aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2013-07-18 12:01:21 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2013-07-18 12:01:21 +0200
commit49acb697426d3c313ad047449ea62ac1bf3f4fd0 (patch)
tree0e25cdfdb8b4b714655b6a16e5dd73bd81fcbea9 /id/server/idserverlib/src/main/java/at
parent5c345b6a0cd34a8c853aa274b081e70589b44da3 (diff)
downloadmoa-id-spss-49acb697426d3c313ad047449ea62ac1bf3f4fd0.tar.gz
moa-id-spss-49acb697426d3c313ad047449ea62ac1bf3f4fd0.tar.bz2
moa-id-spss-49acb697426d3c313ad047449ea62ac1bf3f4fd0.zip
MOA-ID 2.x Configuration implemented
-SSO deaktivated -Login with mandate and normal tested
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java1110
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java38
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java43
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java30
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java40
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java87
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java100
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java232
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java37
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java178
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java486
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java1104
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java762
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java23
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java36
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java41
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java42
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java41
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java133
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java623
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java619
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java51
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java98
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java)16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java)2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java501
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java164
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java90
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java112
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java35
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java411
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java159
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java125
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java63
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java50
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java29
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java325
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java41
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java11
66 files changed, 5093 insertions, 3262 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index f7c0ff812..214a1df7d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -160,12 +160,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
/**
* time out in milliseconds used by {@link cleanup} for session store
*/
- private long sessionTimeOut = 10 * 60 * 1000; // default 10 minutes
+ private long sessionTimeOutCreated = 15 * 60 * 1000; // default 10 minutes
+ private long sessionTimeOutUpdated = 10 * 60 * 1000; // default 10 minutes
/**
* time out in milliseconds used by {@link cleanup} for authentication data
* store
*/
- private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes
+ private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes
/**
* Returns the single instance of <code>AuthenticationServer</code>.
@@ -185,140 +186,144 @@ public class AuthenticationServer implements MOAIDAuthConstants {
super();
}
- /**
- * Processes request to select a BKU. <br/>
- * Processing depends on value of
- * {@link AuthConfigurationProvider#getBKUSelectionType}. <br/>
- * For <code>bkuSelectionType==HTMLComplete</code>, a <code>returnURI</code>
- * for the "BKU Auswahl" service is returned. <br/>
- * For <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU
- * selection is returned.
- *
- * @param authURL
- * base URL of MOA-ID Auth component
- * @param target
- * "Gesch&auml;ftsbereich"
- * @param oaURL
- * online application URL requested
- * @param bkuSelectionTemplateURL
- * template for BKU selection form to be used in case of
- * <code>HTMLSelect</code>; may be null
- * @param templateURL
- * URL providing an HTML template for the HTML form to be used
- * for call <code>startAuthentication</code>
- * @return for <code>bkuSelectionType==HTMLComplete</code>, the
- * <code>returnURI</code> for the "BKU Auswahl" service; for
- * <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU
- * selection
- * @throws WrongParametersException
- * upon missing parameters
- * @throws AuthenticationException
- * when the configured BKU selection service cannot be reached,
- * and when the given bkuSelectionTemplateURL cannot be reached
- * @throws ConfigurationException
- * on missing configuration data
- * @throws BuildException
- * while building the HTML form
- */
- public String selectBKU(String authURL, String target, String oaURL,
- String bkuSelectionTemplateURL, String templateURL)
- throws WrongParametersException, AuthenticationException,
- ConfigurationException, BuildException {
-
- // check if HTTP Connection may be allowed (through
- // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
- String boolStr = AuthConfigurationProvider
- .getInstance()
- .getGenericConfigurationParameter(
- AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
- if ((!authURL.startsWith("https:"))
- && (false == BoolUtils.valueOf(boolStr)))
- throw new AuthenticationException("auth.07", new Object[] { authURL
- + "*" });
- if (isEmpty(authURL))
- throw new WrongParametersException("StartAuthentication",
- "AuthURL", "auth.05");
- if (isEmpty(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA,
- "auth.05");
-
- ConnectionParameter bkuConnParam = AuthConfigurationProvider
- .getInstance().getBKUConnectionParameter();
- if (bkuConnParam == null)
- throw new ConfigurationException("config.08",
- new Object[] { "BKUSelection/ConnectionParameter" });
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(oaURL);
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { oaURL });
-
- if (!oaParam.getBusinessService()) {
- if (isEmpty(target))
- throw new WrongParametersException("StartAuthentication",
- PARAM_TARGET, "auth.05");
- } else {
- if (!isEmpty(target)) {
- Logger
- .info("Ignoring target parameter thus application type is \"businessService\"");
- }
- target = null;
- }
-
- AuthenticationSession session = newSession();
- Logger.info("MOASession " + session.getSessionID() + " angelegt");
- session.setTarget(target);
- session.setOAURLRequested(oaURL);
- session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
- session.setAuthURL(authURL);
- session.setTemplateURL(templateURL);
- session.setBusinessService(oaParam.getBusinessService());
-
- try {
- AuthenticationSessionStoreage.storeSession(session);
-
- } catch (MOADatabaseException e) {
- throw new AuthenticationException("", null);
- }
-
- String returnURL = new DataURLBuilder().buildDataURL(authURL,
- REQ_START_AUTHENTICATION, session.getSessionID());
- String bkuSelectionType = AuthConfigurationProvider.getInstance()
- .getBKUSelectionType();
- if (bkuSelectionType
- .equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
- // bkuSelectionType==HTMLComplete
- String redirectURL = bkuConnParam.getUrl() + "?"
- + AuthServlet.PARAM_RETURN + "=" + returnURL;
- return redirectURL;
- } else {
- // bkuSelectionType==HTMLSelect
- String bkuSelectTag;
- try {
- bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider
- .getInstance(), bkuConnParam);
- } catch (Throwable ex) {
- throw new AuthenticationException("auth.11", new Object[] {
- bkuConnParam.getUrl(), ex.toString() }, ex);
- }
- String bkuSelectionTemplate = null;
- // override template url by url from configuration file
- if (oaParam.getBkuSelectionTemplateURL() != null) {
- bkuSelectionTemplateURL = oaParam.getBkuSelectionTemplateURL();
- }
- if (bkuSelectionTemplateURL != null) {
- try {
- bkuSelectionTemplate = new String(FileUtils
- .readURL(bkuSelectionTemplateURL));
- } catch (IOException ex) {
- throw new AuthenticationException("auth.03", new Object[] {
- bkuSelectionTemplateURL, ex.toString() }, ex);
- }
- }
- String htmlForm = new SelectBKUFormBuilder().build(
- bkuSelectionTemplate, returnURL, bkuSelectTag);
- return htmlForm;
- }
- }
+// /**
+// * Processes request to select a BKU. <br/>
+// * Processing depends on value of
+// * {@link AuthConfigurationProvider#getBKUSelectionType}. <br/>
+// * For <code>bkuSelectionType==HTMLComplete</code>, a <code>returnURI</code>
+// * for the "BKU Auswahl" service is returned. <br/>
+// * For <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU
+// * selection is returned.
+// *
+// * @param authURL
+// * base URL of MOA-ID Auth component
+// * @param target
+// * "Gesch&auml;ftsbereich"
+// * @param oaURL
+// * online application URL requested
+// * @param bkuSelectionTemplateURL
+// * template for BKU selection form to be used in case of
+// * <code>HTMLSelect</code>; may be null
+// * @param templateURL
+// * URL providing an HTML template for the HTML form to be used
+// * for call <code>startAuthentication</code>
+// * @return for <code>bkuSelectionType==HTMLComplete</code>, the
+// * <code>returnURI</code> for the "BKU Auswahl" service; for
+// * <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU
+// * selection
+// * @throws WrongParametersException
+// * upon missing parameters
+// * @throws AuthenticationException
+// * when the configured BKU selection service cannot be reached,
+// * and when the given bkuSelectionTemplateURL cannot be reached
+// * @throws ConfigurationException
+// * on missing configuration data
+// * @throws BuildException
+// * while building the HTML form
+// */
+// public String selectBKU(String authURL, String target, String oaURL,
+// String bkuSelectionTemplateURL, String templateURL)
+// throws WrongParametersException, AuthenticationException,
+// ConfigurationException, BuildException {
+//
+// // check if HTTP Connection may be allowed (through
+// // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+// String boolStr = AuthConfigurationProvider
+// .getInstance()
+// .getGenericConfigurationParameter(
+// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+// if ((!authURL.startsWith("https:"))
+// && (false == BoolUtils.valueOf(boolStr)))
+// throw new AuthenticationException("auth.07", new Object[] { authURL
+// + "*" });
+// if (isEmpty(authURL))
+// throw new WrongParametersException("StartAuthentication",
+// "AuthURL", "auth.05");
+// if (isEmpty(oaURL))
+// throw new WrongParametersException("StartAuthentication", PARAM_OA,
+// "auth.05");
+//
+// ConnectionParameter bkuConnParam = AuthConfigurationProvider
+// .getInstance().getBKUConnectionParameter();
+// if (bkuConnParam == null)
+// throw new ConfigurationException("config.08",
+// new Object[] { "BKUSelection/ConnectionParameter" });
+// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+// .getOnlineApplicationParameter(oaURL);
+// if (oaParam == null)
+// throw new AuthenticationException("auth.00", new Object[] { oaURL });
+//
+// if (!oaParam.getBusinessService()) {
+// if (isEmpty(target))
+// throw new WrongParametersException("StartAuthentication",
+// PARAM_TARGET, "auth.05");
+// } else {
+// if (!isEmpty(target)) {
+// Logger
+// .info("Ignoring target parameter thus application type is \"businessService\"");
+// }
+// target = null;
+// }
+//
+// AuthenticationSession session = newSession();
+// Logger.info("MOASession " + session.getSessionID() + " angelegt");
+// session.setTarget(target);
+// session.setOAURLRequested(oaURL);
+// session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
+// session.setAuthURL(authURL);
+// session.setTemplateURL(templateURL);
+// session.setBusinessService(oaParam.getBusinessService());
+//
+// try {
+// AuthenticationSessionStoreage.storeSession(session);
+//
+// } catch (MOADatabaseException e) {
+// throw new AuthenticationException("", null);
+// }
+//
+// String returnURL = new DataURLBuilder().buildDataURL(authURL,
+// REQ_START_AUTHENTICATION, session.getSessionID());
+// String bkuSelectionType = AuthConfigurationProvider.getInstance()
+// .getBKUSelectionType();
+// if (bkuSelectionType
+// .equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
+// // bkuSelectionType==HTMLComplete
+// String redirectURL = bkuConnParam.getUrl() + "?"
+// + AuthServlet.PARAM_RETURN + "=" + returnURL;
+// return redirectURL;
+// } else {
+// // bkuSelectionType==HTMLSelect
+// String bkuSelectTag;
+// try {
+// bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider
+// .getInstance(), bkuConnParam);
+// } catch (Throwable ex) {
+// throw new AuthenticationException("auth.11", new Object[] {
+// bkuConnParam.getUrl(), ex.toString() }, ex);
+// }
+// String bkuSelectionTemplate = null;
+//
+// //removed in MOAID 2.0
+// // override template url by url from configuration file
+//// if (oaParam.getBkuSelectionTemplateURL() != null) {
+//// bkuSelectionTemplateURL = oaParam.getBkuSelectionTemplateURL();
+//// }
+//
+//// if (bkuSelectionTemplateURL != null) {
+//// try {
+//// bkuSelectionTemplate = new String(FileUtils
+//// .readURL(bkuSelectionTemplateURL));
+//// } catch (IOException ex) {
+//// throw new AuthenticationException("auth.03", new Object[] {
+//// bkuSelectionTemplateURL, ex.toString() }, ex);
+//// }
+//// }
+//
+// String htmlForm = new SelectBKUFormBuilder().build(
+// bkuSelectionTemplate, returnURL, bkuSelectTag);
+// return htmlForm;
+// }
+// }
/**
* Method readBKUSelectTag.
@@ -416,24 +421,25 @@ public class AuthenticationServer implements MOAIDAuthConstants {
//build ReadInfobox request
String infoboxReadRequest = new InfoboxReadRequestBuilder().build(
- oaParam.getSlVersion12(), oaParam.getBusinessService(), oaParam
+ oaParam.isSlVersion12(), oaParam.getBusinessService(), oaParam
.getIdentityLinkDomainIdentifier());
String dataURL = new DataURLBuilder().buildDataURL(
session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session
.getSessionID());
+ //removed in MOAID 2.0
String pushInfobox = "";
- VerifyInfoboxParameters verifyInfoboxParameters = oaParam
- .getVerifyInfoboxParameters();
- if (verifyInfoboxParameters != null) {
- pushInfobox = verifyInfoboxParameters.getPushInfobox();
- session.setPushInfobox(pushInfobox);
- }
+// VerifyInfoboxParameters verifyInfoboxParameters = oaParam
+// .getVerifyInfoboxParameters();
+// if (verifyInfoboxParameters != null) {
+// pushInfobox = verifyInfoboxParameters.getPushInfobox();
+// session.setPushInfobox(pushInfobox);
+// }
//build CertInfo request
String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder()
- .build(oaParam.getSlVersion12());
+ .build(oaParam.isSlVersion12());
String certInfoDataURL = new DataURLBuilder()
.buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION,
session.getSessionID());
@@ -575,8 +581,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setIdentityLink(identityLink);
// now validate the extended infoboxes
- verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam
- .getProvideStammzahl());
+
+ //TODO: check correctness
+// verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam
+// .getProvideStammzahl());
+ verifyInfoboxes(session, infoboxReadResponseParameters, false);
//TODO: make it better!!
@@ -665,13 +674,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.10", new Object[] {
GET_MIS_SESSIONID, PARAM_SESSIONID });
- String sMandate = new String(mandate.getMandate());
- if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) {
- Logger.error("Mandate is empty.");
- throw new AuthenticationException("auth.16",
- new Object[] { GET_MIS_SESSIONID });
- }
-
//AuthenticationSession session = getSession(sessionID);
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
@@ -680,6 +682,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// sets the extended SAML attributes for OID (Organwalter)
setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam
.getBusinessService());
+
+ validateExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService());
+
+
} catch (SAXException e) {
throw new AuthenticationException("auth.16",
new Object[] { GET_MIS_SESSIONID }, e);
@@ -693,30 +699,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.16",
new Object[] { GET_MIS_SESSIONID }, e);
}
-
- if (oaParam.getProvideFullMandatorData()) {
- try {
- // set extended SAML attributes if provideMandatorData is true
- setExtendedSAMLAttributeForMandates(session, mandate, oaParam
- .getBusinessService(), oaParam.getProvideStammzahl());
-
- //AuthenticationSessionStoreage.storeSession(session);
-
- } catch (SAXException e) {
- throw new AuthenticationException("auth.16",
- new Object[] { GET_MIS_SESSIONID }, e);
- } catch (IOException e) {
- throw new AuthenticationException("auth.16",
- new Object[] { GET_MIS_SESSIONID }, e);
- } catch (ParserConfigurationException e) {
- throw new AuthenticationException("auth.16",
- new Object[] { GET_MIS_SESSIONID }, e);
- } catch (TransformerException e) {
- throw new AuthenticationException("auth.16",
- new Object[] { GET_MIS_SESSIONID }, e);
- }
- }
-
+
}
/**
@@ -766,14 +749,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// session.setAuthBlock(authBlock);
// builds the <CreateXMLSignatureRequest>
- String[] transformsInfos = oaParam.getTransformsInfos();
- if ((transformsInfos == null) || (transformsInfos.length == 0)) {
+ List<String> transformsInfos = oaParam.getTransformsInfos();
+ if ((transformsInfos == null) || (transformsInfos.size() == 0)) {
// no OA specific transforms specified, use default ones
transformsInfos = authConf.getTransformsInfos();
}
String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
.build(authBlock, oaParam.getKeyBoxIdentifier(),
- transformsInfos, oaParam.getSlVersion12());
+ transformsInfos, oaParam.isSlVersion12());
return createXMLSignatureRequest;
}
@@ -831,14 +814,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// session.setAuthBlock(authBlock);
// builds the <CreateXMLSignatureRequest>
- String[] transformsInfos = oaParam.getTransformsInfos();
- if ((transformsInfos == null) || (transformsInfos.length == 0)) {
+ List<String> transformsInfos = oaParam.getTransformsInfos();
+ if ((transformsInfos == null) || (transformsInfos.size() == 0)) {
// no OA specific transforms specified, use default ones
transformsInfos = authConf.getTransformsInfos();
}
String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
.build(authBlock, oaParam.getKeyBoxIdentifier(),
- transformsInfos, oaParam.getSlVersion12());
+ transformsInfos, oaParam.isSlVersion12());
System.out.println("XML: " + createXMLSignatureRequest);
@@ -1156,18 +1139,26 @@ public class AuthenticationServer implements MOAIDAuthConstants {
.getInstance();
// get the default VerifyInfobox parameters
Map defaultInfoboxParameters = null;
- VerifyInfoboxParameters defaultVerifyInfoboxParameters = authConfigurationProvider
- .getDefaultVerifyInfoboxParameters();
- if (defaultVerifyInfoboxParameters != null) {
- defaultInfoboxParameters = defaultVerifyInfoboxParameters
- .getInfoboxParameters();
- }
+
+ //removed in MOA-ID 2.0
+// VerifyInfoboxParameters defaultVerifyInfoboxParameters = authConfigurationProvider
+// .getDefaultVerifyInfoboxParameters();
+// if (defaultVerifyInfoboxParameters != null) {
+// defaultInfoboxParameters = defaultVerifyInfoboxParameters
+// .getInfoboxParameters();
+// }
+
// get the OA specific VerifyInfobox parameters
Map infoboxParameters = null;
OAAuthParameter oaParam = authConfigurationProvider
.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- VerifyInfoboxParameters verifyInfoboxParameters = oaParam
- .getVerifyInfoboxParameters();
+
+ //TODO: check correctness!!!!
