Update to MOA-SPSS 3.0.0-RC1

Merge branch 'moa-id-3.2_(OPB)' into moa-id_with_moa-sig_and_eccelerate Conflicts: id/moa-spss-container/pom.xml pom.xml
author: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-05-10 15:50:52 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-05-10 15:50:52 +0200
commit: aa4f6b8a17400e6ebbe83d92e26b25413deb9aa1 (patch)
tree: 0798f107e13d8a8546c1b15c6432e5360a656e92 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util
parent: 576f5ea5cfaf2ea174f198dc5df238c1ca0c331a (diff)
parent: c3e07d7fb87b2d132ffc838e4878b9479da361a7 (diff)
download: moa-id-spss-aa4f6b8a17400e6ebbe83d92e26b25413deb9aa1.tar.gz
moa-id-spss-aa4f6b8a17400e6ebbe83d92e26b25413deb9aa1.tar.bz2
moa-id-spss-aa4f6b8a17400e6ebbe83d92e26b25413deb9aa1.zip
12 files changed, 49 insertions, 733 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java
deleted file mode 100644
index fff5fac96..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java
+++ /dev/null
@@ -1,258 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.util;
-
-import java.io.BufferedWriter;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.OutputStreamWriter;
-import java.io.PrintWriter;
-import java.net.Socket;
-import java.security.GeneralSecurityException;
-import java.util.Hashtable;
-
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.SSLSocketFactory;
-
-import org.apache.axis.components.net.BooleanHolder;
-import org.apache.axis.components.net.DefaultSocketFactory;
-import org.apache.axis.components.net.SocketFactory;
-import org.apache.axis.components.net.TransportClientProperties;
-import org.apache.axis.components.net.TransportClientPropertiesFactory;
-import org.apache.axis.utils.Messages;
-import org.apache.axis.utils.XMLUtils;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Secure socket factory for Axis webs service clients of the MOA-ID component,
- * which are the MOA-SP calls from MOA-ID Auth, 
- * and the MOA-ID Auth calls from MOA-ID Proxy.
- * <br/>Use this initialization code:<br/>
- * <code>	// ConnectionParameter connParam = ... get from ConfigurationProvider
- * 	AxisSecureSocketFactory.initialize(connParam);</code>
- * <br/>See the Apache Axis documentation on how to configure this class
- * as the default secure socket factory to be used by Axis.
- * <br/>
- * This code has been copied from <code>JSSESocketFactory</code>, the
- * method <code>initialize()</code> has been added.
- * 
- * 
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class AxisSecureSocketFactory
-  extends DefaultSocketFactory implements SocketFactory {
-
-  /** Field sslFactory           */
-  private static SSLSocketFactory sslFactory;
-
-  /**
-   * Constructor for AxisSecureSocketFactory.
-   * @param attributes ???
-   */
-  public AxisSecureSocketFactory(Hashtable attributes) {
-    super(attributes);
-  }
-  /**
-   * Initializes the factory by setting the connection parameters to be used for
-   * setting the secure socket factory, and by setting the system property 
-   * <code>axis.socketSecureFactory</code>.
-   * @param ssf <code>SSLSocketFactory</code> to initialize with
-   */
-  public static void initialize(SSLSocketFactory ssf)
-    throws IOException, GeneralSecurityException {
-
-    Logger.debug("Initialize AxisSecureSocketFactory");
-    sslFactory = ssf;
-  }
-
-  /**
-   * creates a secure socket
-   *
-   * @param host
-   * @param port
-   * @param otherHeaders
-   * @param useFullURL
-   *
-   * @return Socket
-   * @throws Exception
-   */
-  public Socket create(
-    String host,
-    int port,
-    StringBuffer otherHeaders,
-    BooleanHolder useFullURL)
-    throws Exception {
-    if (port == -1) {
-      port = 443;
-    }
-
-    TransportClientProperties tcp =
-      TransportClientPropertiesFactory.create("https");
-
-    boolean hostInNonProxyList =
-      isHostInNonProxyList(host, tcp.getNonProxyHosts());
-
-    Socket sslSocket = null;
