Merge branch 'development_preview' into eIDAS_node_implementation

2 files changed, 101 insertions, 9 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
index 353261085..5f74d8fdd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -29,6 +29,7 @@ import java.io.StringWriter;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang.StringEscapeUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 
@@ -48,7 +49,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.data.ExceptionContainer;
 import at.gv.egovernment.moa.id.moduls.IRequestStorage;
@@ -166,8 +166,9 @@ public abstract class AbstractController extends MOAIDAuthConstants {
 
 			return;
 					
-		} catch (MOADatabaseException e) {
-			Logger.warn("Exception can not be stored to Database.", e);
+		} catch (Exception e) {
+			Logger.warn("Default error-handling FAILED. Exception can not be stored to Database.", e);
+			Logger.info("Switch to generic generic backup error-handling ... ");
 			handleErrorNoRedirect(loggedException, req, resp, true);
 			
 		}
@@ -231,7 +232,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
 		ErrorResponseUtils utils = ErrorResponseUtils.getInstance();
 		String code = utils.mapInternalErrorToExternalError(
 				((InvalidProtocolRequestException)e).getMessageId());
-		String descr = e.getMessage();
+		String descr = StringEscapeUtils.escapeHtml(e.getMessage());
 		resp.setContentType(MediaType.HTML_UTF_8.toString());
 		resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" +
 				"(Errorcode=" + code +
@@ -248,7 +249,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
 					null);
 				
 			//add errorcode and errormessage
-			config.putCustomParameter("errorMsg", msg);
+			config.putCustomParameter("errorMsg", StringEscapeUtils.escapeHtml(msg));
 			config.putCustomParameter("errorCode", errorCode);
 		
 			//add stacktrace if debug is enabled
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index 73d6e978e..95e3c5bc2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -22,13 +22,19 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x;
 
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
 import org.opensaml.xml.encryption.EncryptionConstants;
 import org.opensaml.xml.signature.SignatureConstants;
 
+import at.gv.egovernment.moa.id.data.Trible;
+
 public interface PVPConstants {
 	
 	public static final String SSLSOCKETFACTORYNAME = "MOAMetaDataProvider";
-	
+		
 	public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
 	public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
 	public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
@@ -54,8 +60,12 @@ public interface PVPConstants {
 	public static final String PVP_VERSION_NAME = URN_OID_PREFIX + PVP_VERSION_OID;
 	public static final String PVP_VERSION_FRIENDLY_NAME = "PVP-VERSION";
 	public static final String PVP_VERSION_2_1 = "2.1";
+
 	
+	public static final String SECCLASS_OID = "1.2.40.0.10.2.1.1.261.110";
 	public static final String SECCLASS_FRIENDLY_NAME = "SECCLASS";
+	public static final String SECCLASS_NAME = URN_OID_PREFIX + SECCLASS_OID;
+	public static final int SECCLASS_MAX_LENGTH = 128;
 	
 	public static final String PRINCIPAL_NAME_OID = "1.2.40.0.10.2.1.1.261.20";
 	public static final String PRINCIPAL_NAME_NAME = URN_OID_PREFIX + PRINCIPAL_NAME_OID;
@@ -136,9 +146,13 @@ public interface PVPConstants {
 	public static final String ROLES_FRIENDLY_NAME = "ROLES";
 	public static final int ROLES_MAX_LENGTH = 32767;
 	
-	public static final String EID_CITIZEN_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.94";
-	public static final String EID_CITIZEN_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_QAA_LEVEL_OID;
-	public static final String EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-LEVEL";
+	@Deprecated public static final String EID_CITIZEN_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.94";	
+	@Deprecated public static final String EID_CITIZEN_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_QAA_LEVEL_OID;
+	@Deprecated public static final String EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-LEVEL";
+	
+	public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.108";	
+	public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_EIDAS_QAA_LEVEL_OID;
+	public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-EIDAS-LEVEL";
 	