+ //removed in MOAID 2.0
+// VerifyInfoboxParameters verifyInfoboxParameters = oaParam
+// .getVerifyInfoboxParameters();
+// VerifyInfoboxParameters verifyInfoboxParameters = null;
+
session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML
// Attributes
session.setExtendedSAMLAttributesOA(new Vector());
@@ -1175,191 +1166,191 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// System.out.println("SAML set: " +
// session.getExtendedSAMLAttributesAUTH().size());
- if (verifyInfoboxParameters != null) {
-
- infoboxParameters = verifyInfoboxParameters.getInfoboxParameters();
- // get the list of infobox identifiers
- List identifiers = verifyInfoboxParameters.getIdentifiers();
- if (identifiers != null) {
- // step through the identifiers and verify the infoboxes
- Iterator it = identifiers.iterator();
- while (it.hasNext()) {
- String identifier = (String) it.next();
- // get the infobox read response from the map of parameters
- String infoboxReadResponse = (String) infoboxReadResponseParams
- .get(identifier);
- // get the configuration parameters
- VerifyInfoboxParameter verifyInfoboxParameter = null;
- Object object = infoboxParameters.get(identifier);
- // if not present, use default
- if ((object == null) && (defaultInfoboxParameters != null)) {
- object = defaultInfoboxParameters.get(identifier);
- }
- if (object != null) {
- verifyInfoboxParameter = (VerifyInfoboxParameter) object;
- }
- if (infoboxReadResponse != null) {
- if (verifyInfoboxParameter == null) {
- // should not happen because of the pushinfobox
- // mechanism; check it anyway
- Logger.error("No validator for verifying \""
- + identifier + "\"-infobox configured.");
- throw new ValidateException("validator.41",
- new Object[] { identifier });
- } else {
- String friendlyName = verifyInfoboxParameter
- .getFriendlyName();
- boolean isParepRequest = false;
-
- // parse the infobox read reponse
- List infoboxTokenList = null;
- try {
- infoboxTokenList = ExtendedInfoboxReadResponseParser
- .parseInfoboxReadResponse(
- infoboxReadResponse,
- friendlyName);
- } catch (ParseException e) {
- Logger
- .error("InfoboxReadResponse for \""
- + identifier
- + "\"-infobox could not be parsed successfully: "
- + e.getMessage());
- throw new ValidateException("validator.43",
- new Object[] { friendlyName });
- }
- // set compatibility mode for mandates infobox and
- // all infoboxes (it is possible to be a parep
- // infobox)
- // session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams()));
- // check for party representation in mandates
- // infobox
- if (Constants.INFOBOXIDENTIFIER_MANDATES
- .equalsIgnoreCase(identifier)
- && !((infoboxTokenList == null || infoboxTokenList
- .size() == 0))) {
- // We need app specific parameters
- if (null == verifyInfoboxParameter
- .getApplicationSpecificParams()) {
- throw new ValidateException("validator.66",
- new Object[] { friendlyName });
- }
- Element mandate = ParepValidator
- .extractPrimaryToken(infoboxTokenList);
- // ParepUtils.serializeElement(mandate,
- // System.out);
- String mandateID = ParepUtils
- .extractRepresentativeID(mandate);
- if (!isEmpty(mandateID)
- && ("*".equals(mandateID) || mandateID
- .startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) {
- isParepRequest = true;
- }
- if (!isParepRequest) {
- // if mandates validator is disabled we must
- // throw an error in this case
- if (!ParepUtils
- .isValidatorEnabled(verifyInfoboxParameter
- .getApplicationSpecificParams())) {
- throw new ValidateException(
- "validator.60",
- new Object[] { friendlyName });
- }
- }
- }
-
- // get the class for validating the infobox
- InfoboxValidator infoboxValidator = null;
- try {
- Class validatorClass = null;
- if (isParepRequest) {
- // Mandates infobox in party representation
- // mode
- validatorClass = Class
- .forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator");
- } else {
- validatorClass = Class
- .forName(verifyInfoboxParameter
- .getValidatorClassName());
- }
- infoboxValidator = (InfoboxValidator) validatorClass
- .newInstance();
- } catch (Exception e) {
- Logger
- .error("Could not load validator class \""
- + verifyInfoboxParameter
- .getValidatorClassName()
- + "\" for \""
- + identifier
- + "\"-infobox: "
- + e.getMessage());
- throw new ValidateException("validator.42",
- new Object[] { friendlyName });
- }
- Logger
- .debug("Successfully loaded validator class \""
- + verifyInfoboxParameter
- .getValidatorClassName()
- + "\" for \""
- + identifier
- + "\"-infobox.");
- // build the parameters for validating the infobox
- InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder
- .buildInfoboxValidatorParams(session,
- verifyInfoboxParameter,
- infoboxTokenList, oaParam);
-
- // now validate the infobox
- InfoboxValidationResult infoboxValidationResult = null;
- try {
- infoboxValidationResult = infoboxValidator
- .validate(infoboxValidatorParams);
- } catch (ValidateException e) {
- Logger.error("Error validating " + identifier
- + " infobox:" + e.getMessage());
- throw new ValidateException("validator.44",
- new Object[] { friendlyName });
- }
- if (!infoboxValidationResult.isValid()) {
- Logger.info("Validation of " + identifier
- + " infobox failed.");
- throw new ValidateException("validator.40",
- new Object[] {
- friendlyName,
- infoboxValidationResult
- .getErrorMessage() });
- }
-
- Logger.info(identifier
- + " infobox successfully validated.");
- // store the validator for post processing
- session.addInfoboxValidator(identifier,
- friendlyName, infoboxValidator);
-
- // get the SAML attributes to be appended to the
- // AUTHBlock or to the final
- // SAML Assertion
- AddAdditionalSAMLAttributes(session,
- infoboxValidationResult
- .getExtendedSamlAttributes(),
- identifier, friendlyName);
- }
- } else {
- if ((verifyInfoboxParameter != null)
- && (verifyInfoboxParameter.isRequired())) {
- Logger
- .info("Infobox \""
- + identifier
- + "\" is required, but not returned from the BKU");
- throw new ValidateException("validator.48",
- new Object[] { verifyInfoboxParameter
- .getFriendlyName() });
- }
- Logger.debug("Infobox \"" + identifier
- + "\" not returned from BKU.");
- }
- }
- }
- }
+// if (verifyInfoboxParameters != null) {
+//
+// infoboxParameters = verifyInfoboxParameters.getInfoboxParameters();
+// // get the list of infobox identifiers
+// List identifiers = verifyInfoboxParameters.getIdentifiers();
+// if (identifiers != null) {
+// // step through the identifiers and verify the infoboxes
+// Iterator it = identifiers.iterator();
+// while (it.hasNext()) {
+// String identifier = (String) it.next();
+// // get the infobox read response from the map of parameters
+// String infoboxReadResponse = (String) infoboxReadResponseParams
+// .get(identifier);
+// // get the configuration parameters
+// VerifyInfoboxParameter verifyInfoboxParameter = null;
+// Object object = infoboxParameters.get(identifier);
+// // if not present, use default
+// if ((object == null) && (defaultInfoboxParameters != null)) {
+// object = defaultInfoboxParameters.get(identifier);
+// }
+// if (object != null) {
+// verifyInfoboxParameter = (VerifyInfoboxParameter) object;
+// }
+// if (infoboxReadResponse != null) {
+// if (verifyInfoboxParameter == null) {
+// // should not happen because of the pushinfobox
+// // mechanism; check it anyway
+// Logger.error("No validator for verifying \""
+// + identifier + "\"-infobox configured.");
+// throw new ValidateException("validator.41",
+// new Object[] { identifier });
+// } else {
+// String friendlyName = verifyInfoboxParameter
+// .getFriendlyName();
+// boolean isParepRequest = false;
+//
+// // parse the infobox read reponse
+// List infoboxTokenList = null;
+// try {
+// infoboxTokenList = ExtendedInfoboxReadResponseParser
+// .parseInfoboxReadResponse(
+// infoboxReadResponse,
+// friendlyName);
+// } catch (ParseException e) {
+// Logger
+// .error("InfoboxReadResponse for \""
+// + identifier
+// + "\"-infobox could not be parsed successfully: "
+// + e.getMessage());
+// throw new ValidateException("validator.43",
+// new Object[] { friendlyName });
+// }
+// // set compatibility mode for mandates infobox and
+// // all infoboxes (it is possible to be a parep
+// // infobox)
+// // session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams()));
+// // check for party representation in mandates
+// // infobox
+// if (Constants.INFOBOXIDENTIFIER_MANDATES
+// .equalsIgnoreCase(identifier)
+// && !((infoboxTokenList == null || infoboxTokenList
+// .size() == 0))) {
+// // We need app specific parameters
+// if (null == verifyInfoboxParameter
+// .getApplicationSpecificParams()) {
+// throw new ValidateException("validator.66",
+// new Object[] { friendlyName });
+// }
+// Element mandate = ParepValidator
+// .extractPrimaryToken(infoboxTokenList);
+// // ParepUtils.serializeElement(mandate,
+// // System.out);
+// String mandateID = ParepUtils
+// .extractRepresentativeID(mandate);
+// if (!isEmpty(mandateID)
+// && ("*".equals(mandateID) || mandateID
+// .startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) {
+// isParepRequest = true;
+// }
+// if (!isParepRequest) {
+// // if mandates validator is disabled we must
+// // throw an error in this case
+// if (!ParepUtils
+// .isValidatorEnabled(verifyInfoboxParameter
+// .getApplicationSpecificParams())) {
+// throw new ValidateException(
+// "validator.60",
+// new Object[] { friendlyName });
+// }
+// }
+// }
+//
+// // get the class for validating the infobox
+// InfoboxValidator infoboxValidator = null;
+// try {
+// Class validatorClass = null;
+// if (isParepRequest) {
+// // Mandates infobox in party representation
+// // mode
+// validatorClass = Class
+// .forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator");
+// } else {
+// validatorClass = Class
+// .forName(verifyInfoboxParameter
+// .getValidatorClassName());
+// }
+// infoboxValidator = (InfoboxValidator) validatorClass
+// .newInstance();
+// } catch (Exception e) {
+// Logger
+// .error("Could not load validator class \""
+// + verifyInfoboxParameter
+// .getValidatorClassName()
+// + "\" for \""
+// + identifier
+// + "\"-infobox: "
+// + e.getMessage());
+// throw new ValidateException("validator.42",
+// new Object[] { friendlyName });
+// }
+// Logger
+// .debug("Successfully loaded validator class \""
+// + verifyInfoboxParameter
+// .getValidatorClassName()
+// + "\" for \""
+// + identifier
+// + "\"-infobox.");
+// // build the parameters for validating the infobox
+// InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder
+// .buildInfoboxValidatorParams(session,
+// verifyInfoboxParameter,
+// infoboxTokenList, oaParam);
+//
+// // now validate the infobox
+// InfoboxValidationResult infoboxValidationResult = null;
+// try {
+// infoboxValidationResult = infoboxValidator
+// .validate(infoboxValidatorParams);
+// } catch (ValidateException e) {
+// Logger.error("Error validating " + identifier
+// + " infobox:" + e.getMessage());
+// throw new ValidateException("validator.44",
+// new Object[] { friendlyName });
+// }
+// if (!infoboxValidationResult.isValid()) {
+// Logger.info("Validation of " + identifier
+// + " infobox failed.");
+// throw new ValidateException("validator.40",
+// new Object[] {
+// friendlyName,
+// infoboxValidationResult
+// .getErrorMessage() });
+// }
+//
+// Logger.info(identifier
+// + " infobox successfully validated.");
+// // store the validator for post processing
+// session.addInfoboxValidator(identifier,
+// friendlyName, infoboxValidator);
+//
+// // get the SAML attributes to be appended to the
+// // AUTHBlock or to the final
+// // SAML Assertion
+// AddAdditionalSAMLAttributes(session,
+// infoboxValidationResult
+// .getExtendedSamlAttributes(),
+// identifier, friendlyName);
+// }
+// } else {
+// if ((verifyInfoboxParameter != null)
+// && (verifyInfoboxParameter.isRequired())) {
+// Logger
+// .info("Infobox \""
+// + identifier
+// + "\" is required, but not returned from the BKU");
+// throw new ValidateException("validator.48",
+// new Object[] { verifyInfoboxParameter
+// .getFriendlyName() });
+// }
+// Logger.debug("Infobox \"" + identifier
+// + "\" not returned from BKU.");
+// }
+// }
+// }
+// }
}
/**
@@ -1378,18 +1369,23 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @throws IOException
* @throws SAXException
*/
- private void setExtendedSAMLAttributeForMandates(
+ private void validateExtendedSAMLAttributeForMandates(
AuthenticationSession session, MISMandate mandate,
- boolean business, boolean provideStammzahl)
+ boolean business)
throws ValidateException, ConfigurationException, SAXException,
IOException, ParserConfigurationException, TransformerException {
- ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributes(
- mandate, business, provideStammzahl);
+ ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes(
+ mandate, business, false);
- AddAdditionalSAMLAttributes(session, extendedSamlAttributes,
- "MISService", "MISService");
+ int length = extendedSAMLAttributes.length;
+ for (int i = 0; i < length; i++) {
+ ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i];
+ Object value = verifySAMLAttribute(samlAttribute, i, "MISService",
+ "MISService");
+
+ }
}
/**
@@ -1421,56 +1417,56 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
- /**
- * Intermediate processing of the infoboxes. The first pending infobox
- * validator may validate the provided input
- *
- * @param session
- * The current authentication session
- * @param parameters
- * The parameters got returned by the user input fields
- */
- public static void processInput(AuthenticationSession session,
- Map parameters) throws ValidateException {
-
- // post processing of the infoboxes
- Iterator iter = session.getInfoboxValidatorIterator();
- if (iter != null) {
- while (iter.hasNext()) {
- Vector infoboxValidatorVector = (Vector) iter.next();
- InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
- .get(2);
- if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) {
- String identifier = (String) infoboxValidatorVector.get(0);
- String friendlyName = (String) infoboxValidatorVector
- .get(1);
- InfoboxValidationResult infoboxValidationResult = null;
- try {
- infoboxValidationResult = infoboxvalidator
- .validate(parameters);
- } catch (ValidateException e) {
- Logger.error("Error validating " + identifier
- + " infobox:" + e.getMessage());
- throw new ValidateException("validator.44",
- new Object[] { friendlyName });
- }
- if (!infoboxValidationResult.isValid()) {
- Logger.info("Validation of " + identifier
- + " infobox failed.");
- throw new ValidateException("validator.40",
- new Object[] {
- friendlyName,
- infoboxValidationResult
- .getErrorMessage() });
- }
- AddAdditionalSAMLAttributes(
- session,
- infoboxValidationResult.getExtendedSamlAttributes(),
- identifier, friendlyName);
- }
- }
- }
- }
+// /**
+// * Intermediate processing of the infoboxes. The first pending infobox
+// * validator may validate the provided input
+// *
+// * @param session
+// * The current authentication session
+// * @param parameters
+// * The parameters got returned by the user input fields
+// */
+// public static void processInput(AuthenticationSession session,
+// Map parameters) throws ValidateException {
+//
+// // post processing of the infoboxes
+// Iterator iter = session.getInfoboxValidatorIterator();
+// if (iter != null) {
+// while (iter.hasNext()) {
+// Vector infoboxValidatorVector = (Vector) iter.next();
+// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
+// .get(2);
+// if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) {
+// String identifier = (String) infoboxValidatorVector.get(0);
+// String friendlyName = (String) infoboxValidatorVector
+// .get(1);
+// InfoboxValidationResult infoboxValidationResult = null;
+// try {
+// infoboxValidationResult = infoboxvalidator
+// .validate(parameters);
+// } catch (ValidateException e) {
+// Logger.error("Error validating " + identifier
+// + " infobox:" + e.getMessage());
+// throw new ValidateException("validator.44",
+// new Object[] { friendlyName });
+// }
+// if (!infoboxValidationResult.isValid()) {
+// Logger.info("Validation of " + identifier
+// + " infobox failed.");
+// throw new ValidateException("validator.40",
+// new Object[] {
+// friendlyName,
+// infoboxValidationResult
+// .getErrorMessage() });
+// }
+// AddAdditionalSAMLAttributes(
+// session,
+// infoboxValidationResult.getExtendedSamlAttributes(),
+// identifier, friendlyName);
+// }
+// }
+// }
+// }
/**
* Adds given SAML Attributes to the current session. They will be appended
@@ -1581,7 +1577,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @throws TransformerException
*/
- private static ExtendedSAMLAttribute[] addExtendedSamlAttributes(
+ protected static ExtendedSAMLAttribute[] addExtendedSamlAttributes(
MISMandate mandate, boolean business, boolean provideStammzahl)
throws SAXException, IOException, ParserConfigurationException,
TransformerException {
@@ -1733,7 +1729,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
return doc.getDocumentElement();
}
- private static void replaceExtendedSAMLAttribute(List attributes,
+ protected static void replaceExtendedSAMLAttribute(List attributes,
ExtendedSAMLAttribute samlAttribute) {
if (null == attributes) {
attributes = new Vector();
@@ -1813,7 +1809,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// validates <CreateXMLSignatureResponse>
new CreateXMLSignatureResponseValidator().validate(csresp, session);
// builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call
- String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
+ List<String> vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
String tpid = authConf.getMoaSpAuthBlockTrustProfileID();
Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp,
vtids, tpid);
@@ -1997,223 +1993,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @return SAML artifact needed for retrieving authentication data, encoded
* BASE64
*/
- public String verifyAuthenticationBlockMandate(AuthenticationSession session,
- Element mandate) throws AuthenticationException, BuildException,
- ParseException, ConfigurationException, ServiceException,
- ValidateException {
- if (session == null)
- throw new AuthenticationException("auth.10", new Object[] {
- REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID });
-
- //AuthenticationSession session = getSession(sessionID);
- // AuthConfigurationProvider authConf =
- // AuthConfigurationProvider.getInstance();
-
- IdentityLink tempIdentityLink = null;
-
- if (session.getUseMandate()) {
- tempIdentityLink = new IdentityLink();
- Element mandator = ParepUtils.extractMandator(mandate);
- String dateOfBirth = "";
- Element prPerson = null;
- String familyName = "";
- String givenName = "";
- String identificationType = "";
- String identificationValue = "";
- if (mandator != null) {
- boolean physical = ParepUtils.isPhysicalPerson(mandator);
- if (physical) {
- familyName = ParepUtils.extractText(mandator,
- "descendant-or-self::pr:Name/pr:FamilyName/text()");
- givenName = ParepUtils.extractText(mandator,
- "descendant-or-self::pr:Name/pr:GivenName/text()");
- dateOfBirth = ParepUtils
- .extractMandatorDateOfBirth(mandator);
- } else {
- familyName = ParepUtils.extractMandatorFullName(mandator);
- }
- identificationType = ParepUtils.getIdentification(mandator,
- "Type");
- identificationValue = ParepUtils.extractMandatorWbpk(mandator);
-
- prPerson = ParepUtils.extractPrPersonOfMandate(mandate);
- if (physical
- && session.getBusinessService()
- && identificationType != null
- && Constants.URN_PREFIX_BASEID
- .equals(identificationType)) {
- // now we calculate the wbPK and do so if we got it from the
- // BKU
- identificationType = Constants.URN_PREFIX_WBPK + "+"
- + session.getDomainIdentifier();
- identificationValue = new BPKBuilder().buildWBPK(
- identificationValue, session.getDomainIdentifier());
- ParepUtils
- .HideStammZahlen(prPerson, true, null, null, true);
- }
-
- tempIdentityLink.setDateOfBirth(dateOfBirth);
- tempIdentityLink.setFamilyName(familyName);
- tempIdentityLink.setGivenName(givenName);
- tempIdentityLink.setIdentificationType(identificationType);
- tempIdentityLink.setIdentificationValue(identificationValue);
- tempIdentityLink.setPrPerson(prPerson);
- try {
- tempIdentityLink.setSamlAssertion(session.getIdentityLink()
- .getSamlAssertion());
- } catch (Exception e) {
- throw new ValidateException("validator.64", null);
- }
-
- }
-
- }
-
- // builds authentication data and stores it together with a SAML
- // artifact
-
- // TODO: Check, if this element is in use!!!!
- //AuthenticationData authData = session.getAssertionAuthData(); // buildAuthenticationData(session,
- // vsresp,
- // replacementIdentityLink);
-
-
- Element mandatePerson = tempIdentityLink.getPrPerson();
-// try {
-// System.out.println("MANDATE: " +
-// DOMUtils.serializeNode(mandatePerson));
-// }
-// catch(Exception e) {
-// e.printStackTrace();
-// }
- String mandateData = null;
- boolean useCondition = false;
- int conditionLength = -1;
- try {
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
- boolean provideStammzahl = oaParam.getProvideStammzahl();
- useCondition = oaParam.getUseCondition();
- conditionLength = oaParam.getConditionLength();
-
- String oatargetType;
-
- if(session.getBusinessService()) {
- oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier();
-
- } else {
- oatargetType = AuthenticationSession.TARGET_PREFIX_ + session.getTarget();
- }
-
- Element prIdentification = (Element) mandatePerson
- .getElementsByTagNameNS(Constants.PD_NS_URI,
- "Identification").item(0);
-
- if (!oatargetType.equals(tempIdentityLink.getIdentificationType())) {
-
- String isPrPerson = mandatePerson.getAttribute("xsi:type");
-
- if (!StringUtils.isEmpty(isPrPerson)) {
- if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) {
- String baseid = getBaseId(mandatePerson);
- Element identificationBpK = createIdentificationBPK(mandatePerson,
- baseid, session.getTarget());
-
- if (!provideStammzahl) {
- prIdentification.getFirstChild().setTextContent("");
- }
-
- mandatePerson.insertBefore(identificationBpK,
- prIdentification);
- }
- }
-
- } else {
-
-// Element identificationBpK = mandatePerson.getOwnerDocument()
-// .createElementNS(Constants.PD_NS_URI, "Identification");
-// Element valueBpK = mandatePerson.getOwnerDocument().createElementNS(
-// Constants.PD_NS_URI, "Value");
-//
-// valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode(
-// tempIdentityLink.getIdentificationValue()));
-// Element typeBpK = mandatePerson.getOwnerDocument().createElementNS(
-// Constants.PD_NS_URI, "Type");
-// typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode(
-// "urn:publicid:gv.at:cdid+bpk"));
-// identificationBpK.appendChild(valueBpK);
-// identificationBpK.appendChild(typeBpK);
-//
-// mandatePerson.insertBefore(identificationBpK, prIdentification);
- }
-
-
- mandateData = DOMUtils.serializeNode(mandatePerson);
-
- } catch (TransformerException e1) {
- throw new AuthenticationException("auth.16",
- new Object[] { GET_MIS_SESSIONID });
- } catch (IOException e1) {
- throw new AuthenticationException("auth.16",
- new Object[] { GET_MIS_SESSIONID });
- }
-
- //TODO: Check, if this element is in use!!!