-    if (tcp.getProxyHost().length() == 0 || hostInNonProxyList) {
-      // direct SSL connection
-      sslSocket = sslFactory.createSocket(host, port);
-    }
-    else {
-
-      // Default proxy port is 80, even for https
-      int tunnelPort =
-        (tcp.getProxyPort().length() != 0)
-          ? Integer.parseInt(tcp.getProxyPort())
-          : 80;
-      if (tunnelPort < 0)
-        tunnelPort = 80;
-
-      // Create the regular socket connection to the proxy
-      Socket tunnel = new Socket(tcp.getProxyHost(), tunnelPort);
-
-      // The tunnel handshake method (condensed and made reflexive)
-      OutputStream tunnelOutputStream = tunnel.getOutputStream();
-      PrintWriter out =
-        new PrintWriter(
-          new BufferedWriter(new OutputStreamWriter(tunnelOutputStream)));
-
-      // More secure version... engage later?
-      // PasswordAuthentication pa =
-      // Authenticator.requestPasswordAuthentication(
-      // InetAddress.getByName(tunnelHost),
-      // tunnelPort, "SOCK", "Proxy","HTTP");
-      // if(pa == null){
-      // printDebug("No Authenticator set.");
-      // }else{
-      // printDebug("Using Authenticator.");
-      // tunnelUser = pa.getUserName();
-      // tunnelPassword = new String(pa.getPassword());
-      // }
-      out.print(
-        "CONNECT "
-          + host
-          + ":"
-          + port
-          + " HTTP/1.0\r\n"
-          + "User-Agent: AxisClient");
-      if (tcp.getProxyUser().length() != 0
-        && tcp.getProxyPassword().length() != 0) {
-
-        // add basic authentication header for the proxy
-        String encodedPassword =
-          XMLUtils.base64encode(
-            (tcp.getProxyUser() + ":" + tcp.getProxyPassword()).getBytes());
-
-        out.print("\nProxy-Authorization: Basic " + encodedPassword);
-      }
-      out.print("\nContent-Length: 0");
-      out.print("\nPragma: no-cache");
-      out.print("\r\n\r\n");
-      out.flush();
-      InputStream tunnelInputStream = tunnel.getInputStream();
-
-      if (log.isDebugEnabled()) {
-        log.debug(
-          Messages.getMessage(
-            "isNull00",
-            "tunnelInputStream",
-            "" + (tunnelInputStream == null)));
-      }
-      String replyStr = "";
-
-      // Make sure to read all the response from the proxy to prevent SSL negotiation failure
-      // Response message terminated by two sequential newlines
-      int newlinesSeen = 0;
-      boolean headerDone = false; /* Done on first newline */
-
-      while (newlinesSeen < 2) {
-        int i = tunnelInputStream.read();
-
-        if (i < 0) {
-          throw new IOException("Unexpected EOF from proxy");
-        }
-        if (i == '\n') {
-          headerDone = true;
-          ++newlinesSeen;
-        }
-        else if (i != '\r') {
-          newlinesSeen = 0;
-          if (!headerDone) {
-            replyStr += String.valueOf((char) i);
-          }
-        }
-      }
-      if (!replyStr.startsWith("HTTP/1.0 200")
-        && !replyStr.startsWith("HTTP/1.1 200")) {
-        throw new IOException(
-          Messages.getMessage(
-            "cantTunnel00",
-            new String[] { tcp.getProxyHost(), "" + tunnelPort, replyStr }));
-      }
-
-      // End of condensed reflective tunnel handshake method
-      sslSocket = sslFactory.createSocket(tunnel, host, port, true);
-      if (log.isDebugEnabled()) {
-        log.debug(
-          Messages.getMessage(
-            "setupTunnel00",
-            tcp.getProxyHost(),
-            "" + tunnelPort));
-      }
-    }
-
-    ((SSLSocket) sslSocket).startHandshake();
-    if (log.isDebugEnabled()) {
-      log.debug(Messages.getMessage("createdSSL00"));
-    }
-    return sslSocket;
-  }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java
index 8bd682421..655675f00 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java
@@ -26,7 +26,7 @@ import java.util.Locale;
 