 	public static final String EID_ISSUING_NATION_OID = "1.2.40.0.10.2.1.1.261.32";
 	public static final String EID_ISSUING_NATION_NAME = URN_OID_PREFIX + EID_ISSUING_NATION_OID;
@@ -283,4 +297,81 @@ public interface PVPConstants {
 	public static final String PVP_HOLDEROFKEY_OID = "1.2.40.0.10.2.1.1.261.xx.xx";
 	public static final String PVP_HOLDEROFKEY_NAME = URN_OID_PREFIX + PVP_HOLDEROFKEY_OID;
 	public static final String PVP_HOLDEROFKEY_FRIENDLY_NAME = "HOLDER-OF-KEY-CERTIFICATE";
+	
+	
+	
+	public static final String ENTITY_CATEGORY_ATTRIBITE = "http://macedir.org/entity-category";
+	public static final String EGOVTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/egovtoken";
+	public static final String CITIZENTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/citizentoken";
+	
+	/** 
+	 * 
+	 * Get required PVP attributes for egovtoken
+	 * First : PVP attribute name (OID) 
+	 * Second: FriendlyName
+	 * Third: Required
+	 * 
+	 */
+	public static final List<Trible<String, String, Boolean>> EGOVTOKEN_PVP_ATTRIBUTES = 
+			Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
+				private static final long serialVersionUID = 1L;
+				{	
+					//currently supported attributes
+					add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
+					add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
+					
+					//currently not supported attributes
+					add(Trible.newInstance(USERID_NAME, USERID_FRIENDLY_NAME, false));
+					add(Trible.newInstance(GID_NAME, GID_FRIENDLY_NAME, false));
+					add(Trible.newInstance(PARTICIPANT_ID_NAME, PARTICIPANT_ID_FRIENDLY_NAME, false));
+					add(Trible.newInstance(OU_GV_OU_ID_NAME, OU_GV_OU_ID_FRIENDLY_NAME, false));
+					add(Trible.newInstance(OU_NAME, OU_FRIENDLY_NAME, false));
+					add(Trible.newInstance(SECCLASS_NAME, SECCLASS_FRIENDLY_NAME, false));
+					
+					
+				}
+			});
+	
+	/** 
+	 * 
+	 * Get required PVP attributes for citizenToken
+	 * First : PVP attribute name (OID) 
+	 * Second: FriendlyName
+	 * Third: Required
+	 * 
+	 */
+	public static final List<Trible<String, String, Boolean>> CITIZENTOKEN_PVP_ATTRIBUTES = 
+			Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
+				private static final long serialVersionUID = 1L;
+				{	
+					//required attributes - eIDAS minimal-data set
+					add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
+					add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
+					add(Trible.newInstance(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true));
+					add(Trible.newInstance(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, true));
+					add(Trible.newInstance(BPK_NAME, BPK_FRIENDLY_NAME, true));
+					
+					
+					//not required attributes
+					add(Trible.newInstance(EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false));
+					add(Trible.newInstance(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, false));
+					add(Trible.newInstance(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false));
+					add(Trible.newInstance(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false));
+					add(Trible.newInstance(MANDATE_TYPE_OID_NAME, MANDATE_TYPE_OID_FRIENDLY_NAME, false));
+					add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_NAME, MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false));
+					add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false));
+					add(Trible.newInstance(MANDATE_NAT_PER_BPK_NAME, MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false));
+					add(Trible.newInstance(MANDATE_NAT_PER_GIVEN_NAME_NAME, MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false));
+					add(Trible.newInstance(MANDATE_NAT_PER_FAMILY_NAME_NAME, MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false));
+					add(Trible.newInstance(MANDATE_NAT_PER_BIRTHDATE_NAME, MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false));
+					add(Trible.newInstance(MANDATE_LEG_PER_FULL_NAME_NAME, MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false));
+					add(Trible.newInstance(MANDATE_PROF_REP_OID_NAME, MANDATE_PROF_REP_OID_FRIENDLY_NAME, false));
+					add(Trible.newInstance(MANDATE_PROF_REP_DESC_NAME, MANDATE_PROF_REP_DESC_FRIENDLY_NAME, false));
+					add(Trible.newInstance(MANDATE_REFERENCE_VALUE_NAME, MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false));
+					
+					
+										
+				}
+			});
+	
 }