- //session.setAuthData(authData);
-
- session.setMandateData(mandateData);
- session.setAuthenticatedUsed(false);
- session.setAuthenticated(true);
-
- String oldsessionID = session.getSessionID();
-
- //Session is implicite stored in changeSessionID!!!
- String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
-
- Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID);
- Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
- return newMOASessionID;
-
- /*
- String samlAssertion = new AuthenticationDataAssertionBuilder()
- .buildMandate(authData, session.getAssertionPrPerson(),
- mandateData, session.getAssertionAuthBlock(), session
- .getAssertionIlAssertion(),
- session.getBkuURL(), session
- .getAssertionSignerCertificateBase64(), session
- .getAssertionBusinessService(), session
- .getSourceID(), session
- .getExtendedSAMLAttributesOA(), useCondition,
- conditionLength);
- authData.setSamlAssertion(samlAssertion);
-
- String assertionFile = AuthConfigurationProvider.getInstance()
- .getGenericConfigurationParameter(
- "AuthenticationServer.WriteAssertionToFile");
- if (!ParepUtils.isEmpty(assertionFile))
- try {
- ParepUtils.saveStringToFile(samlAssertion, new File(
- assertionFile));
- } catch (IOException e) {
- throw new BuildException("builder.00", new Object[] {
- "AuthenticationData", e.toString() }, e);
- }
-
- String samlArtifact = new SAMLArtifactBuilder().build(session
- .getAuthURL(), session.getSessionID(), session.getSourceID());
- storeAuthenticationData(samlArtifact, authData);
-
- // invalidates the authentication session
- sessionStore.remove(sessionID);
- Logger.info("Anmeldedaten zu MOASession " + sessionID
- + " angelegt, SAML Artifakt " + samlArtifact);
- return samlArtifact;*/
-
- }
-
- private Element createIdentificationBPK(Element mandatePerson,
+ protected Element createIdentificationBPK(Element mandatePerson,
String baseid, String target) throws BuildException {
Element identificationBpK = mandatePerson.getOwnerDocument()
.createElementNS(Constants.PD_NS_URI, "Identification");
@@ -2234,7 +2015,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
- private String getBaseId(Element mandatePerson)
+ protected String getBaseId(Element mandatePerson)
throws TransformerException, IOException {
NodeList list = mandatePerson.getElementsByTagNameNS(
Constants.PD_NS_URI, "Identification");
@@ -2437,11 +2218,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {
authData.setBkuURL(session.getBkuURL());
authData.setUseUTC(oaParam.getUseUTC());
- boolean provideStammzahl = oaParam.getProvideStammzahl();
- if (provideStammzahl) {
- authData.setIdentificationValue(identityLink
- .getIdentificationValue());
- }
+ //TODO: check correctness
+// boolean provideStammzahl = oaParam.getProvideStammzahl();
+// if (provideStammzahl) {
+// authData.setIdentificationValue(identityLink
+// .getIdentificationValue());
+// }
// String prPerson = new PersonDataBuilder().build(identityLink,
// provideStammzahl);
@@ -2599,7 +2381,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
//clean AuthenticationSessionStore
//TODO: acutally the StartAuthentificaten timestamp is used!!!!!
//TODO: maybe change this to lastupdate timestamp.
- AuthenticationSessionStoreage.clean(now, sessionTimeOut);
+ AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated);
//clean AssertionStore
AssertionStorage assertionstore = AssertionStorage.getInstance();
@@ -2612,8 +2394,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @param seconds
* Time out of the session in seconds
*/
- public void setSecondsSessionTimeOut(long seconds) {
- sessionTimeOut = 1000 * seconds;
+ public void setSecondsSessionTimeOutCreated(long seconds) {
+ sessionTimeOutCreated = seconds * 1000;
+ }
+
+ public void setSecondsSessionTimeOutUpdated(long seconds) {
+ sessionTimeOutUpdated = seconds * 1000;
}
/**
@@ -2623,7 +2409,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* Time out for signing AuthData in seconds
*/
public void setSecondsAuthDataTimeOut(long seconds) {
- authDataTimeOut = 1000 * seconds;
+ authDataTimeOut = seconds * 1000;
}
/**
@@ -2650,7 +2436,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* the friendly name of the infobox for messages
* @return the SAML attribute value (Element or String)
*/
- private static Object verifySAMLAttribute(
+ protected static Object verifySAMLAttribute(
ExtendedSAMLAttribute samlAttribute, int i, String identifier,
String friendlyName) throws ValidateException {
String name = samlAttribute.getName();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index e23b26417..725773b75 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -28,7 +28,7 @@ import iaik.pki.PKIException;
import iaik.pki.jsse.IAIKX509TrustManager;
import java.io.IOException;
-import java.io.PrintWriter;
+import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.util.Properties;
@@ -37,9 +37,6 @@ import javax.activation.MailcapCommandMap;
import javax.mail.Session;
import javax.net.ssl.SSLSocketFactory;
-import org.apache.commons.logging.impl.SLF4JLog;
-import org.apache.log4j.config.PropertyPrinter;
-
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
@@ -177,40 +174,26 @@ public class MOAIDAuthInitializer {
}
- //TODO: Set TimeOuts!!!
// sets the authentication session and authentication data time outs
- String param = authConf
- .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY);
+ BigInteger param = authConf.getTimeOuts().getMOASessionCreated();
if (param != null) {
- long sessionTimeOut = 0;
- try {
- sessionTimeOut = new Long(param).longValue();
- } catch (NumberFormatException ex) {
- Logger
- .error(MOAIDMessageProvider
- .getInstance()
- .getMessage(
- "config.05",
- new Object[] { AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY }));
- }
+ long sessionTimeOut = param.longValue();
if (sessionTimeOut > 0)
AuthenticationServer.getInstance()
- .setSecondsSessionTimeOut(sessionTimeOut);
+ .setSecondsSessionTimeOutCreated(sessionTimeOut);
}
- param = authConf
- .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY);
+
+ param = authConf.getTimeOuts().getMOASessionUpdated();
if (param != null) {
- long authDataTimeOut = 0;
- try {
- authDataTimeOut = new Long(param).longValue();
- } catch (NumberFormatException ex) {
- Logger
- .error(MOAIDMessageProvider
- .getInstance()
- .getMessage(
- "config.05",
- new Object[] { AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY }));
- }
+ long sessionTimeOut = param.longValue();
+ if (sessionTimeOut > 0)
+ AuthenticationServer.getInstance()
+ .setSecondsSessionTimeOutUpdated(sessionTimeOut);
+ }
+
+ param = authConf.getTimeOuts().getAssertion();
+ if (param != null) {
+ long authDataTimeOut = param.longValue();
if (authDataTimeOut > 0)
AuthenticationServer.getInstance()
.setSecondsAuthDataTimeOut(authDataTimeOut);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index 245ab206d..23596abda 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -26,6 +26,7 @@ package at.gv.egovernment.moa.id.auth.builder;
import java.text.MessageFormat;
import java.util.Calendar;
+import java.util.List;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
@@ -80,17 +81,22 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
* @param slVersion12 specifies whether the Security Layer version number is 1.2 or not
* @return String representation of <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos, boolean slVersion12) {
+ public String build(String authBlock, String keyBoxIdentifier, List<String> dsigTransformInfos, boolean slVersion12) {
String sl10Prefix;
String sl11Prefix;
String slNsDeclaration;
String dsigTransformInfosString = "";
- for (int i = 0; i < dsigTransformInfos.length; i++) {
- dsigTransformInfosString += dsigTransformInfos[i];
+
+ for (String element : dsigTransformInfos) {
+ dsigTransformInfosString += element;
}
+// for (int i = 0; i < dsigTransformInfos.length; i++) {
+// dsigTransformInfosString += dsigTransformInfos[i];
+// }
+
if (slVersion12) {
// replace the SecurityLayer namespace prefixes and URIs within the transforms
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
index 4dd6ac78b..9b7cc41ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
@@ -60,27 +60,23 @@ public class DataURLBuilder {
String individualDataURLPrefix = null;
String dataURL;
- try {
- //check if an individual prefix is configured
- individualDataURLPrefix = AuthConfigurationProvider.getInstance().
- getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX);
-
- if (null != individualDataURLPrefix) {
-
- //check individualDataURLPrefix
- if(!individualDataURLPrefix.startsWith("http"))
- throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix}));
-
- //when ok then use it
- dataURL = individualDataURLPrefix + authServletName;
- } else
- dataURL = authBaseURL + authServletName;
-
- } catch (ConfigurationException e) {
- Logger.warn(e);
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", new Object[] { authBaseURL } ));
- dataURL = authBaseURL + authServletName;
- }
+
+ //is removed from config in MOA-ID 2.0
+ //check if an individual prefix is configured
+// individualDataURLPrefix = AuthConfigurationProvider.getInstance().
+// getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX);
+//
+// if (null != individualDataURLPrefix) {
+//
+// //check individualDataURLPrefix
+// if(!individualDataURLPrefix.startsWith("http"))
+// throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix}));
+//
+// //when ok then use it
+// dataURL = individualDataURLPrefix + authServletName;
+// } else
+
+ dataURL = authBaseURL + authServletName;
dataURL = addParameter(dataURL, AuthServlet.PARAM_SESSIONID, sessionID);
return dataURL;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
index fa1de87de..913b12d49 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
@@ -99,7 +99,11 @@ public class InfoboxValidatorParamsBuilder {
}
infoboxValidatorParams.setIdentityLink(identityLinkElem);
}
- infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl());
+
+ //TODO: check if this is Protocol specific
+ //infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl());
+ infoboxValidatorParams.setHideStammzahl(true);
+
return infoboxValidatorParams;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
index a81baafac..ed55d660c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
@@ -6,17 +6,22 @@ import java.io.StringWriter;
import org.apache.commons.io.IOUtils;
import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
+import at.gv.egovernment.moa.id.config.OAParameter;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
import at.gv.egovernment.moa.logging.Logger;
public class LoginFormBuilder {
- private static String SERVLET = "GenerateIframeTemplate";
+ private static String SERVLET = "./GenerateIframeTemplate";
private static String AUTH_URL = "#AUTH_URL#";
private static String MODUL = "#MODUL#";
private static String ACTION = "#ACTION#";
private static String OANAME = "#OAName#";
+ private static String BKU_ONLINE = "#ONLINE#";
+ private static String BKU_HANDY = "#HANDY#";
+ private static String BKU_LOCAL = "#LOCAL#";
private static String template;
@@ -32,6 +37,9 @@ public class LoginFormBuilder {
IOUtils.copy(input, writer);
template = writer.toString();
template = template.replace(AUTH_URL, SERVLET);
+ template = template.replace(BKU_ONLINE, OAAuthParameter.ONLINEBKU);
+ template = template.replace(BKU_HANDY, OAAuthParameter.HANDYBKU);
+ template = template.replace(BKU_LOCAL, OAAuthParameter.LOCALBKU);
} catch (Exception e) {
Logger.error("Failed to read template", e);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java
new file mode 100644
index 000000000..6d10f5519
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java
@@ -0,0 +1,43 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.InputStream;
+import java.io.StringWriter;
+
+import org.apache.commons.io.IOUtils;
+
+import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class RedirectFormBuilder {
+
+ private static String URL = "#URL#";
+ private static String template;
+
+ private static String getTemplate() {
+
+ if (template == null) {
+ try {
+ String classpathLocation = "resources/templates/redirectForm.html";
+ InputStream input = Thread.currentThread()
+ .getContextClassLoader()
+ .getResourceAsStream(classpathLocation);
+ StringWriter writer = new StringWriter();
+ IOUtils.copy(input, writer);
+ template = writer.toString();
+ } catch (Exception e) {
+ Logger.error("Failed to read template", e);
+ }
+ }
+
+ return template;
+ }
+
+ public static String buildLoginForm(String url) {
+ String value = getTemplate();
+ value = value.replace(URL, url);
+
+ return value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
index a0fe0de1b..304a5b70c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
@@ -72,7 +72,7 @@ public class SAMLArtifactBuilder {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] sourceID;
// alternative sourceId
- String alternativeSourceID = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(GENERIC_CONFIG_PARAM_SOURCEID);
+ String alternativeSourceID = AuthConfigurationProvider.getInstance().getAlternativeSourceID();
// if sourceID is given in GET/POST param - use this as source id
if (!ParepUtils.isEmpty(sourceIdParam)) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index 5e6d47bdf..b65b3db0d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -24,6 +24,8 @@
package at.gv.egovernment.moa.id.auth.builder;
+import java.util.List;
+
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -253,7 +255,7 @@ public class VerifyXMLSignatureRequestBuilder {
*/
public Element build(
CreateXMLSignatureResponse csr,
- String[] verifyTransformsInfoProfileID,
+ List<String> verifyTransformsInfoProfileID,
String trustProfileID)
throws BuildException { //samlAssertionObject
@@ -286,13 +288,25 @@ public class VerifyXMLSignatureRequestBuilder {
// add the transform profile IDs
Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
- for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) {
- Element verifyTransformsInfoProfileIDElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID");
- referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem);
- verifyTransformsInfoProfileIDElem.appendChild(
- requestDoc_.createTextNode(verifyTransformsInfoProfileID[i]));
- }
+
+// for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) {
+//
+// Element verifyTransformsInfoProfileIDElem =
+// requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID");
+// referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem);
+// verifyTransformsInfoProfileIDElem.appendChild(
+// requestDoc_.createTextNode(verifyTransformsInfoProfileID[i]));
+// }
+
+ for (String element : verifyTransformsInfoProfileID) {
+
+ Element verifyTransformsInfoProfileIDElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID");
+ referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem);
+ verifyTransformsInfoProfileIDElem.appendChild(
+ requestDoc_.createTextNode(element));
+ }
+
Element returnHashInputDataElem =
requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
requestElem_.appendChild(returnHashInputDataElem);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 4001fdd1a..ffe938d89 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.data;
import iaik.x509.X509Certificate;
+import java.io.IOException;
import java.io.Serializable;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
@@ -34,13 +35,19 @@ import java.util.Iterator;
import java.util.List;
import java.util.Vector;
+import javax.xml.parsers.ParserConfigurationException;
+
import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
import eu.stork.mw.messages.saml.STORKAuthnRequest;
/**
@@ -125,7 +132,7 @@ public class AuthenticationSession implements Serializable {
*
* Mandate element
*/
- private Element mandate;
+ private MISMandate mandate;
/**
* Reference value for mandate
@@ -1081,11 +1088,26 @@ public class AuthenticationSession implements Serializable {
XMLVerifySignatureResponse = xMLVerifySignatureResponse;
}
- public Element getMandate() {
+ public MISMandate getMISMandate() {
return mandate;
}
- public void setMandate(Element mandate) {
+ public void setMISMandate(MISMandate mandate) {
this.mandate = mandate;
}
+
+ public Element getMandate() {
+ try {
+ byte[] byteMandate = mandate.getMandate();
+ String stringMandate = new String(byteMandate);
+ return DOMUtils.parseDocument(stringMandate, false,
+ null, null).getDocumentElement();
+
+ }catch (Throwable e) {
+ Logger.warn("Mandate content could not be generated from MISMandate.");
+ return null;
+ }
+
+
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 63ad62662..b0a4f2f8a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -25,7 +25,6 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
public static void parse(AuthenticationSession moasession,
String target,
- String sourceID,
String oaURL,
String bkuURL,
String templateURL,
@@ -40,7 +39,6 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
// escape parameter strings
//TODO: use URLEncoder.encode!!