 import at.gv.egovernment.moa.id.auth.exception.BKUException;
 import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.ProcessExecutionException;
 import at.gv.egovernment.moa.util.Messages;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java
deleted file mode 100644
index 9a1237b80..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java
+++ /dev/null
@@ -1,136 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.util;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class FormBuildUtils {
-
-	private static Map<String, String> defaultmap = null;
-	
-	public static String MAIN_BACKGROUNDCOLOR = "#MAIN_BACKGOUNDCOLOR#";
-	public static String MAIN_COLOR = "#MAIN_COLOR#";
-	public static String HEADER_BACKGROUNDCOLOR = "#HEADER_BACKGROUNDCOLOR#";
-	public static String HEADER_COLOR = "#HEADER_COLOR#";
-	public static String BUTTON_BACKGROUNDCOLOR = "#BUTTON_BACKGROUNDCOLOR#";
-	public static String BUTTON_BACKGROUNDCOLOR_FOCUS = "#BUTTON_BACKGROUNDCOLOR_FOCUS#";
-	public static String BUTTON_COLOR = "#BUTTON_COLOR#";
-	public static String FONTFAMILY = "#FONTTYPE#";
-	public static String HEADER_TEXT = "#HEADER_TEXT#";
-	public static String REDIRECTTARGET = "#REDIRECTTARGET#";
-	public static String APPLET_HEIGHT = "#APPLETHEIGHT#";
-	public static String APPLET_WIDTH = "#APPLETWIDTH#";
-	
-	private static String MANDATEVISIBLE = "#MANDATEVISIBLE#";
-	private static String MANDATECHECKED = "#MANDATECHECKED#";
-
-	private static String STORKVISIBLE = "#STORKVISIBLE#";
-
-	private static final String TEMPLATEVISIBLE = " display: none";
-	private static final String TEMPLATEDISABLED =  "disabled=\"true\"";
-	private static final String TEMPLATECHECKED = "checked=\"true\"";
-	private static final String TEMPLATE_ARIACHECKED = "aria-checked=";
-	
-	
-	static {
-			if (defaultmap == null) {
-				defaultmap = new HashMap<String, String>();
-				defaultmap.put(MAIN_BACKGROUNDCOLOR, "#F7F8F7");
-				defaultmap.put(MAIN_COLOR, "#000000");
-			
-				defaultmap.put(HEADER_BACKGROUNDCOLOR, "#C3D2E2");
-				defaultmap.put(HEADER_COLOR, "#000000");
-				defaultmap.put(HEADER_TEXT, "Login");
-			
-				defaultmap.put(BUTTON_BACKGROUNDCOLOR, "#EBEBEB");
-				defaultmap.put(BUTTON_BACKGROUNDCOLOR_FOCUS, "#EBEBEB");
-				defaultmap.put(BUTTON_COLOR, "#000000");
-			
-				defaultmap.put(FONTFAMILY, "Verdana,Geneva,Arial,sans-serif");
-				
-				defaultmap.put(REDIRECTTARGET, "_top");
-			}
-	}
-	
-	
-	public static String customiceLayoutBKUSelection(String value, boolean isShowMandateCheckbox,
-													 boolean isOnlyMandateAllowed,
-													 Map<String, String> map, boolean showStorkLogin) {
-		
-		if (isShowMandateCheckbox)
-			value = value.replace(MANDATEVISIBLE, "");
-		else
-			value = value.replace(MANDATEVISIBLE, TEMPLATEVISIBLE);
-		
-		if (isOnlyMandateAllowed) {
-			value = value.replace(MANDATECHECKED, 	TEMPLATECHECKED + " " + 
-													TEMPLATEDISABLED + " " +
-													TEMPLATE_ARIACHECKED + "\"true\"");
-			
-		} else
-			value = value.replace(MANDATECHECKED, TEMPLATE_ARIACHECKED + "\"false\"");
-		
-		if (showStorkLogin)
-			value = value.replace(STORKVISIBLE, "");
-		else
-			value = value.replace(STORKVISIBLE, TEMPLATEVISIBLE);
-
-		String fonttype = map.get(FONTFAMILY);
-		if (MiscUtil.isNotEmpty(fonttype)) {
-			String[] fonttypeList = fonttype.split(",");
-			String fonttypeformated = "\"" + fonttypeList[0].trim().replace("\"", "") + "\"";
-			
-			for (int i=1; i<fonttypeList.length; i++) {
-				fonttypeformated += ",\"" + fonttypeList[i].trim().replace("\"", "") + "\"";
-			}
-			
-			map.put(FONTFAMILY, fonttypeformated);
-		}
-		
-		Set<String> elements = map.keySet();
-		for (String element: elements) {
-			value = value.replace(element, map.get(element));
-		}
-		
-		return value;
-	}
-	
-	public static Map<String, String> getDefaultMap() {
-		return defaultmap;
-	}
-
-	/**
-	 * @param value
-	 * @return
-	 */
-	public static String defaultLayoutBKUSelection(String value) {
-		return customiceLayoutBKUSelection(value, false, false, getDefaultMap(), false);
-		
-	}
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
index d2499af9d..4cb6af127 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
@@ -173,6 +173,17 @@ public class HTTPUtils {
 		
