> <artifactId>moa-id-spring-initializer</artifactId> <version>${moa-id-version}</version> @@ -538,6 +560,18 @@ </dependency> <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-sl20_authentication</artifactId> + <version>${moa-id-version}</version> + </dependency> + + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-AT_eIDAS_connector</artifactId> + <version>${moa-id-version}</version> + </dependency> + + <dependency> <groupId>MOA.id.server</groupId> <artifactId>moa-id-commons</artifactId> <version>${moa-id-version}</version> @@ -699,6 +733,8 @@ <version>${org.springframework.version}</version> </dependency> + + <!-- the core, which includes Streaming API, shared low-level abstractions (but NOT data-binding) --> <dependency> <groupId>com.fasterxml.jackson.core</groupId> diff --git a/repository/MOA/spss/common/3.1.2/common-3.1.2.jar b/repository/MOA/spss/common/3.1.2/common-3.1.2.jar Binary files differnew file mode 100644 index 000000000..2f550bd02 --- /dev/null +++ b/repository/MOA/spss/common/3.1.2/common-3.1.2.jar diff --git a/repository/MOA/spss/server/moa-sig-lib/3.1.2/moa-sig-lib-3.1.2.jar b/repository/MOA/spss/server/moa-sig-lib/3.1.2/moa-sig-lib-3.1.2.jar Binary files differnew file mode 100644 index 000000000..04a33c2c4 --- /dev/null +++ b/repository/MOA/spss/server/moa-sig-lib/3.1.2/moa-sig-lib-3.1.2.jar diff --git a/repository/MOA/spss/tsl_lib/2.0.1/tsl_lib-2.0.1.jar b/repository/MOA/spss/tsl_lib/2.0.1/tsl_lib-2.0.1.jar Binary files differnew file mode 100644 index 000000000..39e52dfee --- /dev/null +++ b/repository/MOA/spss/tsl_lib/2.0.1/tsl_lib-2.0.1.jar diff --git a/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0-tests.jar b/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0-tests.jar Binary files differnew file mode 100644 index 000000000..74296aaaa --- /dev/null +++ b/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0-tests.jar diff --git a/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0.jar b/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0.jar Binary files differnew file mode 100644 index 000000000..65793a44f --- /dev/null +++ b/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0.jar diff --git a/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0.pom b/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0.pom new file mode 100644 index 000000000..eedd2b71f --- /dev/null +++ b/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0.pom @@ -0,0 +1,155 @@ +<!-- + --> +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>at.gv.egiz</groupId> + <artifactId>eaaf</artifactId> + <version>1.x</version> + </parent> + + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf-core</artifactId> + <version>${egiz.eaaf.version}</version> + <name>EAAF core components</name> + <description>Core components for identity managment implementations</description> + + <properties> + <surefire.version>2.20.1</surefire.version> + <org.slf4j.version>1.7.25</org.slf4j.version> + + </properties> + + <dependencies> + <dependency> + <groupId>at.gv.egiz.components</groupId> + <artifactId>eventlog-api</artifactId> + </dependency> + <dependency> + <groupId>at.gv.egiz.components</groupId> + <artifactId>egiz-spring-api</artifactId> + </dependency> + <dependency> + <groupId>javax.annotation</groupId> + <artifactId>javax.annotation-api</artifactId> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-webmvc</artifactId> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-log4j12</artifactId> + </dependency> + <dependency> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + </dependency> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-lang3</artifactId> + </dependency> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-collections4</artifactId> + </dependency> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-text</artifactId> + </dependency> + <dependency> + <groupId>commons-fileupload</groupId> + <artifactId>commons-fileupload</artifactId> + </dependency> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>javax.servlet-api</artifactId> + </dependency> + <dependency> + <groupId>org.apache.velocity</groupId> + <artifactId>velocity</artifactId> + </dependency> + <dependency> + <groupId>jaxen</groupId> + <artifactId>jaxen</artifactId> + </dependency> + <dependency> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + </dependency> + <dependency> + <groupId>xalan</groupId> + <artifactId>xalan</artifactId> + </dependency> + + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + <scope>test</scope> + </dependency> + </dependencies> + + <build> + <finalName>eaaf_core</finalName> + + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-compiler-plugin</artifactId> + <version>3.7.0</version> + <configuration> + <source>1.8</source> + <target>1.8</target> + </configuration> + <executions> + <execution> + <goals> + <goal>compile</goal> + <goal>testCompile</goal> + </goals> + </execution> + </executions> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-jar-plugin</artifactId> + <version>3.1.0</version> + <executions> + <execution> + <goals> + <goal>test-jar</goal> + </goals> + </execution> + </executions> + </plugin> + + <!-- enable co-existence of testng and junit --> + <plugin> + <artifactId>maven-surefire-plugin</artifactId> + <version>${surefire.version}</version> + <configuration> + <threadCount>1</threadCount> + <argLine>--add-modules java.xml.bind</argLine> + </configuration> + <dependencies> + <dependency> + <groupId>org.apache.maven.surefire</groupId> + <artifactId>surefire-junit47</artifactId> + <version>${surefire.version}</version> + </dependency> + </dependencies> + </plugin> + + </plugins> + </build> + +</project>