target = StringEscapeUtils.escapeHtml(target);
- sourceID = StringEscapeUtils.escapeHtml(sourceID);
oaURL = StringEscapeUtils.escapeHtml(oaURL);
bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
templateURL = StringEscapeUtils.escapeHtml(templateURL);
@@ -49,15 +47,9 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
// check parameter
if (!ParamValidatorUtils.isValidOA(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
- if (!ParamValidatorUtils.isValidBKUURI(bkuURL))
- throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
- if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
- throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+ throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
if (!ParamValidatorUtils.isValidUseMandate(useMandate))
throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
- if (!ParamValidatorUtils.isValidSourceID(sourceID))
- throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
if (!ParamValidatorUtils.isValidCCC(ccc))
throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
@@ -115,6 +107,10 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
}
+ //Validate BKU URI
+ if (!ParamValidatorUtils.isValidBKUURI(bkuURL, oaParam.getBKUURL()))
+ throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
+
if (!oaParam.getBusinessService()) {
if (isEmpty(target))
throw new WrongParametersException("StartAuthentication",
@@ -155,20 +151,23 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
// check if HTTP Connection may be allowed (through
// FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
- String boolStr = AuthConfigurationProvider
- .getInstance()
- .getGenericConfigurationParameter(
- AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+ //INFO: removed from MOA-ID 2.0 Config
+// String boolStr = AuthConfigurationProvider
+// .getInstance()
+// .getGenericConfigurationParameter(
+// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+
if ((!authURL.startsWith("https:"))
- && (false == BoolUtils.valueOf(boolStr)))
+// && (false == BoolUtils.valueOf(boolStr))
+ )
throw new AuthenticationException("auth.07",
new Object[] { authURL + "*" });
moasession.setAuthURL(authURL);
- //check and set SourceID
- if (sourceID != null)
- moasession.setSourceID(sourceID);
+// //check and set SourceID
+// if (sourceID != null)
+// moasession.setSourceID(sourceID);
// BKU URL has not been set yet, even if session already exists
if (bkuURL == null) {
@@ -179,7 +178,11 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
}
}
moasession.setBkuURL(bkuURL);
+
+ if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+
// override template url by url from configuration file
if (oaParam.getTemplateURL() != null) {
templateURL = oaParam.getTemplateURL();
@@ -213,7 +216,6 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
//get Parameters from request
String target = req.getParameter(PARAM_TARGET);
- String sourceID = req.getParameter(PARAM_SOURCEID);
String oaURL = req.getParameter(PARAM_OA);
String bkuURL = req.getParameter(PARAM_BKU);
String templateURL = req.getParameter(PARAM_TEMPLATE);
@@ -223,7 +225,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
oaURL = request.getOAURL();
target = request.getTarget();
- parse(moasession, target, sourceID, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req);
+ parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index 187cf4fdb..4b15d80b4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -415,12 +415,15 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
throws AuthenticationException, ConfigurationException {
// check if HTTP Connection may be allowed (through
// FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
- String boolStr = AuthConfigurationProvider
- .getInstance()
- .getGenericConfigurationParameter(
- AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+
+ //Removed from MOA-ID 2.0 config
+// String boolStr = AuthConfigurationProvider
+// .getInstance()
+// .getGenericConfigurationParameter(
+// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
if ((!authURL.startsWith("https:"))
- && (false == BoolUtils.valueOf(boolStr)))
+ //&& (false == BoolUtils.valueOf(boolStr))
+ )
throw new AuthenticationException("auth.07", new Object[] { authURL
+ "*" });
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index e6eecd11b..2ea34ee12 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -86,15 +86,16 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
//load Parameters from config
String target = oaParam.getTarget();
- String sourceID = ""; //TODO: load from Config
- String bkuURL = getBKUURIFromConfig(Integer.valueOf(bkuid), oaParam);
- String templateURL = getTemplateURIFromConfig(Integer.valueOf(bkuid), oaParam);;
-
+// String sourceID = ""; //TODO: load from Config
+// String bkuURL = getBKUURIFromConfig(Integer.valueOf(bkuid), oaParam);
+// String templateURL = getTemplateURIFromConfig(Integer.valueOf(bkuid), oaParam);
+
+ String bkuURL = oaParam.getBKUURL(bkuid);
+ String templateURL = AuthConfigurationProvider.getInstance().getSLRequestTemplates(bkuid);
//parse all OA parameters i
StartAuthentificationParameterParser.parse(moasession,
target,
- sourceID,
moasession.getOAURLRequested(),
bkuURL,
templateURL,
@@ -136,43 +137,43 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
}
- private String getTemplateURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException {
- //TODO: CHANGE to real OA config
-
- List<String> bkuURIs = Arrays.asList(
- "http://localhost:8080/moa-id-auth/template_onlineBKU.html",
- "http://localhost:8080/moa-id-auth/template_handyBKU.html",
- "http://127.0.0.1:8080/moa-id-auth/template_localBKU.html");
-
+// private String getTemplateURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException {
+// //TODO: CHANGE to real OA config
+//
// List<String> bkuURIs = Arrays.asList(
-// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_onlineBKU.html",
-// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_handyBKU.html",
-// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_localBKU.html");
-
- if (bkuID < bkuURIs.size())
- return bkuURIs.get(bkuID);
- else
- throw new WrongParametersException("GenerateIFrameTemplate", PARAM_TEMPLATE,
- "auth.12");
- }
-
- private String getBKUURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException {
- //TODO: CHANGE to real OA config
-
- List<String> bkuURIs = Arrays.asList(
- "https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request",
- "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx",
- "https://127.0.0.1:3496/https-security-layer-request");
-
-// List<String> bkuURIs = Arrays.asList(
-// "https://demo.egiz.gv.at/demoportal_bkuonline/https-security-layer-request",
-// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx",
-// "https://127.0.0.1:3496/https-security-layer-request");
-
- if (bkuID < bkuURIs.size())
- return bkuURIs.get(bkuID);
- else
- throw new WrongParametersException("GenerateIFrameTemplate", PARAM_BKU,
- "auth.12");
- }
+// "http://localhost:8080/moa-id-auth/template_onlineBKU.html",
+// "http://localhost:8080/moa-id-auth/template_handyBKU.html",
+// "http://127.0.0.1:8080/moa-id-auth/template_localBKU.html");
+//
+//// List<String> bkuURIs = Arrays.asList(
+//// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_onlineBKU.html",
+//// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_handyBKU.html",
+//// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_localBKU.html");
+//
+// if (bkuID < bkuURIs.size())
+// return bkuURIs.get(bkuID);
+// else
+// throw new WrongParametersException("GenerateIFrameTemplate", PARAM_TEMPLATE,
+// "auth.12");
+// }
+//
+// private String getBKUURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException {
+// //TODO: CHANGE to real OA config
+//
+// List<String> bkuURIs = Arrays.asList(
+// "https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request",
+// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx",
+// "https://127.0.0.1:3496/https-security-layer-request");
+//
+//// List<String> bkuURIs = Arrays.asList(
+//// "https://demo.egiz.gv.at/demoportal_bkuonline/https-security-layer-request",
+//// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx",
+//// "https://127.0.0.1:3496/https-security-layer-request");
+//
+// if (bkuID < bkuURIs.size())
+// return bkuURIs.get(bkuID);
+// else
+// throw new WrongParametersException("GenerateIFrameTemplate", PARAM_BKU,
+// "auth.12");
+// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index d41d20def..7d825da17 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -40,6 +40,7 @@ import org.apache.commons.lang.StringEscapeUtils;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
+import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
@@ -50,6 +51,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
@@ -174,47 +176,75 @@ public class GetMISSessionIDServlet extends AuthServlet {
// for now: list contains only one element
MISMandate mandate = (MISMandate) list.get(0);
- // verify mandate signature
- AuthenticationServer.getInstance().verifyMandate(session, mandate);
-
- byte[] byteMandate = mandate.getMandate();
- String stringMandate = new String(byteMandate);
- Element mandateDoc = DOMUtils.parseDocument(stringMandate, false,
- null, null).getDocumentElement();
-
+ String sMandate = new String(mandate.getMandate());
+ if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) {
+ Logger.error("Mandate is empty.");
+ throw new AuthenticationException("auth.16",
+ new Object[] { GET_MIS_SESSIONID });
+ }
+
// TODO OW bPK (Offen: was bei saml:NameIdentifier
// NameQualifier="urn:publicid:gv.at:cdid+bpk"> und <saml:Attribute
// AttributeName="bPK" )
System.out.println("\n\n\n OW BPK: " + mandate.getOWbPK());
// TODO wenn OW bPK vorhanden - in SAML Assertion setzen!
- String redirectURL = null;
- String samlArtifactBase64 = AuthenticationServer.getInstance()
- .verifyAuthenticationBlockMandate(session, mandateDoc);
-
- if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
-
- redirectURL = session.getOAURLRequested();
- if (!session.getBusinessService()) {
- // redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
- // URLEncoder.encode(session.getTarget(), "UTF-8"));
- }
- // redirectURL = addURLParameter(redirectURL,
- // PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64,
- // "UTF-8"));
- redirectURL = new DataURLBuilder().buildDataURL(
- session.getAuthURL(),
- ModulUtils.buildAuthURL(session.getModul(),
- session.getAction()), samlArtifactBase64);
- redirectURL = resp.encodeRedirectURL(redirectURL);
-
- } else {
- redirectURL = new DataURLBuilder().buildDataURL(
- session.getAuthURL(),
- AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT,
- session.getSessionID());
-
- }
+ //check if it is a parsable XML
+ byte[] byteMandate = mandate.getMandate();
+ String stringMandate = new String(byteMandate);
+ Element mandateDoc = DOMUtils.parseDocument(stringMandate, false,
+ null, null).getDocumentElement();
+
+ // extract RepresentationType
+ AuthenticationServer.getInstance().verifyMandate(session, mandate);
+
+ session.setMISMandate(mandate);
+ session.setAuthenticatedUsed(false);
+ session.setAuthenticated(true);
+
+ String oldsessionID = session.getSessionID();
+
+ //Session is implicite stored in changeSessionID!!!
+ String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+
+ Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID);
+ Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
+
+ String redirectURL = new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ ModulUtils.buildAuthURL(session.getModul(),
+ session.getAction()), newMOASessionID);
+ redirectURL = resp.encodeRedirectURL(redirectURL);
+
+
+// String samlArtifactBase64 = AuthenticationServer.getInstance()
+// .verifyAuthenticationBlockMandate(session, mandateDoc);
+
+// if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
+//
+// redirectURL = session.getOAURLRequested();
+// if (!session.getBusinessService()) {
+// // redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
+// // URLEncoder.encode(session.getTarget(), "UTF-8"));
+// }
+// // redirectURL = addURLParameter(redirectURL,
+// // PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64,
+// // "UTF-8"));
+// redirectURL = new DataURLBuilder().buildDataURL(
+// session.getAuthURL(),
+// ModulUtils.buildAuthURL(session.getModul(),
+// session.getAction()), samlArtifactBase64);
+// redirectURL = resp.encodeRedirectURL(redirectURL);
+//
+// } else {
+// redirectURL = new DataURLBuilder().buildDataURL(
+// session.getAuthURL(),
+// AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT,
+// session.getSessionID());
+//
+// }
+
+
resp.setContentType("text/html");
resp.setStatus(302);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
index f89460a83..200d25fbe 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
@@ -147,122 +147,122 @@ public class ProcessValidatorInputServlet extends AuthServlet {
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
- Logger.debug("POST ProcessInput");
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
- Map parameters;
- try {
- parameters = getParameters(req);
- } catch (FileUploadException e) {
- Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
- throw new IOException(e.getMessage());
- }
-
- String sessionID = req.getParameter(PARAM_SESSIONID);
- if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
- if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
- if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_");
-
- // escape parameter strings
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
- try {
-
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12");
-
- AuthenticationSession session = AuthenticationServer.getSession(sessionID);
- AuthenticationServer.processInput(session, parameters);
- String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null);
- if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
- // Now sign the AUTH Block
- String dataURL = new DataURLBuilder().buildDataURL(
- session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
-
- String htmlForm = null;
-
- boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed
-
- String inputProcessorSignForm = req.getParameter("Sign_Form");
- if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form");
- if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form");
- if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_");
- // escape parameter strings
- inputProcessorSignForm = StringEscapeUtils.escapeHtml(inputProcessorSignForm);
- if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true");
- if (doInputProcessorSign) {
- // Test if we have a user input form sign template
-
- String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);
-
- if (!ParamValidatorUtils.isValidSignUrl(inputProcessorSignTemplateURL))
- throw new WrongParametersException("ProcessInput", PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE, "auth.12");
-
- String inputProcessorSignTemplate = null;
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());
- // override template url by url from configuration file
- if (oaParam.getInputProcessorSignTemplateURL() != null) {
- inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL();
- }
- if (inputProcessorSignTemplateURL != null) {
- try {
- inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL));
- } catch (IOException ex) {
- throw new AuthenticationException(
- "auth.03",
- new Object[] { inputProcessorSignTemplateURL, ex.toString()},
- ex);
- }
- }
-
- htmlForm = new GetVerifyAuthBlockFormBuilder().build(
- inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox());
- htmlForm = ParepUtils.replaceAll(htmlForm, "<BASE_href>", session.getAuthURL());
- htmlForm = ParepUtils.replaceAll(htmlForm, "<MOASessionID>", sessionID);
- htmlForm = ParepUtils.replaceAll(htmlForm, "<BKU>", session.getBkuURL());
- htmlForm = ParepUtils.replaceAll(htmlForm, "<DataURL>", dataURL);
- htmlForm = ParepUtils.replaceAll(htmlForm, "<PushInfobox>", session.getPushInfobox());
- resp.setContentType("text/html;charset=UTF-8");
- } else {
- htmlForm = createXMLSignatureRequestOrRedirect;
- resp.setStatus(307);
- resp.addHeader("Location", dataURL);
- //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
- resp.setContentType("text/xml;charset=UTF-8");
- }
-
- OutputStream out = resp.getOutputStream();
- out.write(htmlForm.getBytes("UTF-8"));
- out.flush();
- out.close();
- Logger.debug("Finished POST ProcessInput");
- } else {
- String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
- resp.setContentType("text/html");
- resp.setStatus(302);
- resp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
- }
-
- try {
- AuthenticationSessionStoreage.storeSession(session);
-
- } catch (MOADatabaseException e) {
- throw new AuthenticationException("", null);
- }
-
- }
- catch (WrongParametersException ex) {
- handleWrongParameters(ex, req, resp);
- }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- }
+// Logger.debug("POST ProcessInput");
+//
+// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+//
+// Map parameters;
+// try {
+// parameters = getParameters(req);
+// } catch (FileUploadException e) {
+// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+// throw new IOException(e.getMessage());
+// }
+//
+// String sessionID = req.getParameter(PARAM_SESSIONID);
+// if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
+// if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
+// if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_");
+//
+// // escape parameter strings
+// sessionID = StringEscapeUtils.escapeHtml(sessionID);
+//
+// try {
+//
+// if (!ParamValidatorUtils.isValidSessionID(sessionID))
+// throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12");
+//
+// AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+// AuthenticationServer.processInput(session, parameters);
+// String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null);
+// if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
+// // Now sign the AUTH Block
+// String dataURL = new DataURLBuilder().buildDataURL(
+// session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
+//
+// String htmlForm = null;
+//
+// boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed
+//
+// String inputProcessorSignForm = req.getParameter("Sign_Form");
+// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form");
+// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form");
+// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_");
+// // escape parameter strings
+// inputProcessorSignForm = StringEscapeUtils.escapeHtml(inputProcessorSignForm);
+// if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true");
+// if (doInputProcessorSign) {
+// // Test if we have a user input form sign template
+//
+// String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);
+//
+// if (!ParamValidatorUtils.isValidSignUrl(inputProcessorSignTemplateURL))
+// throw new WrongParametersException("ProcessInput", PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE, "auth.12");
+//
+// String inputProcessorSignTemplate = null;
+// OAAuthParameter oaParam =
+// AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());
+// // override template url by url from configuration file
+// if (oaParam.getInputProcessorSignTemplateURL() != null) {
+// inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL();
+// }
+// if (inputProcessorSignTemplateURL != null) {
+// try {
+// inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL));
+// } catch (IOException ex) {
+// throw new AuthenticationException(
+// "auth.03",
+// new Object[] { inputProcessorSignTemplateURL, ex.toString()},
+// ex);
+// }
+// }
+//
+// htmlForm = new GetVerifyAuthBlockFormBuilder().build(
+// inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox());
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<BASE_href>", session.getAuthURL());
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<MOASessionID>", sessionID);
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<BKU>", session.getBkuURL());
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<DataURL>", dataURL);
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<PushInfobox>", session.getPushInfobox());
+// resp.setContentType("text/html;charset=UTF-8");
+// } else {
+// htmlForm = createXMLSignatureRequestOrRedirect;
+// resp.setStatus(307);
+// resp.addHeader("Location", dataURL);
+// //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
+// resp.setContentType("text/xml;charset=UTF-8");
+// }
+//
+// OutputStream out = resp.getOutputStream();
+// out.write(htmlForm.getBytes("UTF-8"));
+// out.flush();
+// out.close();
+// Logger.debug("Finished POST ProcessInput");
+// } else {
+// String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+// resp.setContentType("text/html");
+// resp.setStatus(302);
+// resp.addHeader("Location", redirectURL);
+// Logger.debug("REDIRECT TO: " + redirectURL);
+// }
+//
+// try {
+// AuthenticationSessionStoreage.storeSession(session);
+//
+// } catch (MOADatabaseException e) {
+// throw new AuthenticationException("", null);
+// }
+//
+// }
+// catch (WrongParametersException ex) {
+// handleWrongParameters(ex, req, resp);
+// }
+// catch (MOAIDException ex) {
+// handleError(null, ex, req, resp);
+// }
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
new file mode 100644
index 000000000..310f3509c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -0,0 +1,37 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+
+
+public class RedirectServlet extends AuthServlet{
+
+ private static final long serialVersionUID = 1L;
+
+ public static final String REDIRCT_GETPARAM = "redirecturl";
+
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ Logger.info("Receive " + RedirectServlet.class + " Request");
+
+ String url = req.getParameter(REDIRCT_GETPARAM);
+
+ Logger.info("Redirect to " + url);
+
+ String redirect_form = RedirectFormBuilder.buildLoginForm(url);
+
+ resp.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(resp.getOutputStream());
+ out.write(redirect_form);
+ out.flush();
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
index d544e2f85..2deece26f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
@@ -91,94 +91,94 @@ public class SelectBKUServlet extends AuthServlet {
Logger.debug("GET SelectBKU");
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
- String authURL = req.getScheme() + "://" + req.getServerName();
- if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {
- authURL = authURL.concat(":" + req.getServerPort());
- }
- authURL = authURL.concat(req.getContextPath() + "/");
-
- String target = req.getParameter(PARAM_TARGET);
- String oaURL = req.getParameter(PARAM_OA);
- String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE);
- String templateURL = req.getParameter(PARAM_TEMPLATE);
-
- // escape parameter strings
- target = StringEscapeUtils.escapeHtml(target);
- oaURL = StringEscapeUtils.escapeHtml(oaURL);
- templateURL = StringEscapeUtils.escapeHtml(templateURL);
- bkuSelectionTemplateURL = StringEscapeUtils.escapeHtml(bkuSelectionTemplateURL);
-
-
- resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
- resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
- resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
-
- try {
-
- // check parameter
- if (!ParamValidatorUtils.isValidOA(oaURL))
- throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12");
- if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
- throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12");
- if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL))
- throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12");
-
- if (!ParamValidatorUtils.isValidTarget(target))
- throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12");
-
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { oaURL });
-
- // get target and target friendly name from config
- String targetConfig = oaParam.getTarget();
-
- String returnValue = null;
- if (StringUtils.isEmpty(targetConfig)) {
- // no target attribut is given in OA config
- // target is used from request
- // check parameter
- if (!ParamValidatorUtils.isValidTarget(target))
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
-
- returnValue = AuthenticationServer.getInstance().selectBKU(authURL, target, oaURL, bkuSelectionTemplateURL, templateURL);
- }
- else {
- // use target from config
- returnValue = AuthenticationServer.getInstance().selectBKU(authURL, targetConfig, oaURL, bkuSelectionTemplateURL, templateURL);
- }
-
-
- String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
- if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
- // bkuSelectionType==HTMLComplete
- String redirectURL = returnValue;
- resp.setContentType("text/html");
- resp.sendRedirect(redirectURL);
- Logger.info("REDIRECT TO: " + redirectURL);
- } else {
- // bkuSelectionType==HTMLSelect
- String htmlForm = returnValue;
- resp.setContentType("text/html;charset=UTF-8");
- Logger.debug("HTML-Form: " + htmlForm);
- Writer out = new OutputStreamWriter(resp.getOutputStream(), "UTF8");
- out.write(htmlForm);
- out.flush();
- Logger.debug("Finished GET SelectBKU");
- }
- }
- catch (WrongParametersException ex) {
- handleWrongParameters(ex, req, resp);
- }
- catch (Throwable ex) {
- handleError(null, ex, req, resp);
- }
+// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+//
+// String authURL = req.getScheme() + "://" + req.getServerName();
+// if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {
+// authURL = authURL.concat(":" + req.getServerPort());
+// }
+// authURL = authURL.concat(req.getContextPath() + "/");
+//
+// String target = req.getParameter(PARAM_TARGET);
+// String oaURL = req.getParameter(PARAM_OA);
+// String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE);
+// String templateURL = req.getParameter(PARAM_TEMPLATE);
+//
+// // escape parameter strings
+// target = StringEscapeUtils.escapeHtml(target);
+// oaURL = StringEscapeUtils.escapeHtml(oaURL);
+// templateURL = StringEscapeUtils.escapeHtml(templateURL);