 	}
 	
+	/**
+	 * Extract the IDP requested URL from authrequest
+	 * 
+	 * @param req HttpServletRequest
+	 * @return RequestURL <String> which ends always without /
+	 */ 
+	public static String extractAuthServletPathFromRequest(HttpServletRequest req) {
+	    return extractAuthURLFromRequest(req).concat(req.getServletPath());
+	 	
+	}
+	
 	public static String addURLParameter(String url, String paramname,
 			String paramvalue) {
 		String param = paramname + "=" + paramvalue;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
index 0b517e783..81041260c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
@@ -35,8 +35,8 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.spss.MOAException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
deleted file mode 100644
index b7a866370..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
+++ /dev/null
@@ -1,104 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.util;
-
-import java.util.Locale;
-
-import at.gv.egovernment.moa.util.Messages;
-
-/**
- * A singleton wrapper around a <code>Message</code> object, providing the messages used in MOA-ID.
- * 
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class MOAIDMessageProvider {
-  
-  /** DEFAULT_MESSAGE_RESOURCES are resources/properties/id_messages */
-  private static final String[] DEFAULT_MESSAGE_RESOURCES =
-    { "resources/properties/id_messages" };
-  /** DEFAULT_MESSAGE_LOCALES are "de", "AT" */  
-  private static final Locale[] DEFAULT_MESSAGE_LOCALES =
-    new Locale[] { new Locale("de", "AT") };
-   /** The instance for our singleton */  
-  private static MOAIDMessageProvider instance;
-  /** The Messages */
-  private Messages messages;
-  
-  /**
-   * Returns the single instance of <code>MOAIDMessageProvider</code>.
-   * 
-   * @return the single instance of <code>MOAIDMessageProvider</code>
-   */
-  public static MOAIDMessageProvider getInstance() {
-    if (instance == null)
-      instance = new MOAIDMessageProvider(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES);
-    return instance;
-  }
-  
-  /**
-   * Create a <code>MOAIDMessageProvider</code>.
-   * 
-   * @param resourceNames The names of the resources containing the messages.
-   * @param locales The corresponding locales.
-   */
-  protected MOAIDMessageProvider(String[] resourceNames, Locale[] locales) {
-    this.messages = new Messages(resourceNames, locales);
-  }
-  
-  /**
-   * Get the message corresponding to a given message ID.
-   *
-   * @param messageId The ID of the message.
-   * @param parameters The parameters to fill in into the message arguments.
-   * @return The formatted message. 
-   */
-  public String getMessage(String messageId, Object[] parameters) {
-    return messages.getMessage(messageId, parameters);
-  }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index 47010a735..885d03fd8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -46,34 +46,44 @@
 
 package at.gv.egovernment.moa.id.util;
 