\ No newline at end of file diff --git a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_core/1.0.0/eaaf_module_pvp2_core-1.0.0.jar b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_core/1.0.0/eaaf_module_pvp2_core-1.0.0.jar Binary files differnew file mode 100644 index 000000000..0068fed17 --- /dev/null +++ b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_core/1.0.0/eaaf_module_pvp2_core-1.0.0.jar diff --git a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_core/1.0.0/eaaf_module_pvp2_core-1.0.0.pom b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_core/1.0.0/eaaf_module_pvp2_core-1.0.0.pom new file mode 100644 index 000000000..8b886df63 --- /dev/null +++ b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_core/1.0.0/eaaf_module_pvp2_core-1.0.0.pom @@ -0,0 +1,97 @@ +<?xml version="1.0"?> +<!-- + --> + +<!-- + --> + +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_modules</artifactId> + <version>1.x</version> + </parent> + <artifactId>eaaf_module_pvp2_core</artifactId> + <version>${egiz.eaaf.version}</version> + <name>eaaf_module_pvp2_core</name> + <url>http://maven.apache.org</url> + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + </properties> + <dependencies> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf-core</artifactId> + <version>${egiz.eaaf.version}</version> + </dependency> + + <dependency> + <groupId>org.opensaml</groupId> + <artifactId>opensaml</artifactId> + </dependency> + <dependency> + <groupId>org.opensaml</groupId> + <artifactId>xmltooling</artifactId> + </dependency> + <dependency> + <groupId>org.opensaml</groupId> + <artifactId>openws</artifactId> + </dependency> + <dependency> + <groupId>org.apache.santuario</groupId> + <artifactId>xmlsec</artifactId> + </dependency> + <dependency> + <groupId>org.owasp.esapi</groupId> + <artifactId>esapi</artifactId> + </dependency> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>javax.servlet-api</artifactId> + <scope>provided</scope> + </dependency> + + <!-- Testing --> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> + </dependencies> + + <build> + <finalName>eaaf_module_pvp2_core</finalName> + + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-compiler-plugin</artifactId> + <version>3.7.0</version> + <configuration> + <source>1.8</source> + <target>1.8</target> + </configuration> + </plugin> + + <!-- enable co-existence of testng and junit --> + <plugin> + <artifactId>maven-surefire-plugin</artifactId> + <version>${surefire.version}</version> + <configuration> + <threadCount>1</threadCount> + <argLine>--add-modules java.xml.bind</argLine> + </configuration> + <dependencies> + <dependency> + <groupId>org.apache.maven.surefire</groupId> + <artifactId>surefire-junit47</artifactId> + <version>${surefire.version}</version> + </dependency> + </dependencies> + </plugin> + + </plugins> + </build> +</project> diff --git a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_idp/1.0.0/eaaf_module_pvp2_idp-1.0.0.jar b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_idp/1.0.0/eaaf_module_pvp2_idp-1.0.0.jar Binary files differnew file mode 100644 index 000000000..831a61344 --- /dev/null +++ b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_idp/1.0.0/eaaf_module_pvp2_idp-1.0.0.jar diff --git a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_idp/1.0.0/eaaf_module_pvp2_idp-1.0.0.pom b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_idp/1.0.0/eaaf_module_pvp2_idp-1.0.0.pom new file mode 100644 index 000000000..b22b20f5f --- /dev/null +++ b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_idp/1.0.0/eaaf_module_pvp2_idp-1.0.0.pom @@ -0,0 +1,74 @@ +<?xml version="1.0"?> +<!-- + --> + +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_modules</artifactId> + <version>1.x</version> + </parent> + <artifactId>eaaf_module_pvp2_idp</artifactId> + <version>${egiz.eaaf.version}</version> + <name>eaaf_module_pvp2_core</name> + <url>http://maven.apache.org</url> + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + </properties> + <dependencies> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_pvp2_core</artifactId> + <version>${egiz.eaaf.version}</version> + </dependency> + + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>javax.servlet-api</artifactId> + <scope>provided</scope> + </dependency> + + <!-- Testing --> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> + </dependencies> + + <build> + <finalName>eaaf_module_pvp2_idp</finalName> + + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-compiler-plugin</artifactId> + <version>3.7.0</version> + <configuration> + <source>1.8</source> + <target>1.8</target> + </configuration> + </plugin> + + <!