+// bkuSelectionTemplateURL = StringEscapeUtils.escapeHtml(bkuSelectionTemplateURL);
+//
+//
+// resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
+// resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
+// resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
+// resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
+//
+// try {
+//
+// // check parameter
+// if (!ParamValidatorUtils.isValidOA(oaURL))
+// throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12");
+// if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
+// throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12");
+// if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL))
+// throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12");
+//
+// if (!ParamValidatorUtils.isValidTarget(target))
+// throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12");
+//
+// OAAuthParameter oaParam =
+// AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
+// if (oaParam == null)
+// throw new AuthenticationException("auth.00", new Object[] { oaURL });
+//
+// // get target and target friendly name from config
+// String targetConfig = oaParam.getTarget();
+//
+// String returnValue = null;
+// if (StringUtils.isEmpty(targetConfig)) {
+// // no target attribut is given in OA config
+// // target is used from request
+// // check parameter
+// if (!ParamValidatorUtils.isValidTarget(target))
+// throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+//
+// returnValue = AuthenticationServer.getInstance().selectBKU(authURL, target, oaURL, bkuSelectionTemplateURL, templateURL);
+// }
+// else {
+// // use target from config
+// returnValue = AuthenticationServer.getInstance().selectBKU(authURL, targetConfig, oaURL, bkuSelectionTemplateURL, templateURL);
+// }
+//
+//
+// String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
+// if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
+// // bkuSelectionType==HTMLComplete
+// String redirectURL = returnValue;
+// resp.setContentType("text/html");
+// resp.sendRedirect(redirectURL);
+// Logger.info("REDIRECT TO: " + redirectURL);
+// } else {
+// // bkuSelectionType==HTMLSelect
+// String htmlForm = returnValue;
+// resp.setContentType("text/html;charset=UTF-8");
+// Logger.debug("HTML-Form: " + htmlForm);
+// Writer out = new OutputStreamWriter(resp.getOutputStream(), "UTF8");
+// out.write(htmlForm);
+// out.flush();
+// Logger.debug("Finished GET SelectBKU");
+// }
+// }
+// catch (WrongParametersException ex) {
+// handleWrongParameters(ex, req, resp);
+// }
+// catch (Throwable ex) {
+// handleError(null, ex, req, resp);
+// }
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 115c52688..ba7893412 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -55,7 +55,7 @@ public class CreateXMLSignatureResponseValidator {
/** Xpath expression to the dsig:Signature element */
private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature";
- private static final String XADES_SIGNINGTIME_PATH = Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime";
+ //private static final String XADES_SIGNINGTIME_PATH = Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime";
/** Singleton instance. <code>null</code>, if none has been created. */
private static CreateXMLSignatureResponseValidator instance;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 892607c16..ed826c615 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -81,7 +81,7 @@ public class VerifyXMLSignatureResponseValidator {
* @throws ValidateException on any validation error
*/
public void validate(VerifyXMLSignatureResponse verifyXMLSignatureResponse,
- List identityLinkSignersSubjectDNNames,
+ List<String> identityLinkSignersSubjectDNNames,
String whatToCheck,
boolean ignoreManifestValidationResult)
throws ValidateException {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java
index 88c4a8feb..a154c9ece 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java
@@ -83,241 +83,255 @@ public class ParepInputProcessorImpl implements ParepInputProcessor{
this.rpGivenName = rpGivenName;
this.rpDateOfBirth = rpDateOfBirth;
this.request = request;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String)
- */
- public String start(
- boolean physical, String familyName, String givenName, String dateOfBirth,
- String streetName, String buildingNumber, String unit, String postalCode, String municipality,
- String cbFullName, String cbIdentificationType, String cbIdentificationValue)
- {
- // Load the form
- String form = loadForm(
- physical, familyName, givenName, dateOfBirth,
- streetName, buildingNumber, unit, postalCode, municipality,
- cbFullName, cbIdentificationType, cbIdentificationValue, "");
- try {
- request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
- cbIdentificationType, cbIdentificationValue);
- } catch (SZRGWClientException e) {
- //e.printStackTrace();
- Logger.info(e);
- return null;
- }
- return form;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String)
- */
- public String validate(Map parameters, String extErrortext)
- {
-
- // Process the gotten parameters
- String form = null;
- boolean formNecessary = false;
- if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true;
- String locErrortext = "Folgende Parameter fehlen: ";
-
- String familyName = (String) parameters.get("familyname_");
- if (null == familyName) familyName ="";
- String givenName = (String) parameters.get("givenname_");
- if (null == givenName) givenName ="";
- boolean physical = "true".equals(parameters.get("physical_"));
- String dobday = (String) parameters.get("dobday_");
- if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday="";
- String dobmonth = (String) parameters.get("dobmonth_");
- if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth="";
- String dobyear = (String) parameters.get("dobyear_");
- if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear="";
- String dateOfBirth = "";
- dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear);
- dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth);
- dobday = (" ".substring(0, 2-dobday.length()) + dobday);
- dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday;
- String cbFullName = (String) parameters.get("fullname_");
- if (null == cbFullName) cbFullName ="";
- String cbIdentificationType = (String) parameters.get("cbidentificationtype_");
- if (null == cbIdentificationType) cbIdentificationType ="";
- String cbIdentificationValue = (String) parameters.get("cbidentificationvalue_");
- if (null == cbIdentificationValue) cbIdentificationValue ="";
- String postalCode = (String) parameters.get("postalcode_");
- if (null == postalCode) postalCode ="";
- String municipality = (String) parameters.get("municipality_");
- if (null == municipality) municipality ="";
- String streetName = (String) parameters.get("streetname_");
- if (null == streetName) streetName ="";
- String buildingNumber = (String) parameters.get("buildingnumber_");
- if (null == buildingNumber) buildingNumber ="";
- String unit = (String) parameters.get("unit_");
- if (null == unit) unit ="";
-
- if (physical) {
- if (ParepUtils.isEmpty(familyName)) {
- formNecessary = true;
- locErrortext = locErrortext + "Familienname";
- }
- if (ParepUtils.isEmpty(givenName)) {
- formNecessary = true;
- if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "Vorname";
- }
- // Auf existierendes Datum prüfen
- SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd");
- format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen
- try {
- format.parse(dateOfBirth);
- }
- catch(ParseException pe)
- {
- formNecessary = true;
- if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "korrektes Geburtsdatum";
- }
- } else {
- if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
- formNecessary = true;
- if (ParepUtils.isEmpty(cbFullName)) {
- locErrortext = locErrortext + "Name der Organisation";
- }
- if (ParepUtils.isEmpty(cbIdentificationType)) {
- if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "Auswahl des Registers";
- }
- if (ParepUtils.isEmpty(cbIdentificationValue)) {
- if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register";
- }
- }
- }
- try {
- request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
- cbIdentificationType, cbIdentificationValue);
- if (formNecessary) {
- // Daten noch nicht vollständig oder anderer Fehler
- if (locErrortext.endsWith("fehlen: ")) locErrortext ="";
- String error = "";
- if (!ParepUtils.isEmpty(extErrortext)) {
- error = extErrortext;
- if (!ParepUtils.isEmpty(locErrortext)) error = error + "; ";
- }
- if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext;
- if (!ParepUtils.isEmpty(error)) {
- error = "<div class=\"errortext\"> <img alt=\"Rufezeichen\" src=\"img/rufezeichen.gif\" width=\"10\" height=\"16\" />&nbsp; " + error + "</div>";
- }
- form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error);
- if (form == null) {
- return null;
- }
- } else {
- return ""; // everything is ok
- }
- } catch (Exception e) {
- //e.printStackTrace();
- Logger.info(e);
- return null;
- }
- return form;
- }
-
- /**
- * Loads the empty user input form and replaces tag occurences with given variables
- *
- * @param physical
- * @param familyName
- * @param givenName
- * @param dateOfBirth
- * @param streetName
- * @param buildingNumber
- * @param unit
- * @param postalCode
- * @param municipality
- * @param cbFullName
- * @param cbIdentificationType
- * @param cbIdentificationValue
- * @param errorText
- * @return
- */
- private String loadForm(
- boolean physical, String familyName, String givenName, String dateOfBirth,
- String streetName, String buildingNumber, String unit, String postalCode, String municipality,
- String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText)
- {
- String form = "";
- try {
- String fileName = parepConfiguration.getInputProcessorTemplate(representationID);
- InputStream instream = null;
- File file = new File(fileName);
- if (file.exists()) {
- //if this resolves to a file, load it
- instream = new FileInputStream(fileName);
- } else {
- fileName = parepConfiguration.getFullDirectoryName(fileName);
- if (fileName.startsWith("file:\\")) fileName = fileName.substring(6);
- file = new File(fileName);
- if (file.exists()) {
- //if this resolves to a file, load it
- instream = new FileInputStream(fileName);
- } else {
- //else load a named resource in our classloader.
- instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID));
- if (instream == null) {
- Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt");
- return null;
- }
- }
- }
- ByteArrayOutputStream bos = new ByteArrayOutputStream();
- ParepUtils.dumpInputOutputStream(instream, bos);
- form = bos.toString("UTF-8");
- } catch(Exception e) {
- Logger.error("Fehler beim Einlesen des Input-Templates.", e);
- }
-
- if (!ParepUtils.isEmpty(form)) {
- boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID);
- boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID);
- boolean reducedSelection = (!physEnabled || !cbEnabled);
- if (reducedSelection) {
- physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar
- }
- if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT";
- form = ParepUtils.replaceAll(form, "<rpgivenname>", rpGivenName);
- form = ParepUtils.replaceAll(form, "<rpfamilyname>", rpFamilyName);
- form = ParepUtils.replaceAll(form, "<rpdobyear>", rpDateOfBirth.substring(0,4));
- form = ParepUtils.replaceAll(form, "<rpdobmonth>", rpDateOfBirth.substring(5,7));
- form = ParepUtils.replaceAll(form, "<rpdobday>", rpDateOfBirth.substring(8,10));
- //darf zw. phys. und jur. Person gewählt werden:
- //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : "");
- form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\"");
- form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : "");
- form = ParepUtils.replaceAll(form, "<givenname>", givenName);
- form = ParepUtils.replaceAll(form, "<familyname>", familyName);
- form = ParepUtils.replaceAll(form, "<dobyear>", dateOfBirth.substring(0,4).trim());
- form = ParepUtils.replaceAll(form, "<dobmonth>", dateOfBirth.substring(5,7).trim());
- form = ParepUtils.replaceAll(form, "<dobday>", dateOfBirth.substring(8,10).trim());
- form = ParepUtils.replaceAll(form, "<streetname>", streetName);
- form = ParepUtils.replaceAll(form, "<buildingnumber>", buildingNumber);
- form = ParepUtils.replaceAll(form, "<unit>", unit);
- form = ParepUtils.replaceAll(form, "<postalcode>", postalCode);
- form = ParepUtils.replaceAll(form, "<municipality>", municipality);
- form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\"");
- form = ParepUtils.replaceAll(form, "<fullname>", cbFullName);
- form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\"");
- form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\"");
- form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : "");
- form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : "");
- form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : "");
- form = ParepUtils.replaceAll(form, "<cbidentificationvalue>", cbIdentificationValue);
- form = ParepUtils.replaceAll(form, "<errortext>", errorText);
- }
- return form;
- }
+ }
+
+public String start(boolean physical, String familyName, String givenName,
+ String dateOfBirth, String streetName, String buildingNumber,
+ String unit, String postalCode, String municipality, String cbFullName,
+ String cbIdentificationType, String cbIdentificationValue) {
+ // TODO Auto-generated method stub
+ return null;
+}
+
+public String validate(Map parameters, String extErrortext) {
+ // TODO Auto-generated method stub
+ return null;
+}
+
+ //TODO: check correctness
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String)
+// */
+// public String start(
+// boolean physical, String familyName, String givenName, String dateOfBirth,
+// String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+// String cbFullName, String cbIdentificationType, String cbIdentificationValue)
+// {
+// // Load the form
+// String form = loadForm(
+// physical, familyName, givenName, dateOfBirth,
+// streetName, buildingNumber, unit, postalCode, municipality,
+// cbFullName, cbIdentificationType, cbIdentificationValue, "");
+// try {
+// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+// cbIdentificationType, cbIdentificationValue);
+// } catch (SZRGWClientException e) {
+// //e.printStackTrace();
+// Logger.info(e);
+// return null;
+// }
+// return form;
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String)
+// */
+// public String validate(Map parameters, String extErrortext)
+// {
+//
+// // Process the gotten parameters
+// String form = null;
+// boolean formNecessary = false;
+// if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true;
+// String locErrortext = "Folgende Parameter fehlen: ";
+//
+// String familyName = (String) parameters.get("familyname_");
+// if (null == familyName) familyName ="";
+// String givenName = (String) parameters.get("givenname_");
+// if (null == givenName) givenName ="";
+// boolean physical = "true".equals(parameters.get("physical_"));
+// String dobday = (String) parameters.get("dobday_");
+// if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday="";
+// String dobmonth = (String) parameters.get("dobmonth_");
+// if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth="";
+// String dobyear = (String) parameters.get("dobyear_");
+// if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear="";
+// String dateOfBirth = "";
+// dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear);
+// dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth);
+// dobday = (" ".substring(0, 2-dobday.length()) + dobday);
+// dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday;
+// String cbFullName = (String) parameters.get("fullname_");
+// if (null == cbFullName) cbFullName ="";
+// String cbIdentificationType = (String) parameters.get("cbidentificationtype_");
+// if (null == cbIdentificationType) cbIdentificationType ="";
+// String cbIdentificationValue = (String) parameters.get("cbidentificationvalue_");
+// if (null == cbIdentificationValue) cbIdentificationValue ="";
+// String postalCode = (String) parameters.get("postalcode_");
+// if (null == postalCode) postalCode ="";
+// String municipality = (String) parameters.get("municipality_");
+// if (null == municipality) municipality ="";
+// String streetName = (String) parameters.get("streetname_");
+// if (null == streetName) streetName ="";
+// String buildingNumber = (String) parameters.get("buildingnumber_");
+// if (null == buildingNumber) buildingNumber ="";
+// String unit = (String) parameters.get("unit_");
+// if (null == unit) unit ="";
+//
+// if (physical) {
+// if (ParepUtils.isEmpty(familyName)) {
+// formNecessary = true;
+// locErrortext = locErrortext + "Familienname";
+// }
+// if (ParepUtils.isEmpty(givenName)) {
+// formNecessary = true;
+// if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "Vorname";
+// }
+// // Auf existierendes Datum prüfen
+// SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd");
+// format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen
+// try {
+// format.parse(dateOfBirth);
+// }
+// catch(ParseException pe)
+// {
+// formNecessary = true;
+// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "korrektes Geburtsdatum";
+// }
+// } else {
+// if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
+// formNecessary = true;
+// if (ParepUtils.isEmpty(cbFullName)) {
+// locErrortext = locErrortext + "Name der Organisation";
+// }
+// if (ParepUtils.isEmpty(cbIdentificationType)) {
+// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "Auswahl des Registers";
+// }
+// if (ParepUtils.isEmpty(cbIdentificationValue)) {
+// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register";
+// }
+// }
+// }
+// try {
+// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+// cbIdentificationType, cbIdentificationValue);
+// if (formNecessary) {
+// // Daten noch nicht vollständig oder anderer Fehler
+// if (locErrortext.endsWith("fehlen: ")) locErrortext ="";
+// String error = "";
+// if (!ParepUtils.isEmpty(extErrortext)) {
+// error = extErrortext;
+// if (!ParepUtils.isEmpty(locErrortext)) error = error + "; ";
+// }
+// if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext;
+// if (!ParepUtils.isEmpty(error)) {
+// error = "<div class=\"errortext\"> <img alt=\"Rufezeichen\" src=\"img/rufezeichen.gif\" width=\"10\" height=\"16\" />&nbsp; " + error + "</div>";
+// }
+// form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error);
+// if (form == null) {
+// return null;
+// }
+// } else {
+// return ""; // everything is ok
+// }
+// } catch (Exception e) {
+// //e.printStackTrace();
+// Logger.info(e);
+// return null;
+// }
+// return form;
+// }
+//
+// /**
+// * Loads the empty user input form and replaces tag occurences with given variables
+// *
+// * @param physical
+// * @param familyName
+// * @param givenName
+// * @param dateOfBirth
+// * @param streetName
+// * @param buildingNumber
+// * @param unit
+// * @param postalCode
+// * @param municipality
+// * @param cbFullName
+// * @param cbIdentificationType
+// * @param cbIdentificationValue
+// * @param errorText
+// * @return
+// */
+// private String loadForm(
+// boolean physical, String familyName, String givenName, String dateOfBirth,
+// String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+// String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText)
+// {
+// String form = "";
+// try {
+// String fileName = parepConfiguration.getInputProcessorTemplate(representationID);
+// InputStream instream = null;
+// File file = new File(fileName);
+// if (file.exists()) {
+// //if this resolves to a file, load it
+// instream = new FileInputStream(fileName);
+// } else {
+// fileName = parepConfiguration.getFullDirectoryName(fileName);
+// if (fileName.startsWith("file:\\")) fileName = fileName.substring(6);
+// file = new File(fileName);
+// if (file.exists()) {
+// //if this resolves to a file, load it
+// instream = new FileInputStream(fileName);
+// } else {
+// //else load a named resource in our classloader.
+// instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID));
+// if (instream == null) {
+// Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt");
+// return null;
+// }
+// }
+// }
+// ByteArrayOutputStream bos = new ByteArrayOutputStream();
+// ParepUtils.dumpInputOutputStream(instream, bos);
+// form = bos.toString("UTF-8");
+// } catch(Exception e) {
+// Logger.error("Fehler beim Einlesen des Input-Templates.", e);
+// }
+//
+// if (!ParepUtils.isEmpty(form)) {
+// boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID);
+// boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID);
+// boolean reducedSelection = (!physEnabled || !cbEnabled);
+// if (reducedSelection) {
+// physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar
+// }
+// if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT";
+// form = ParepUtils.replaceAll(form, "<rpgivenname>", rpGivenName);
+// form = ParepUtils.replaceAll(form, "<rpfamilyname>", rpFamilyName);
+// form = ParepUtils.replaceAll(form, "<rpdobyear>", rpDateOfBirth.substring(0,4));
+// form = ParepUtils.replaceAll(form, "<rpdobmonth>", rpDateOfBirth.substring(5,7));
+// form = ParepUtils.replaceAll(form, "<rpdobday>", rpDateOfBirth.substring(8,10));
+// //darf zw. phys. und jur. Person gewählt werden:
+// //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : "");
+// form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\"");
+// form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : "");
+// form = ParepUtils.replaceAll(form, "<givenname>", givenName);
+// form = ParepUtils.replaceAll(form, "<familyname>", familyName);
+// form = ParepUtils.replaceAll(form, "<dobyear>", dateOfBirth.substring(0,4).trim());
+// form = ParepUtils.replaceAll(form, "<dobmonth>", dateOfBirth.substring(5,7).trim());
+// form = ParepUtils.replaceAll(form, "<dobday>", dateOfBirth.substring(8,10).trim());
+// form = ParepUtils.replaceAll(form, "<streetname>", streetName);
+// form = ParepUtils.replaceAll(form, "<buildingnumber>", buildingNumber);
+// form = ParepUtils.replaceAll(form, "<unit>", unit);
+// form = ParepUtils.replaceAll(form, "<postalcode>", postalCode);
+// form = ParepUtils.replaceAll(form, "<municipality>", municipality);
+// form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\"");
+// form = ParepUtils.replaceAll(form, "<fullname>", cbFullName);
+// form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\"");
+// form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\"");
+// form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : "");
+// form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : "");
+// form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : "");
+// form = ParepUtils.replaceAll(form, "<cbidentificationvalue>", cbIdentificationValue);
+// form = ParepUtils.replaceAll(form, "<errortext>", errorText);
+// }
+// return form;
+// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
index 735117094..f2f897432 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
@@ -61,547 +61,583 @@ import at.gv.egovernment.moa.util.Constants;
*
* @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner
*/
-public class ParepValidator implements InfoboxValidator {
-
- /** activates debug settings */
- private boolean PAREP_DEBUG = false;
-
- /** contains the parameters the validator initially was called with */
- private InfoboxValidatorParams params = null;
-
- /** contains the configuration of the validator */
- private ParepConfiguration parepConfiguration = null;
-
- /** the requested representation ID (currently * or OID) */
- private String representationID = null;
-
- /** holds the information of the SZR-request */
- private CreateMandateRequest request = null;
-
- /** List of extended SAML attributes. */
- private Vector extendedSamlAttributes = new Vector();
-
- /** the class which processes the user input */
- private ParepInputProcessor inputProcessor = null;
-
- /** The form if user input is necessary */
- private String form = null;
-
- /** unspecified error of parep-validator (must not know more about)*/
- private final static String COMMON_ERROR = "Es ist ein Fehler bei der �berpr�fung f�r berufsm��ige Parteienvetretung aufgetreten";
-
- /** Default class to gather remaining mandator data. */
- public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl";
-
- /** Default template to gather remaining mandator data. */
- public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html";
-
- /** kind of representation text in AUTH block*/
- public final static String STANDARD_REPRESENTATION_TEXT = "berufsm��ige(r) Parteienvertreter(in)";
-
- /** Names of the produced SAML-attributes. */
- public final static String EXT_SAML_MANDATE_RAW = "Mandate";
- public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
- public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
- public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
- public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType";
+public class ParepValidator implements InfoboxValidator {
+
public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription";
public final static String EXT_SAML_MANDATE_OID = "OID";
+ public final static String EXT_SAML_MANDATE_RAW = "Mandate";
+ public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
+ public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
+ public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
+ public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType";
+ public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
+ public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
- /** */
- public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
-
- /** register and register number for non physical persons - the domain identifier for business applications*/
- public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
-
- /**
- * Parses the XML configuration element and creates the validators configuration
- * Use this function if you want to preconfigure the validator.