+import java.io.ByteArrayInputStream;
 import java.io.IOException;
-import java.io.StringReader;
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
 import javax.servlet.http.HttpServletRequest;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 
-import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 
 
 public class ParamValidatorUtils extends MOAIDAuthConstants{
    
+	  private static final Map<String, Object> parserFeatures =
+			  Collections.unmodifiableMap(new HashMap<String, Object>() {
+					private static final long serialVersionUID = 1L;
+					{	
+						put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+						
+					}
+			  });
+	
    /**
     * Checks if the given target is valid
     * @param target HTTP parameter from request
@@ -482,11 +492,13 @@ public class ParamValidatorUtils extends MOAIDAuthConstants{
 		   return false;
 	   
 	   Logger.debug("Ueberpruefe Parameter XMLDocument");
-	   try {   
-		   DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-		   DocumentBuilder builder = factory.newDocumentBuilder();
-		   InputSource is = new InputSource(new StringReader(document));
-		   builder.parse(is);
+	   try {
+		   DOMUtils.parseXmlValidating(new ByteArrayInputStream(document.getBytes()), parserFeatures);
+		   
+//		   DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+//		   DocumentBuilder builder = factory.newDocumentBuilder();
+//		   InputSource is = new InputSource(new StringReader(document));
+//		   builder.parse(is);
 		   
 		   Logger.debug("Parameter XMLDocument erfolgreich ueberprueft");
 		   return true;
@@ -527,9 +539,7 @@ public class ParamValidatorUtils extends MOAIDAuthConstants{
 			return false;
 		}
 
-	    if (StringUtils.isEmpty(oaURL) 
-	    		//|| StringUtils.isEmpty(templateURL) 
-	    		|| StringUtils.isEmpty(bkuURL) )
+	    if (StringUtils.isEmpty(bkuURL))
 	    	return false;
 	    else
 	    	return true;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
index 47f784c33..ba45a3679 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
@@ -99,8 +99,12 @@ public class Random {
 		char preFix = allowedPreFix[Math.abs(random.nextInt() % allowedPreFix.length)];
 	 
 		//generate ID
-		return preFix + new String(Hex.encodeHex(Bytes.concat(now.getBytes(), randValue))); // 20 bytes = 160 bits
-		
+		String returnValue = preFix + new String(Hex.encodeHex(Bytes.concat(now.getBytes(), randValue))); // 20 bytes = 160 bits
+		if (returnValue.length() > 40)
+			return returnValue.substring(0, 40);
+		else
+			return returnValue;
+				
 	}
 	
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index d3fba8854..891d01e09 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -62,11 +62,11 @@ import javax.net.ssl.SSLSocketFactory;
 import org.apache.regexp.RE;
 import org.apache.regexp.RESyntaxException;
 