-- enable co-existence of testng and junit --> + <plugin> + <artifactId>maven-surefire-plugin</artifactId> + <version>${surefire.version}</version> + <configuration> + <threadCount>1</threadCount> + <argLine>--add-modules java.xml.bind</argLine> + </configuration> + <dependencies> + <dependency> + <groupId>org.apache.maven.surefire</groupId> + <artifactId>surefire-junit47</artifactId> + <version>${surefire.version}</version> + </dependency> + </dependencies> + </plugin> + + </plugins> + </build> +</project> diff --git a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_sp/1.0.0/eaaf_module_pvp2_sp-1.0.0.jar b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_sp/1.0.0/eaaf_module_pvp2_sp-1.0.0.jar Binary files differnew file mode 100644 index 000000000..18b67ffb1 --- /dev/null +++ b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_sp/1.0.0/eaaf_module_pvp2_sp-1.0.0.jar diff --git a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_sp/1.0.0/eaaf_module_pvp2_sp-1.0.0.pom b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_sp/1.0.0/eaaf_module_pvp2_sp-1.0.0.pom new file mode 100644 index 000000000..c6e0b9e50 --- /dev/null +++ b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_sp/1.0.0/eaaf_module_pvp2_sp-1.0.0.pom @@ -0,0 +1,74 @@ +<?xml version="1.0"?> +<!-- + --> + +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_modules</artifactId> + <version>1.x</version> + </parent> + <artifactId>eaaf_module_pvp2_sp</artifactId> + <version>${egiz.eaaf.version}</version> + <name>eaaf_module_pvp2_sp</name> + <url>http://maven.apache.org</url> + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + </properties> + <dependencies> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_pvp2_core</artifactId> + <version>${egiz.eaaf.version}</version> + </dependency> + + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>javax.servlet-api</artifactId> + <scope>provided</scope> + </dependency> + + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> + </dependencies> + + <build> + <finalName>eaaf_module_pvp2_sp</finalName> + + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-compiler-plugin</artifactId> + <version>3.7.0</version> + <configuration> + <source>1.8</source> + <target>1.8</target> + </configuration> + </plugin> + + <!-- enable co-existence of testng and junit --> + <plugin> + <artifactId>maven-surefire-plugin</artifactId> + <version>${surefire.version}</version> + <configuration> + <threadCount>1</threadCount> + <argLine>--add-modules java.xml.bind</argLine> + </configuration> + <dependencies> + <dependency> + <groupId>org.apache.maven.surefire</groupId> + <artifactId>surefire-junit47</artifactId> + <version>${surefire.version}</version> + </dependency> + </dependencies> + </plugin> + + </plugins> + </build> + +</project> diff --git a/repository/eu/eidas/eidas-commons/2.0.0/eidas-commons-2.0.0.jar b/repository/eu/eidas/eidas-commons/2.0.0/eidas-commons-2.0.0.jar Binary files differnew file mode 100644 index 000000000..bc8986840 --- /dev/null +++ b/repository/eu/eidas/eidas-commons/2.0.0/eidas-commons-2.0.0.jar diff --git a/repository/eu/eidas/eidas-configmodule/2.0.0/eidas-configmodule-2.0.0.jar b/repository/eu/eidas/eidas-configmodule/2.0.0/eidas-configmodule-2.0.0.jar Binary files differnew file mode 100644 index 000000000..5b9f3e48f --- /dev/null +++ b/repository/eu/eidas/eidas-configmodule/2.0.0/eidas-configmodule-2.0.0.jar diff --git a/repository/eu/eidas/eidas-encryption/2.0.0/eidas-encryption-2.0.0.jar b/repository/eu/eidas/eidas-encryption/2.0.0/eidas-encryption-2.0.0.jar Binary files differnew file mode 100644 index 000000000..86661b4c3 --- /dev/null +++ b/repository/eu/eidas/eidas-encryption/2.0.0/eidas-encryption-2.0.0.jar diff --git a/repository/eu/eidas/eidas-light-commons/2.0.0/eidas-light-commons-2.0.0.jar b/repository/eu/eidas/eidas-light-commons/2.0.0/eidas-light-commons-2.0.0.jar Binary files differnew file mode 100644 index 000000000..8a3446150 --- /dev/null +++ b/repository/eu/eidas/eidas-light-commons/2.0.0/eidas-light-commons-2.0.0.jar diff --git a/repository/eu/eidas/eidas-saml-engine/2.0.0/eidas-saml-engine-2.0.0.jar b/repository/eu/eidas/eidas-saml-engine/2.0.0/eidas-saml-engine-2.0.0.jar Binary files differnew file mode 100644 index 000000000..0df7d2317 --- /dev/null +++ b/repository/eu/eidas/eidas-saml-engine/2.0.0/eidas-saml-engine-2.0.0.jar diff --git a/repository/eu/eidas/eidas-saml-metadata/2.0.0/eidas-saml-metadata-2.0.0.jar b/repository/eu/eidas/eidas-saml-metadata/2.0.0/eidas-saml-metadata-2.0.0.jar Binary files differnew file mode 100644 index 000000000..3caa29474 --- /dev/null +++ b/repository/eu/eidas/eidas-saml-metadata/2.0.0/eidas-saml-metadata-2.0.0.jar diff --git a/repository/eu/eidas/eidas-specific-communication-definition/2.0.0/eidas-specific-communication-definition-2.0.0.jar b/repository/eu/eidas/eidas-specific-communication-definition/2.0.0/eidas-specific-communication-definition-2.0.0.jar Binary files differnew file mode 100644 index 000000000..de8abbd27 --- /dev/null +++ b/repository/eu/eidas/eidas-specific-communication-definition/2.0.0/eidas-specific-communication-definition-2.0.0.jar |