- *
- * @param configElem
- * the XML configuration element to parse.
- * @throws ConfigurationException
- * if an error occurs during the configuration process
- */
- public void Configure(Element configElem) throws ConfigurationException {
- if (this.parepConfiguration == null) {
- Logger.debug("Lade Konfiguration.");
- parepConfiguration = new ParepConfiguration(configElem);
- Logger.debug("Konfiguration erfolgreich geladen.");
- }
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams)
- */
- public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException {
-
- InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
-
- try {
- Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung.");
- this.params = params;
-
- Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList());
- // ParepUtils.serializeElement(mandate, System.out);
- this.representationID = ParepUtils.extractRepresentativeID(mandate);
- if (ParepUtils.isEmpty(representationID)) {
- validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht");
- return validationResult;
- }
-
- // überprüfen der Identifikation (Type/Value).
- String identificationType = this.params.getIdentificationType();
- String identificationValue = this.params.getIdentificationValue();
- if (this.params.getBusinessApplication()) {
- if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
- validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen.");
- return validationResult;
-
- } else {
- Logger.debug("Parteienvertreter wird mit wbPK identifiziert");
- }
- } else {
- if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
- //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt
- if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
- Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu �bermitteln. In der MOA-ID Konfiguration muss die �bermittlung Stammzahl aktiviert sein.");
- validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
- return validationResult;
- } else {
- Logger.debug("Organwalter wird mit Stammzahl identifiziert");
- }
- } else {
- if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
- // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist
- identificationType = Constants.URN_PREFIX_CDID;
- String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget());
- identificationValue = bpkBase64;
- Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert");
- } else {
- Logger.debug("Parteienvertreter wird mit bPK identifiziert");
- }
- }
- }
-
- Configure(this.params.getApplicationSpecificParams());
- // check if we have a configured party representative for that
- if (!parepConfiguration.isPartyRepresentative(representationID)) {
- Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert.");
- validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
- return validationResult;
- }
-
- // Vertreter
- this.request = new CreateMandateRequest();
- request.setRepresentative(this.params, identificationType, identificationValue);
- // ParepUtils.serializeElement(request.getRepresentative(), System.out);
- //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml"));
-
- Logger.debug("Prüfe vorausgefüllte Daten...");
- boolean physical = true;
- String familyName = "";
- String givenName = "";
- String dateOfBirth = "";
- String cbFullName = "";
- String cbIdentificationType = "";
- String cbIdentificationValue = "";
- String postalCode = "";
- String municipality = "";
- String streetName = "";
- String buildingNumber = "";
- String unit = "";
-
- boolean formNecessary = false;
- // Vertretener (erstes Vorkommen)
- Element mandator = ParepUtils.extractMandator(mandate);
- if (mandator != null) {
- // ParepUtils.serializeElement(mandator, System.out);
- // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml"));
- if (ParepUtils.isPhysicalPerson(mandator)) {
- familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
- givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
- dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
- } else {
- physical = false;
- cbFullName = ParepUtils.extractMandatorFullName(mandator);
- cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
- cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
- }
- postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
- municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
- streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
- buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
- unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
-
- }
- if (physical) {
- if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) {
- validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt.");
- return validationResult;
- }
- if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) {
- formNecessary = true;
- }
- } else {
- if (!parepConfiguration.isRepresentingCorporateParty(representationID)) {
- validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt.");
- return validationResult;
- }
- if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
- formNecessary = true;
- }
- }
-
- //Zeigen wir, dass die Daten �bernommen wurden:
- if (parepConfiguration.isAlwaysShowForm()) formNecessary=true;
-
- // Input processor
- this.form = "";
- if (formNecessary) {
- ParepInputProcessor inputProcessor= getInputProcessor();
- this.form = inputProcessor.start(
- physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality,
- cbFullName, cbIdentificationType, cbIdentificationValue);
- if (this.form == null) {
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- } else {
- // Request vorbereiten mit vorgegebenen Daten
- request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
- cbIdentificationType, cbIdentificationValue);
- }
-
-
- // ParepUtils.serializeElement(request.getMandator(), System.out);
- // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml"));
-
- addAuthBlockExtendedSamlAttributes();
- validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
- Logger.debug("�berpr�fung der vertretenen Partei erfolgreich beendet");
- validationResult.setValid(true);
- return validationResult;
- } catch (Exception e) {
- e.printStackTrace();
- Logger.info(e);
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map)
- */
- public InfoboxValidationResult validate(Map parameters) throws ValidateException {
-
- InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
- Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
- Logger.debug("Prüfe im Formular ausgefüllte Daten...");
- if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString());
-
- // Input processor
- ParepInputProcessor inputProcessor= getInputProcessor();
- this.form = inputProcessor.validate(parameters, null);
- if (this.form == null) {
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
-
- addAuthBlockExtendedSamlAttributes();
- validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
- validationResult.setValid(true);
- Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
- return validationResult;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element)
- */
- public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException {
-
- InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
- Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung");
- this.form = "";
- try {
-
-
- request.setSignature(samlAssertion);
-
-//DPO debug
-// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement();
-// String id = representationID;
+
+ public InfoboxValidationResult validate(InfoboxValidatorParams params)
+ throws ValidateException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public InfoboxValidationResult validate(Map parameters)
+ throws ValidateException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public InfoboxValidationResult validate(Element samlAssertion)
+ throws ValidateException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public String getForm() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+
+ //TODO: check correctness!!!!
+// /** activates debug settings */
+// private boolean PAREP_DEBUG = false;
+//
+// /** contains the parameters the validator initially was called with */
+// private InfoboxValidatorParams params = null;
+//
+// /** contains the configuration of the validator */
+// private ParepConfiguration parepConfiguration = null;
+//
+// /** the requested representation ID (currently * or OID) */
+// private String representationID = null;
+//
+// /** holds the information of the SZR-request */
+// private CreateMandateRequest request = null;
+//
+// /** List of extended SAML attributes. */
+// private Vector extendedSamlAttributes = new Vector();
+//
+// /** the class which processes the user input */
+// private ParepInputProcessor inputProcessor = null;
+//
+// /** The form if user input is necessary */
+// private String form = null;
+//
+// /** unspecified error of parep-validator (must not know more about)*/
+// private final static String COMMON_ERROR = "Es ist ein Fehler bei der �berpr�fung f�r berufsm��ige Parteienvetretung aufgetreten";
+//
+// /** Default class to gather remaining mandator data. */
+// public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl";
+//
+// /** Default template to gather remaining mandator data. */
+// public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html";
+//
+// /** kind of representation text in AUTH block*/
+// public final static String STANDARD_REPRESENTATION_TEXT = "berufsm��ige(r) Parteienvertreter(in)";
+//
+// /** Names of the produced SAML-attributes. */
+// public final static String EXT_SAML_MANDATE_RAW = "Mandate";
+// public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
+// public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
+// public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
+// public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType";
+// public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription";
+// public final static String EXT_SAML_MANDATE_OID = "OID";
+//
+// /** */
+// public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
+//
+// /** register and register number for non physical persons - the domain identifier for business applications*/
+// public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
+//
+// /**
+// * Parses the XML configuration element and creates the validators configuration
+// * Use this function if you want to preconfigure the validator.
+// *
+// * @param configElem
+// * the XML configuration element to parse.
+// * @throws ConfigurationException
+// * if an error occurs during the configuration process
+// */
+// public void Configure(Element configElem) throws ConfigurationException {
+// if (this.parepConfiguration == null) {
+// Logger.debug("Lade Konfiguration.");
+// parepConfiguration = new ParepConfiguration(configElem);
+// Logger.debug("Konfiguration erfolgreich geladen.");
+// }
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams)
+// */
+// public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException {
+//
+// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+//
+// try {
+// Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung.");
+// this.params = params;
+//
+// Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList());
+// // ParepUtils.serializeElement(mandate, System.out);
+// this.representationID = ParepUtils.extractRepresentativeID(mandate);
+// if (ParepUtils.isEmpty(representationID)) {
+// validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht");
+// return validationResult;
+// }
+//
+// // überprüfen der Identifikation (Type/Value).
+// String identificationType = this.params.getIdentificationType();
+// String identificationValue = this.params.getIdentificationValue();
+// if (this.params.getBusinessApplication()) {
+// if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
+// validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen.");
+// return validationResult;
+//
+// } else {
+// Logger.debug("Parteienvertreter wird mit wbPK identifiziert");
+// }
+// } else {
+// if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
+// //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt
+// if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
+// Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu �bermitteln. In der MOA-ID Konfiguration muss die �bermittlung Stammzahl aktiviert sein.");
+// validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
+// return validationResult;
+// } else {
+// Logger.debug("Organwalter wird mit Stammzahl identifiziert");
+// }
+// } else {
+// if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
+// // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist
+// identificationType = Constants.URN_PREFIX_CDID;
+// String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget());
+// identificationValue = bpkBase64;
+// Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert");
+// } else {
+// Logger.debug("Parteienvertreter wird mit bPK identifiziert");
+// }
+// }
+// }
+//
+// Configure(this.params.getApplicationSpecificParams());
+// // check if we have a configured party representative for that
+// if (!parepConfiguration.isPartyRepresentative(representationID)) {
+// Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert.");
+// validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
+// return validationResult;
+// }
+//
+// // Vertreter
+// this.request = new CreateMandateRequest();
+// request.setRepresentative(this.params, identificationType, identificationValue);
+// // ParepUtils.serializeElement(request.getRepresentative(), System.out);
+// //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml"));
+//
+// Logger.debug("Prüfe vorausgefüllte Daten...");
+// boolean physical = true;
+// String familyName = "";
+// String givenName = "";
+// String dateOfBirth = "";
+// String cbFullName = "";
+// String cbIdentificationType = "";
+// String cbIdentificationValue = "";
+// String postalCode = "";
+// String municipality = "";
+// String streetName = "";
+// String buildingNumber = "";
+// String unit = "";
+//
+// boolean formNecessary = false;
+// // Vertretener (erstes Vorkommen)
+// Element mandator = ParepUtils.extractMandator(mandate);
+// if (mandator != null) {
+// // ParepUtils.serializeElement(mandator, System.out);
+// // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml"));
+// if (ParepUtils.isPhysicalPerson(mandator)) {
+// familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+// givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+// dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+// } else {
+// physical = false;
+// cbFullName = ParepUtils.extractMandatorFullName(mandator);
+// cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
+// cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
+// }
+// postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
+// municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
+// streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
+// buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
+// unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
+//
+// }
+// if (physical) {
+// if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) {
+// validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt.");
+// return validationResult;
+// }
+// if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) {
+// formNecessary = true;
+// }
+// } else {
+// if (!parepConfiguration.isRepresentingCorporateParty(representationID)) {
+// validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt.");
+// return validationResult;
+// }
+// if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
+// formNecessary = true;
+// }
+// }
+//
+// //Zeigen wir, dass die Daten �bernommen wurden:
+// if (parepConfiguration.isAlwaysShowForm()) formNecessary=true;
+//
+// // Input processor
+// this.form = "";
+// if (formNecessary) {
+// ParepInputProcessor inputProcessor= getInputProcessor();
+// this.form = inputProcessor.start(
+// physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality,
+// cbFullName, cbIdentificationType, cbIdentificationValue);
+// if (this.form == null) {
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// } else {
+// // Request vorbereiten mit vorgegebenen Daten
+// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+// cbIdentificationType, cbIdentificationValue);
+// }
+//
+//
+// // ParepUtils.serializeElement(request.getMandator(), System.out);
+// // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml"));
+//
+// addAuthBlockExtendedSamlAttributes();
+// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+// Logger.debug("�berpr�fung der vertretenen Partei erfolgreich beendet");
+// validationResult.setValid(true);
+// return validationResult;
+// } catch (Exception e) {
+// e.printStackTrace();
+// Logger.info(e);
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map)
+// */
+// public InfoboxValidationResult validate(Map parameters) throws ValidateException {
+//
+// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+// Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
+// Logger.debug("Prüfe im Formular ausgefüllte Daten...");
+// if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString());
+//
+// // Input processor
+// ParepInputProcessor inputProcessor= getInputProcessor();
+// this.form = inputProcessor.validate(parameters, null);
+// if (this.form == null) {
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+//
+// addAuthBlockExtendedSamlAttributes();
+// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+// validationResult.setValid(true);
+// Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
+// return validationResult;
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element)
+// */
+// public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException {
+//
+// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+// Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung");
+// this.form = "";
+// try {
+//
+//
+// request.setSignature(samlAssertion);
+//
+////DPO debug
+//// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement();
+//// String id = representationID;
+//// CreateMandateResponse response;
+//// if (true) {
+//// if (this.params.getHideStammzahl()) {
+//// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
+//// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilit�tsmodus Personendaten ersetzt werden k�nnen.
+//// // W�rden die Stammzahlen gel�scht (geblindet) werden, w�rde der Identifikationswert des Vertretenen g�nzlich fehlen.
+//// // Im Falle einen business Anwendung berechnet MOA-ID nach R�ckkehr das wbPK
+//// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
+//// }
+//// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml"));
+//
+// //ParepUtils.serializeElement(request.toElement(), System.out);
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml"));
+//
+// // configure szrgw client
+// Logger.debug("Lade SZR-GW Client.");
+// SZRGWClient client = new SZRGWClient();
+// // System.out.println("Parameters: " + cfg.getConnectionParameters());
+// Logger.debug("Initialisiere Verbindung...");
+// ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID);
+// // Logger.debug("Connection Parameters: " + connectionParameters);
+// Logger.debug("SZR-GW URL: " + connectionParameters.getUrl());
+// client.setAddress(connectionParameters.getUrl());
+// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+// Logger.debug("Initialisiere SSL Verbindung");
+// client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+// }
+//
+// Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway...");
// CreateMandateResponse response;
-// if (true) {
+// Element requ = request.toElement();
+// try {
+// response = client.createMandateResponse(requ);
+// } catch (SZRGWClientException e) {
+// // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+// client = new SZRGWClient(connectionParameters.getUrl());
+// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+// response = client.createMandateResponse(requ);
+// }
+// Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()!=null ? response.getInfo():"");
+// if (response.getResultCode()==2000) {
+// if(response.getMandate()==null) {
+// Logger.error("Keine Vollmacht vom SZR-Gateway erhalten");
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+//
+//
+// //DPO debug output (2lines)
+// String id = representationID;
+// if (id.equals("*")) id="standardisiert";
+//
+// Element mandate = response.getMandate();
+// // Replace Stammzahlen
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
// if (this.params.getHideStammzahl()) {
-// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
-// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilit�tsmodus Personendaten ersetzt werden k�nnen.
-// // W�rden die Stammzahlen gel�scht (geblindet) werden, w�rde der Identifikationswert des Vertretenen g�nzlich fehlen.
-// // Im Falle einen business Anwendung berechnet MOA-ID nach R�ckkehr das wbPK
// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml"));
// }
-// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml"));
-
- //ParepUtils.serializeElement(request.toElement(), System.out);
- if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml"));
-
- // configure szrgw client
- Logger.debug("Lade SZR-GW Client.");
- SZRGWClient client = new SZRGWClient();
- // System.out.println("Parameters: " + cfg.getConnectionParameters());
- Logger.debug("Initialisiere Verbindung...");
- ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID);
- // Logger.debug("Connection Parameters: " + connectionParameters);
- Logger.debug("SZR-GW URL: " + connectionParameters.getUrl());
- client.setAddress(connectionParameters.getUrl());
- if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
- Logger.debug("Initialisiere SSL Verbindung");
- client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
- }
-
- Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway...");
- CreateMandateResponse response;
- Element requ = request.toElement();
- try {
- response = client.createMandateResponse(requ);
- } catch (SZRGWClientException e) {
- // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
- client = new SZRGWClient(connectionParameters.getUrl());
- if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
- response = client.createMandateResponse(requ);
- }
- Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()!=null ? response.getInfo():"");
- if (response.getResultCode()==2000) {
- if(response.getMandate()==null) {
- Logger.error("Keine Vollmacht vom SZR-Gateway erhalten");
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
-
-
- //DPO debug output (2lines)
- String id = representationID;
- if (id.equals("*")) id="standardisiert";
-
- Element mandate = response.getMandate();
- // Replace Stammzahlen
- if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
- if (this.params.getHideStammzahl()) {
- ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
- if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml"));
- }
-
- extendedSamlAttributes.clear();
- // Vollmacht
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
-
- validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
- validationResult.setValid(true);
- Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung erfolgreich beendet");
- } else {
- String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage";
- String responseInfo = response.getInfo();
- if (response.getResultCode()>=4000 && response.getResultCode()<4999) {
- if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
- validationResult.setErrorMessage(errorMsg);
- } else if (response.getResultCode()>=5000 && response.getResultCode()<=5999) {
- // Person not found
- ParepInputProcessor inputProcessor= getInputProcessor();
- switch (response.getResultCode()) {
- case 5230:
- errorMsg = "Keine mit den Eingaben &uuml;bereinstimmende Person vorhanden. Bitte erg&auml;nzen/&auml;ndern Sie ihre Angaben.";
- break;
- case 5231:
- errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Es existieren mehrere Personen zu Ihrer Suchanfrage. Bitte erg&auml;nzen/&auml;ndern Sie ihre Angaben.";
- break;
- default:
- if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
- }
- this.form = inputProcessor.validate(generateParameters(), errorMsg);
- if (this.form == null) {
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- validationResult.setValid(true);
- } else {
- // Do not inform the user too much
- Logger.error(errorMsg);
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- }
-
- }
- return validationResult;
- } catch (Exception e) {
- e.printStackTrace();
- Logger.info(e);
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- }
-
- /**
- * provides the primary infobox token of the given list.
- *
- * @param infoBoxTokens
- * the list of infobox tokens.
- * @return
- * the XML element of the primary token.
- * @throws ValidateException
- * if an error occurs or list is not suitable.
- */
- public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException {
- if (infoBoxTokens == null || infoBoxTokens.size() == 0) {
- throw new ValidateException("validator.62", null);
- }
- for (int i = 0; i < infoBoxTokens.size(); i++) {
- InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i);
- if (token.isPrimary()) {
- return token.getXMLToken();
- }
- }
- throw new ValidateException("validator.62", null);
- }
-
- /*
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes()
- */
- public ExtendedSAMLAttribute[] getExtendedSamlAttributes() {
- ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()];
- extendedSamlAttributes.copyInto(ret);
- Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length);
- return ret;
- }
-
-
- /**
- * @return The next pending user input form, which is "" if no form is to be shown, and null on errors.