+import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
+import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.ConnectionParameterInterface;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import iaik.pki.PKIException;
 import iaik.security.provider.IAIK;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java
deleted file mode 100644
index 269e21d4f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java
+++ /dev/null
@@ -1,99 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.util;
-
-import org.apache.velocity.app.Velocity;
-import org.apache.velocity.runtime.RuntimeServices;
-import org.apache.velocity.runtime.log.LogChute;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-public class VelocityLogAdapter implements LogChute {
-
-	public VelocityLogAdapter() {
-		try
-	    {
-	      /*
-	       *  register this class as a logger with the Velocity singleton
-	       *  (NOTE: this would not work for the non-singleton method.)
-	       */
-	      Velocity.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, this );
-	      Velocity.init();
-	    }
-	    catch (Exception e)
-	    {
-	      Logger.error("Failed to register Velocity logger");
-	    }
-	}
-	
-	public void init(RuntimeServices arg0) throws Exception {
-	}
-
-	public boolean isLevelEnabled(int arg0) {
-		switch(arg0) {
-		case LogChute.DEBUG_ID:
-			return Logger.isDebugEnabled();
-		case LogChute.TRACE_ID:
-			return Logger.isTraceEnabled();
-		default:
-			return true;
-		}
-	}
-
-	public void log(int arg0, String arg1) {
-		switch(arg0) {
-		case LogChute.DEBUG_ID:
-			Logger.debug(arg1);
-			break;
-		case LogChute.TRACE_ID:
-			Logger.trace(arg1);
-			break;
-		case LogChute.INFO_ID:
-			Logger.info(arg1);
-			break;
-		case LogChute.WARN_ID:
-			Logger.warn(arg1);
-			break;
-		case LogChute.ERROR_ID:
-		default:
-			Logger.error(arg1);
-			break;
-		}
-	}
-
-	public void log(int arg0, String arg1, Throwable arg2) {
-		switch(arg0) {
-		case LogChute.DEBUG_ID:
-		case LogChute.TRACE_ID:
-		case LogChute.INFO_ID:
-		case LogChute.WARN_ID:
-			Logger.warn(arg1, arg2);
-			break;
-		case LogChute.ERROR_ID:
-		default:
-			Logger.error(arg1, arg2);
-			break;
-		}
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityProvider.java
deleted file mode 100644
index 231f36fa8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityProvider.java
+++ /dev/null
@@ -1,112 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-/**
- * 
- */
-package at.gv.egovernment.moa.id.util;
-
-import org.apache.velocity.app.VelocityEngine;
-import org.apache.velocity.runtime.RuntimeConstants;
-
-/**
- * Gets a Velocity Engine
- * 
- * @author bzwattendorfer
- *
- */
-public class VelocityProvider {
-
-	/**
-	 * Gets velocityEngine from Classpath
-	 * @return VelocityEngine
-	 * @throws Exception
-	 */
-	public static VelocityEngine getClassPathVelocityEngine() throws Exception {
-		VelocityEngine velocityEngine = getBaseVelocityEngine();
-        velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
-        velocityEngine.setProperty("classpath.resource.loader.class",
-                "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
-        
-		velocityEngine.init();
-		
-		return velocityEngine;
-	}
-	
-	/**
-	 * Gets VelocityEngine from File
-	 * @param rootPath File Path to template file
-	 * @return VelocityEngine
-	 * @throws Exception
-	 */
-	public static VelocityEngine getFileVelocityEngine(String rootPath) throws Exception {
-		VelocityEngine velocityEngine = getBaseVelocityEngine();
-        velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "file");
-        velocityEngine.setProperty("file.resource.loader.class",
-                "org.apache.velocity.runtime.resource.loader.FileResourceLoader");
-        velocityEngine.setProperty("file.resource.loader.path", rootPath);
-        
-		velocityEngine.init();
-		
-		return velocityEngine;
-	}
-	
-	/**
-	 * Gets a basic VelocityEngine
-	 * @return VelocityEngine
-	 */
-	private static VelocityEngine getBaseVelocityEngine() {
-		VelocityEngine velocityEngine = new VelocityEngine();
-        velocityEngine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
-        velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
-        velocityEngine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
-				"org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
-        
-        return velocityEngine;
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java
index dd4e67bcd..48e1460f9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java
@@ -26,8 +26,8 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.lang.StringEscapeUtils;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 
 public class LegacyHelper extends MOAIDAuthConstants{
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-05-10 15:50:52 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-05-10 15:50:52 +0200
commit	aa4f6b8a17400e6ebbe83d92e26b25413deb9aa1 (patch)
tree	0798f107e13d8a8546c1b15c6432e5360a656e92 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util
parent	576f5ea5cfaf2ea174f198dc5df238c1ca0c331a (diff)
parent	c3e07d7fb87b2d132ffc838e4878b9479da361a7 (diff)
download	moa-id-spss-aa4f6b8a17400e6ebbe83d92e26b25413deb9aa1.tar.gz moa-id-spss-aa4f6b8a17400e6ebbe83d92e26b25413deb9aa1.tar.bz2 moa-id-spss-aa4f6b8a17400e6ebbe83d92e26b25413deb9aa1.zip