- */
- public String getForm() {
- return this.form;
- }
-
- /**
- * Gets the user form input processor (class) assigned to the current party representative
- * If the method is called for the first time it initializes the input processor.
- *
- * @return The user form input processor
- */
- private ParepInputProcessor getInputProcessor() {
-
- if (this.inputProcessor!=null) return inputProcessor;
- String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID);
- ParepInputProcessor inputProcessor = null;
- try {
- Class inputProcessorClass = Class.forName(inputProcessorName);
- inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance();
- inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request);
- } catch (Exception e) {
- Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage());
- }
- this.inputProcessor = inputProcessor;
- return inputProcessor;
- }
-
- /**
- * Generates the parameter list, which is needed to simulate a return from
- * an user form.
- *
- * @return the form parameters
- */
- private Map generateParameters() {
- Map parameters = new HashMap();
- boolean physical = true;
- String familyName = "";
- String givenName = "";
- String dateOfBirth = "";
- String cbFullName = "";
- String cbIdentificationType = "";
- String cbIdentificationValue = "";
- String postalCode = "";
- String municipality = "";
- String streetName = "";
- String buildingNumber = "";
- String unit = "";
-
- try {
- // Vertretener (erstes Vorkommen)
- Element mandator = request.getMandator();
- if (mandator != null) {
- if (ParepUtils.isPhysicalPerson(mandator)) {
- familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
- givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
- dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
- } else {
- physical = false;
- cbFullName = ParepUtils.extractMandatorFullName(mandator);
- cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
- cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
- }
- postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
- municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
- streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
- buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
- unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
- }
- } catch (Exception e) {
- Logger.error("Could not extract Mandator form SZR-gateway request");
- }
- parameters.put("familyname_", familyName);
- parameters.put("givenname_", givenName);
- parameters.put("dateofbirth_", dateOfBirth);
- parameters.put("dobyear_", dateOfBirth.substring(0,4));
- parameters.put("dobmonth_", dateOfBirth.substring(5,7));
- parameters.put("dobday_", dateOfBirth.substring(8,10));
- parameters.put("physical_", physical ? "true" : "false");
- parameters.put("fullname_", cbFullName);
- parameters.put("cbidentificationtype_", cbIdentificationType);
- parameters.put("cbidentificationvalue_", cbIdentificationValue);
- parameters.put("postalcode_", postalCode);
- parameters.put("municipality_", municipality);
- parameters.put("streetname_", streetName);
- parameters.put("buildingnumber_", buildingNumber);
- parameters.put("unit_", unit);
- return parameters;
- }
-
- /**
- * Adds the AUTH block related SAML attributes to the validation result.
- * This is needed always before the AUTH block is to be signed, because the
- * name of the mandator has to be set
- */
- private void addAuthBlockExtendedSamlAttributes() {
- extendedSamlAttributes.clear();
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- Element mandator = request.getMandator();
- // Name
- String name = ParepUtils.extractMandatorName(mandator);
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- // Geburtsdatum
- String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
- if (dob != null && !"".equals(dob)) {
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- }
- // (w)bpk
- String wbpk = ParepUtils.extractMandatorWbpk(mandator);
- if (!ParepUtils.isEmpty(wbpk)) {
- if (!ParepUtils.isPhysicalPerson(mandator)){
- String idType = ParepUtils.extractMandatorIdentificationType(mandator);
- if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) {
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- }
- } else if (this.params.getBusinessApplication()) {
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- }
- }
- }
-
-// public static void main(String[] args) throws Exception {
+//
+// extendedSamlAttributes.clear();
+// // Vollmacht
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+//
+// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+// validationResult.setValid(true);
+// Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung erfolgreich beendet");
+// } else {
+// String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage";
+// String responseInfo = response.getInfo();
+// if (response.getResultCode()>=4000 && response.getResultCode()<4999) {
+// if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
+// validationResult.setErrorMessage(errorMsg);
+// } else if (response.getResultCode()>=5000 && response.getResultCode()<=5999) {
+// // Person not found
+// ParepInputProcessor inputProcessor= getInputProcessor();
+// switch (response.getResultCode()) {
+// case 5230:
+// errorMsg = "Keine mit den Eingaben &uuml;bereinstimmende Person vorhanden. Bitte erg&auml;nzen/&auml;ndern Sie ihre Angaben.";
+// break;
+// case 5231:
+// errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Es existieren mehrere Personen zu Ihrer Suchanfrage. Bitte erg&auml;nzen/&auml;ndern Sie ihre Angaben.";
+// break;
+// default:
+// if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
+// }
+// this.form = inputProcessor.validate(generateParameters(), errorMsg);
+// if (this.form == null) {
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// validationResult.setValid(true);
+// } else {
+// // Do not inform the user too much
+// Logger.error(errorMsg);
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// }
+//
+// }
+// return validationResult;
+// } catch (Exception e) {
+// e.printStackTrace();
+// Logger.info(e);
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// }
+//
+// /**
+// * provides the primary infobox token of the given list.
+// *
+// * @param infoBoxTokens
+// * the list of infobox tokens.
+// * @return
+// * the XML element of the primary token.
+// * @throws ValidateException
+// * if an error occurs or list is not suitable.
+// */
+// public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException {
+// if (infoBoxTokens == null || infoBoxTokens.size() == 0) {
+// throw new ValidateException("validator.62", null);
+// }
+// for (int i = 0; i < infoBoxTokens.size(); i++) {
+// InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i);
+// if (token.isPrimary()) {
+// return token.getXMLToken();
+// }
+// }
+// throw new ValidateException("validator.62", null);
+// }
+//
+// /*
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes()
+// */
+// public ExtendedSAMLAttribute[] getExtendedSamlAttributes() {
+// ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()];
+// extendedSamlAttributes.copyInto(ret);
+// Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length);
+// return ret;
+// }
+//
+//
+// /**
+// * @return The next pending user input form, which is "" if no form is to be shown, and null on errors.
+// */
+// public String getForm() {
+// return this.form;
+// }
+//
+// /**
+// * Gets the user form input processor (class) assigned to the current party representative
+// * If the method is called for the first time it initializes the input processor.
+// *
+// * @return The user form input processor
+// */
+// private ParepInputProcessor getInputProcessor() {
+//
+// if (this.inputProcessor!=null) return inputProcessor;
+// String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID);
+// ParepInputProcessor inputProcessor = null;
+// try {
+// Class inputProcessorClass = Class.forName(inputProcessorName);
+// inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance();
+// inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request);
+// } catch (Exception e) {
+// Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage());
+// }
+// this.inputProcessor = inputProcessor;
+// return inputProcessor;
+// }
+//
+// /**
+// * Generates the parameter list, which is needed to simulate a return from
+// * an user form.
+// *
+// * @return the form parameters
+// */
+// private Map generateParameters() {
+// Map parameters = new HashMap();
+// boolean physical = true;
+// String familyName = "";
+// String givenName = "";
+// String dateOfBirth = "";
+// String cbFullName = "";
+// String cbIdentificationType = "";
+// String cbIdentificationValue = "";
+// String postalCode = "";
+// String municipality = "";
+// String streetName = "";
+// String buildingNumber = "";
+// String unit = "";
+//
+// try {
+// // Vertretener (erstes Vorkommen)
+// Element mandator = request.getMandator();
+// if (mandator != null) {
+// if (ParepUtils.isPhysicalPerson(mandator)) {
+// familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+// givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+// dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+// } else {
+// physical = false;
+// cbFullName = ParepUtils.extractMandatorFullName(mandator);
+// cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
+// cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
+// }
+// postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
+// municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
+// streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
+// buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
+// unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
+// }
+// } catch (Exception e) {
+// Logger.error("Could not extract Mandator form SZR-gateway request");
+// }
+// parameters.put("familyname_", familyName);
+// parameters.put("givenname_", givenName);
+// parameters.put("dateofbirth_", dateOfBirth);
+// parameters.put("dobyear_", dateOfBirth.substring(0,4));
+// parameters.put("dobmonth_", dateOfBirth.substring(5,7));
+// parameters.put("dobday_", dateOfBirth.substring(8,10));
+// parameters.put("physical_", physical ? "true" : "false");
+// parameters.put("fullname_", cbFullName);
+// parameters.put("cbidentificationtype_", cbIdentificationType);
+// parameters.put("cbidentificationvalue_", cbIdentificationValue);
+// parameters.put("postalcode_", postalCode);
+// parameters.put("municipality_", municipality);
+// parameters.put("streetname_", streetName);
+// parameters.put("buildingnumber_", buildingNumber);
+// parameters.put("unit_", unit);
+// return parameters;
+// }
+//
+// /**
+// * Adds the AUTH block related SAML attributes to the validation result.
+// * This is needed always before the AUTH block is to be signed, because the
+// * name of the mandator has to be set
+// */
+// private void addAuthBlockExtendedSamlAttributes() {
+// extendedSamlAttributes.clear();
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// Element mandator = request.getMandator();
+// // Name
+// String name = ParepUtils.extractMandatorName(mandator);
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// // Geburtsdatum
+// String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
+// if (dob != null && !"".equals(dob)) {
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// }
+// // (w)bpk
+// String wbpk = ParepUtils.extractMandatorWbpk(mandator);
+// if (!ParepUtils.isEmpty(wbpk)) {
+// if (!ParepUtils.isPhysicalPerson(mandator)){
+// String idType = ParepUtils.extractMandatorIdentificationType(mandator);
+// if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) {
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// }
+// } else if (this.params.getBusinessApplication()) {
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// }
+// }
// }
+//
+//// public static void main(String[] args) throws Exception {
+//// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java
index bc5a0e061..ee5a57914 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java
@@ -49,386 +49,388 @@ import at.gv.egovernment.moa.util.Constants;
* @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
*/
public class ParepConfiguration {
-
- /**
- * System property for config file.
- */
- public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config";
-
- /**
- * SZR-GW connection parameters.
- */
- private ConnectionParameter standardConnectionParameters;
-
- /**
- * Input field processor.
- */
- private String standardInputProcessorClass;
-
- /**
- * Input field processor template.
- */
- private String standardInputProcessorTemplate;
-
- /**
- * Configured party representatives.
- */
- private HashMap partyRepresentatives;
-
- /**
- * The configuration element.
- */
- private Element configElement = null;
-
- /**
- * Defines whether the user input form must be shown on each
- * request or not (also predefined mandates)
- */
- private boolean alwaysShowForm = false;
-
- /**
- * The configuration base directory.
- */
- private String baseDir_;
-
- /**
- * Gets the SZR-GW connection parameters.
- *
- * @return the connection parameters.
- */
- public ConnectionParameter getConnectionParameters(String representationID) {
- if (partyRepresentatives == null || "*".equals(representationID))
- return standardConnectionParameters;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- ConnectionParameter connectionParameters = pr.getConnectionParameters();
- if (connectionParameters==null) connectionParameters = standardConnectionParameters;
- return connectionParameters;
- }
-
- /**
- * Sets the SZR-GW connection parameters for standard connection.
- *
- * @param connectionParameters
- * the connection parameters.
- */
- public void setStandardConnectionParameters(ConnectionParameter connectionParameters) {
- this.standardConnectionParameters = connectionParameters;
- }
-
- /*
- *
- */
- public String getFullDirectoryName(String fileString) {
- return makeAbsoluteURL(fileString, baseDir_);
- }
-
- /*
- *
- */
- private static String makeAbsoluteURL(String url, String root) {
- // if url is relative to rootConfigFileDirName make it absolute
-
- File keyFile;
- String newURL = url;
-
- if (null == url)
- return null;
-
- if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) {
- return url;
- } else {
- // check if absolute - if not make it absolute
- keyFile = new File(url);
- if (!keyFile.isAbsolute()) {
- keyFile = new File(root, url);
- newURL = keyFile.getPath();
- }
- return newURL;
- }
- }
-
- /**
- * Initializes the configuration with a given XML configuration element found
- * in the MOA-ID configuration.
- *
- * @param configElem
- * the configuration element.
- * @throws ConfigurationException
- * if an error occurs initializing the configuration.
- */
- public ParepConfiguration(Element configElem) throws ConfigurationException {
-
- partyRepresentatives = new HashMap();
- partyRepresentatives.put("*", new PartyRepresentative(true, true));
-
- String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
-
- try {
-
- baseDir_ = (new File(fileName)).getParentFile().toURL().toString();
- Logger.trace("Config base directory: " + baseDir_);
- // check for configuration in system properties
- if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) {
- Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG)));
- this.configElement = doc.getDocumentElement();
- } else {
- this.configElement = configElem;
- }
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e);
- }
- load();
- }
-
- /*
- *
- */
- private void load() throws ConfigurationException {
- Logger.debug("Parse ParepValidator Konfiguration");
- try {
- Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
- nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
- // nameSpaceNode.setAttribute("xmlns:sgw",
- // SZRGWConstants.SZRGW_PROFILE_NS);
-
- Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
- if (inputProcessorNode != null) {
- this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template");
- Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode);
- if (inputProcessorClassNode != null) {
- this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue();
- }
- }
- Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode);
- if (alwaysShowFormNode != null) {
- this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue());
- }
-
- // load connection parameters
- Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter");
- Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode);
- if (connectionParamElement != null) {
- // parse connection parameters
- // ParepUtils.serializeElement(connectionParamElement, System.out);
- this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode);
- }
-
- Logger.trace("Lade Konfiguration der Parteienvertreter");
- NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode);
- for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) {
-
- PartyRepresentative partyRepresentative = new PartyRepresentative();
-
- Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i);
- boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false;
- boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false;
- partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid"));
- partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty);
- partyRepresentative.setRepresentingCorporateParty(representCorporateParty);
- partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText"));
-
- Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
- if (inputProcessorSubNode != null) {
- partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template"));
- Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
- + ":InputProcessor/text()", nameSpaceNode);
- if (inputProcessorClassSubNode != null) {
- partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue());
- }
- }
-
- Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
- + ":ConnectionParameter", nameSpaceNode);
- if (connectionParamSubElement == null) {
- if (this.standardConnectionParameters == null) {
- throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter "
- + partyRepresentative.getOid() + " fehlen.", null, null);
- }
- } else {
- // parse connection parameters
- // ParepUtils.serializeElement(connectionParamSubElement, System.out);
- partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode));
- }
- partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative);
- Logger.debug("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty="
- + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty()
- + ", representationText=" + partyRepresentative.getRepresentationText()
- + ")");
- }
-
- Logger.debug("ParepValidator Konfiguration erfolgreich geparst.");
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e);
- }
- }
-
- /*
- *
- */
- private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException {
- try {
- ConnectionParameter connectionParameter = new ConnectionParameter();
-
- // parse connection url
- String URL = connParamElement.getAttribute("URL");
- connectionParameter.setUrl(URL);
-
- // accepted server certificates
- Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()",
- nameSpaceNode);
- if (accServerCertsNode != null) {
-
- String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue());
- Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir);
- connectionParameter.setAcceptedServerCertificates(serverCertsDir);
- }
-
- // client key store
- Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode);
- if (clientKeyStoreNode != null) {
- String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue());
- connectionParameter.setClientKeyStore(clientKeystore);
- }
-
- // client key store password
- Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password",
- nameSpaceNode);
- if (clientKeyStorePasswordNode != null) {
- connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue());
- }
-
- return connectionParameter;
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e);
- }
- }
-
- public boolean isPartyRepresentative(String representationID) {
- if (partyRepresentatives == null)
- return false;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- return pr != null;
- }
-
- public boolean isRepresentingCorporateParty(String representationID) {
- if (partyRepresentatives == null) return false;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr == null) return false;
- return pr.isRepresentingCorporateParty();
- }
-
- public boolean isRepresentingPhysicalParty(String representationID) {
- if (partyRepresentatives == null) return false;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr == null) return false;
- return pr.isRepresentingPhysicalParty();
- }
-
- public String getRepresentationText(String representationID) {
- String result = ParepValidator.STANDARD_REPRESENTATION_TEXT;
- if (partyRepresentatives != null) {
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr != null) {
- if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText();
- }
- }
- return result;
- }
-
- /**
- * @return the input processor classname corresponding to <code>representationID</code>
- * @param representationID
- * the representation ID.
- */
- public String getInputProcessorClass(String representationID) {
- String inputProcessorClass = standardInputProcessorClass;
- if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR;
- if (!(partyRepresentatives == null || "*".equals(representationID))) {
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr!=null) {
- String prInputProcessorClass = pr.getInputProcessorClass();
- if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass;
- }
- }
- return inputProcessorClass;
- }
-
- /**
- * @param standardInputProcessorClass the standardInputProcessorClass to set
- */
- public void setStandardInputProcessorClass(String standardInputProcessorClass) {
- this.standardInputProcessorClass = standardInputProcessorClass;
- }
-
- /**
- * @return the InputProcessorTemplate
- */
- public String getInputProcessorTemplate(String representationID) {
- String inputProcessorTemplate = standardInputProcessorTemplate;
- if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE;
- if (!(partyRepresentatives == null || "*".equals(representationID))) {
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr!=null) {
- String prInputProcessorTemplate = pr.getInputProcessorTemplate();
- if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate;
- }
- }
- return inputProcessorTemplate;
- }
-
- /**
- * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set
- */
- public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) {
- this.standardInputProcessorTemplate = standardInputProcessorTemplate;
- }
-
- /**
- * @return the alwaysShowForm
- */
- public boolean isAlwaysShowForm() {
- return alwaysShowForm;
- }
-
+
+
+ //TODO: check correctness!!!!
/**
- * @param alwaysShowForm the alwaysShowForm to set
- */
- public void setAlwaysShowForm(String alwaysShowForm) {
- if (ParepUtils.isEmpty(alwaysShowForm)) {
- this.alwaysShowForm = false;
- } else {
- this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true");
- }
- }
-
- public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException {
- try {
- if (configElement==null) return false;
- Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
- nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
- Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode);
- if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) {
- return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true");
- }
- return false;
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Parsen des CompatibilityMode Parameters.", null, e);
- }
-
- }
-
-
-// public static void main(String[] args) throws Exception {
-// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml");
-// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml");
-// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties");
-// Configuration cfg = new Configuration(null);
-// System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110"));
-//}
+// * System property for config file.
+// */
+// public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config";
+//
+// /**
+// * SZR-GW connection parameters.
+// */
+// private ConnectionParameter standardConnectionParameters;
+//
+// /**
+// * Input field processor.
+// */
+// private String standardInputProcessorClass;
+//
+// /**
+// * Input field processor template.
+// */
+// private String standardInputProcessorTemplate;
+//
+// /**
+// * Configured party representatives.
+// */
+// private HashMap partyRepresentatives;
+//
+// /**
+// * The configuration element.
+// */
+// private Element configElement = null;
+//
+// /**
+// * Defines whether the user input form must be shown on each
+// * request or not (also predefined mandates)
+// */
+// private boolean alwaysShowForm = false;
+//
+// /**
+// * The configuration base directory.
+// */
+// private String baseDir_;
+//
+// /**
+// * Gets the SZR-GW connection parameters.
+// *
+// * @return the connection parameters.
+// */
+// public ConnectionParameter getConnectionParameters(String representationID) {
+// if (partyRepresentatives == null || "*".equals(representationID))
+// return standardConnectionParameters;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// ConnectionParameter connectionParameters = pr.getConnectionParameters();
+// if (connectionParameters==null) connectionParameters = standardConnectionParameters;
+// return connectionParameters;
+// }
+//
+// /**
+// * Sets the SZR-GW connection parameters for standard connection.
+// *
+// * @param connectionParameters
+// * the connection parameters.
+// */
+// public void setStandardConnectionParameters(ConnectionParameter connectionParameters) {
+// this.standardConnectionParameters = connectionParameters;
+// }
+//
+// /*
+// *
+// */
+// public String getFullDirectoryName(String fileString) {
+// return makeAbsoluteURL(fileString, baseDir_);
+// }
+//
+// /*
+// *
+// */
+// private static String makeAbsoluteURL(String url, String root) {
+// // if url is relative to rootConfigFileDirName make it absolute
+//
+// File keyFile;
+// String newURL = url;
+//
+// if (null == url)
+// return null;
+//
+// if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) {
+// return url;
+// } else {
+// // check if absolute - if not make it absolute
+// keyFile = new File(url);
+// if (!keyFile.isAbsolute()) {
+// keyFile = new File(root, url);
+// newURL = keyFile.getPath();
+// }
+// return newURL;
+// }
+// }
+//
+// /**
+// * Initializes the configuration with a given XML configuration element found
+// * in the MOA-ID configuration.
+// *
+// * @param configElem
+// * the configuration element.
+// * @throws ConfigurationException
+// * if an error occurs initializing the configuration.
+// */
+// public ParepConfiguration(Element configElem) throws ConfigurationException {
+//
+// partyRepresentatives = new HashMap();
+// partyRepresentatives.put("*", new PartyRepresentative(true, true));
+//
+// String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
+//
+// try {
+//
+// baseDir_ = (new File(fileName)).getParentFile().toURL().toString();
+// Logger.trace("Config base directory: " + baseDir_);
+// // check for configuration in system properties
+// if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) {
+// Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG)));
+// this.configElement = doc.getDocumentElement();
+// } else {
+// this.configElement = configElem;
+// }
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e);
+// }
+// load();
+// }
+//
+// /*
+// *
+// */
+// private void load() throws ConfigurationException {
+// Logger.debug("Parse ParepValidator Konfiguration");
+// try {
+// Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
+// nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+// // nameSpaceNode.setAttribute("xmlns:sgw",
+// // SZRGWConstants.SZRGW_PROFILE_NS);
+//
+// Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
+// if (inputProcessorNode != null) {
+// this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template");
+// Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode);
+// if (inputProcessorClassNode != null) {
+// this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue();
+// }
+// }
+// Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode);
+// if (alwaysShowFormNode != null) {
+// this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue());
+// }
+//
+// // load connection parameters
+// Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter");
+// Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode);
+// if (connectionParamElement != null) {
+// // parse connection parameters
+// // ParepUtils.serializeElement(connectionParamElement, System.out);
+// this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode);
+// }
+//
+// Logger.trace("Lade Konfiguration der Parteienvertreter");
+// NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode);
+// for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) {
+//
+// PartyRepresentative partyRepresentative = new PartyRepresentative();
+//
+// Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i);
+// boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false;
+// boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false;
+// partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid"));
+// partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty);
+// partyRepresentative.setRepresentingCorporateParty(representCorporateParty);
+// partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText"));
+//
+// Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
+// if (inputProcessorSubNode != null) {
+// partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template"));
+// Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
+// + ":InputProcessor/text()", nameSpaceNode);
+// if (inputProcessorClassSubNode != null) {
+// partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue());
+// }
+// }
+//
+// Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
+// + ":ConnectionParameter", nameSpaceNode);
+// if (connectionParamSubElement == null) {
+// if (this.standardConnectionParameters == null) {
+// throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter "
+// + partyRepresentative.getOid() + " fehlen.", null, null);
+// }
+// } else {
+// // parse connection parameters
+// // ParepUtils.serializeElement(connectionParamSubElement, System.out);
+// partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode));
+// }
+// partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative);
+// Logger.debug("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty="
+// + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty()
+// + ", representationText=" + partyRepresentative.getRepresentationText()
+// + ")");
+// }
+//
+// Logger.debug("ParepValidator Konfiguration erfolgreich geparst.");
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e);
+// }
+// }
+//
+// /*
+// *
+// */
+// private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException {
+// try {
+// ConnectionParameter connectionParameter = new ConnectionParameter();
+//
+// // parse connection url
+// String URL = connParamElement.getAttribute("URL");
+// connectionParameter.setUrl(URL);
+//
+// // accepted server certificates
+// Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()",
+// nameSpaceNode);
+// if (accServerCertsNode != null) {
+//
+// String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue());
+// Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir);
+// connectionParameter.setAcceptedServerCertificates(serverCertsDir);
+// }
+//
+// // client key store
+// Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode);
+// if (clientKeyStoreNode != null) {
+// String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue());
+// connectionParameter.setClientKeyStore(clientKeystore);
+// }
+//
+// // client key store password
+// Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password",
+// nameSpaceNode);
+// if (clientKeyStorePasswordNode != null) {
+// connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue());
+// }
+//
+// return connectionParameter;
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e);
+// }
+// }
+//
+// public boolean isPartyRepresentative(String representationID) {
+// if (partyRepresentatives == null)
+// return false;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// return pr != null;
+// }
+//
+// public boolean isRepresentingCorporateParty(String representationID) {
+// if (partyRepresentatives == null) return false;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr == null) return false;
+// return pr.isRepresentingCorporateParty();
+// }
+//
+// public boolean isRepresentingPhysicalParty(String representationID) {
+// if (partyRepresentatives == null) return false;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr == null) return false;
+// return pr.isRepresentingPhysicalParty();
+// }
+//
+// public String getRepresentationText(String representationID) {
+// String result = ParepValidator.STANDARD_REPRESENTATION_TEXT;
+// if (partyRepresentatives != null) {
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr != null) {
+// if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText();
+// }
+// }
+// return result;
+// }
+//
+// /**
+// * @return the input processor classname corresponding to <code>representationID</code>
+// * @param representationID
+// * the representation ID.
+// */
+// public String getInputProcessorClass(String representationID) {
+// String inputProcessorClass = standardInputProcessorClass;
+// if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR;
+// if (!(partyRepresentatives == null || "*".equals(representationID))) {
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr!=null) {
+// String prInputProcessorClass = pr.getInputProcessorClass();
+// if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass;
+// }
+// }
+// return inputProcessorClass;
+// }
+//
+// /**
+// * @param standardInputProcessorClass the standardInputProcessorClass to set
+// */
+// public void setStandardInputProcessorClass(String standardInputProcessorClass) {
+// this.standardInputProcessorClass = standardInputProcessorClass;
+// }
+//
+// /**
+// * @return the InputProcessorTemplate
+// */
+// public String getInputProcessorTemplate(String representationID) {
+// String inputProcessorTemplate = standardInputProcessorTemplate;
+// if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE;
+// if (!(partyRepresentatives == null || "*".equals(representationID))) {
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr!=null) {
+// String prInputProcessorTemplate = pr.getInputProcessorTemplate();
+// if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate;
+// }
+// }
+// return inputProcessorTemplate;
+// }
+//
+// /**
+// * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set
+// */
+// public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) {
+// this.standardInputProcessorTemplate = standardInputProcessorTemplate;
+// }
+//
+// /**
+// * @return the alwaysShowForm
+// */
+// public boolean isAlwaysShowForm() {
+// return alwaysShowForm;
+// }
+//
+// /**
+// * @param alwaysShowForm the alwaysShowForm to set
+// */
+// public void setAlwaysShowForm(String alwaysShowForm) {
+// if (ParepUtils.isEmpty(alwaysShowForm)) {
+// this.alwaysShowForm = false;
+// } else {
+// this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true");
+// }
+// }
+//
+// public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException {
+// try {
+// if (configElement==null) return false;
+// Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
+// nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+// Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode);
+// if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) {
+// return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true");
+// }
+// return false;
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Parsen des CompatibilityMode Parameters.", null, e);
+// }
+//
+// }
+//
+//
+//// public static void main(String[] args) throws Exception {
+//// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml");
+//// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml");
+//// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties");
+//// Configuration cfg = new Configuration(null);
+//// System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110"));
+////}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
index fb1dc0293..bf4952113 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
@@ -81,7 +81,7 @@ public class ConfigurationProvider {
* A <code>Map</code> which contains the <code>IssuerAndSerial</code> to
* chaining mode (a <code>String</code>) mapping.
*/
- protected Map chainingModes;
+ protected Map<IssuerAndSerial, String> chainingModes;
/**
* the URL for the trusted CA Certificates
@@ -93,6 +93,10 @@ public class ConfigurationProvider {
*/
protected String rootConfigFileDir;
+ protected String certstoreDirectory;
+
+ protected boolean trustmanagerrevoationchecking;
+
/**
* Returns the main configuration file directory used to configure MOA-ID
*
@@ -148,5 +152,22 @@ public class ConfigurationProvider {
return trustedCACertificates;
}
+
+/**
+ * @return the certstoreDirectory
+ */
+public String getCertstoreDirectory() {
+ return certstoreDirectory;
+}
+
+/**
+ * @return the trustmanagerrevoationchecking
+ */
+public boolean isTrustmanagerrevoationchecking() {
+ return trustmanagerrevoationchecking;
+}
+
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java
new file mode 100644
index 000000000..65fda8396
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java
@@ -0,0 +1,36 @@
+package at.gv.egovernment.moa.id.config;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.util.ArrayList;
+import java.util.List;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+
+public class ConfigurationUtils {
+
+ public static List<String> getTransformInfos(List<TransformsInfoType> transformations) {
+ List<String> list = new ArrayList<String>();
+
+ for (TransformsInfoType e1 : transformations) {
+
+ try {
+ String transform = new String(e1.getTransformation(), "UTF-8");
+ String encoded = new String(Base64Utils.decode(transform, false), "UTF-8");
+ list.add(encoded);
+
+ } catch (UnsupportedEncodingException e) {
+ Logger.warn("Transformation can not be loaded. An encoding error ocurs");
+ return null;
+
+ } catch (IOException e) {
+ Logger.warn("Transformation can not be loaded from database.");
+ return null;
+ }
+ }
+ return list;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java
new file mode 100644
index 000000000..41d6959b1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.config;
+
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class ConnectionParameterForeign extends ConnectionParameter{
+
+ private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.foreignidentities.";
+
+ public ConnectionParameterForeign(ConnectionParameterClientAuthType database,
+ Properties prop, String basedirectory) {
+ super(database, prop, basedirectory);
+ }
+
+ public String getAcceptedServerCertificates() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_ACCEPEDSERVERCERTS);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return basedirectory + e1;
+ }
+
+ public String getClientKeyStore() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTORE);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return basedirectory + e1;
+ }
+
+ public String getClientKeyStorePassword() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTOREPASSWORD);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return e1;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java
new file mode 100644
index 000000000..0e05633c8
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java
@@ -0,0 +1,42 @@
+package at.gv.egovernment.moa.id.config;
+
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class ConnectionParameterMOASP extends ConnectionParameter{
+
+ private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.moasp.";
+
+ public ConnectionParameterMOASP(ConnectionParameterClientAuthType database,
+ Properties prop, String basedirectory) {
+ super(database, prop, basedirectory);
+ }
+
+ public String getAcceptedServerCertificates() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_ACCEPEDSERVERCERTS);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return basedirectory + e1;
+
+ }
+
+ public String getClientKeyStore() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTORE);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return basedirectory + e1;
+ }
+
+ public String getClientKeyStorePassword() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTOREPASSWORD);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return e1;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java
new file mode 100644
index 000000000..00b393b92
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.config;
+
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class ConnectionParameterMandate extends ConnectionParameter{
+
+ private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.onlinemandates.";
+
+ public ConnectionParameterMandate(ConnectionParameterClientAuthType database,
+ Properties prop, String basedirectory) {
+ super(database, prop, basedirectory);
+ }
+
+ public String getAcceptedServerCertificates() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_ACCEPEDSERVERCERTS);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return basedirectory + e1;
+ }
+
+ public String getClientKeyStore() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTORE);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return basedirectory + e1;
+ }
+
+ public String getClientKeyStorePassword() {
+ String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTOREPASSWORD);
+ if (MiscUtil.isEmpty(e1))
+ return null;
+ else
+ return e1;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
index 56c97a802..c1715d6fc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
@@ -24,6 +24,8 @@
package at.gv.egovernment.moa.id.config;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+
/**
* Configuration parameters belonging to an online application,
* to be used within both, the MOA ID Auth and the
@@ -33,6 +35,25 @@ package at.gv.egovernment.moa.id.config;
*/
public class OAParameter {
+ public OAParameter(OnlineApplication oa) {
+
+ this.oaType = oa.getType();
+
+ if (this.oaType.equals("businessService"))
+ this.businessService = true;
+ else
+ this.businessService = false;
+
+ this.publicURLPrefix = oa.getPublicURLPrefix();
+
+ this.friendlyName = oa.getFriendlyName();
+
+ this.target = oa.getTarget();
+
+ this.targetFriendlyName = oa.getTargetFriendlyName();
+
+ }
+
/**
* type of the online application (maybe "PublicService" or "BusinessService")
*/
@@ -63,102 +84,26 @@ public class OAParameter {
*/
private String targetFriendlyName;
- /**
- * Returns the type of the online application.
- * @return the type of the online application.
- */
- public String getOaType() {
- return oaType;
- }
-
- /**
- * Returns <code>true</code> is the OA is a businss application, otherwise
- * <code>false</code>.
- * @return <code>true</code> is the OA is a businss application, otherwise
- * <code>false</code>
- */
- public boolean getBusinessService() {
- return this.businessService;
- }
- /**
- * Returns the publicURLPrefix.
- * @return String
- */
- public String getPublicURLPrefix() {
- return publicURLPrefix;
- }
- /**
- *
- * Sets the type of the online application.
- * If the type is "businessService" the value of <code>businessService</code>
- * ({@link #getBusinessService()}) is also set to <code>true</code>
- * @param oaType The type of the online application.
- */
- public void setOaType(String oaType) {
- this.oaType = oaType;
- if ("businessService".equalsIgnoreCase(oaType)) {
- this.businessService = true;
- }
- }
+ public String getOaType() {
+ return oaType;
+ }
+ public boolean getBusinessService() {
+ return businessService;
+ }
+ public String getPublicURLPrefix() {
+ return publicURLPrefix;
+ }
+ public String getFriendlyName() {
+ return friendlyName;
+ }
+ public String getTarget() {
+ return target;
+ }
+ public String getTargetFriendlyName() {
+ return targetFriendlyName;
+ }
- /**
- * Sets the publicURLPrefix.
- * @param publicURLPrefix The publicURLPrefix to set
- */
- public void setPublicURLPrefix(String publicURLPrefix) {
- this.publicURLPrefix = publicURLPrefix;
- }
-
-
- /**
- * Gets the friendly name of the OA
- * @return Friendly Name of the OA
- */
- public String getFriendlyName() {
- return friendlyName;
- }
-
- /**
- * Sets the friendly name of the OA
- * @param friendlyName
- */
- public void setFriendlyName(String friendlyName) {
- this.friendlyName = friendlyName;
- }
-
- /**
- * Gets the target of the OA
- * @return target of the OA
- */
- public String getTarget() {
- return target;
- }
-
- /**
- * Sets the target of the OA
- * @param target
- */
- public void setTarget(String target) {
- this.target = target;
- }
-
- /**
- * Gets the target friendly name of the OA
- * @return target Friendly Name of the OA
- */
- public String getTargetFriendlyName() {
- return targetFriendlyName;
- }
-
- /**
- * Sets the target friendly name of the OA
- * @param targetFriendlyName
- */
- public void setTargetFriendlyName(String targetFriendlyName) {
- this.targetFriendlyName = targetFriendlyName;
- }
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 6f1af9842..922d86fc0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -24,38 +24,60 @@
package at.gv.egovernment.moa.id.config.auth;
-import java.io.BufferedInputStream;
+import iaik.util.logging.Log;
+
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
-import java.io.InputStream;
import java.net.MalformedURLException;
+import java.util.ArrayList;
+import java.util.HashMap;
import java.util.List;
import java.util.Properties;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+
import org.hibernate.cfg.Configuration;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationUtil;
-import at.gv.egovernment.moa.id.commons.db.MOASessionUtil;
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners;
+import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor;
+import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock;
+import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
-import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
+import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.ConfigurationUtils;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.ConnectionParameterForeign;
+import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP;
+import at.gv.egovernment.moa.id.config.ConnectionParameterMandate;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.id.data.IssuerAndSerial;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.egovernment.moa.util.XPathUtils;
import eu.stork.vidp.messages.common.STORKBootstrap;
/**
@@ -123,90 +145,12 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
//
// configuration data
//
+ private static MOAIDConfiguration moaidconfig;
- /**
- * configuration files containing transformations for rendering in the
- * secure viewer of the security layer implementation;
- * multiple files can be given for different mime types
- */
- private String[] transformsInfoFileNames;
-
- /**
- * transformations for rendering in the secure viewer of the security layer implementation,
- * read from {@link transformsInfoFileNames};
- * multiple transformation can be given for different mime types
- */
- private String[] transformsInfos;
-
- /**
- * parameters for connection to MOA SP component
- */
- private ConnectionParameter moaSpConnectionParameter;
-
-
- /**
- * trust profile ID to be used for verifying the identity link signature via MOA ID SP
- */
- private String moaSpIdentityLinkTrustProfileID;
- /**
- * trust profile ID to be used for verifying the AUTH block signature via MOA ID SP
- */
- private String moaSpAuthBlockTrustProfileID;
- /**
- * transformations to be used for verifying the AUTH block signature via MOA ID SP
- */
- private String[] moaSpAuthBlockVerifyTransformsInfoIDs;
- /**
- * X509 SubjectNames which will be trusted
- */
- private List identityLinkX509SubjectNames;
- /**
- * default parameters for verifying additional infoboxes.
- */
- private VerifyInfoboxParameters defaultVerifyInfoboxParameters;
-
- /**
- * configuration parameters for online applications
- */
- private OAAuthParameter[] onlineApplicationAuthParameters;
- /**
- * the Selection Type of the bku Selection Element
- */
- private String bKUSelectionType;
- /**
- * is the bku Selection Element present?
- */
- private boolean bKUSelectable;
- /**
- * the bku Selection Connection Parameters
- */
- private ConnectionParameter bKUConnectionParameter;
-
- /**
- * parameter for connection to SZR-GW GetIdentityLink
- */
- private ConnectionParameter foreignIDConnectionParameter;
-
- /**
- * parameter for connection to OnlineMandates Service
- */
- private ConnectionParameter onlineMandatesConnectionParameter;
-
- /**
- * Parameter for trusted BKUs
- */
- private List trustedBKUs;
-
- /**
- * Parameter for trusted Template URLs
- */
- private List trustedTemplateURLs;
-
- /**
- * Holds general information for STORK (e.g. C-PEPS connection parameter, SAML signing parameters, etc.)
- */
- private STORKConfig storkConfig;
+ private static Properties props;
+ private static STORKConfig storkconfig;
+
/**
* Return the single instance of configuration data.
*
@@ -260,38 +204,16 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
* read/built.
*/
private void load(String fileName) throws ConfigurationException {
- InputStream stream = null;
- Element configElem;
- ConfigurationBuilder builder;
-
- try {
- // load the main config file
- stream = new BufferedInputStream(new FileInputStream(fileName));
- configElem = DOMUtils.parseXmlValidating(stream);
- } catch (Throwable t) {
- throw new ConfigurationException("config.03", null, t);
- }
- finally {
- try {
- if (stream != null) {
- stream.close();
- }
- } catch (IOException e) {
- }
- }
- try {
-
+
+ try {
//Initial Hibernate Framework
Logger.trace("Initializing Hibernate framework.");
//Load MOAID-2.0 properties file
- String propertiesFileLocation = System.getProperty("moa.id.config");
- MiscUtil.assertNotNull(propertiesFileLocation, "propertiesFileName");
- File propertiesFile = new File(propertiesFileLocation);
+ File propertiesFile = new File(fileName);
FileInputStream fis;
- Properties props = new Properties();
+ props = new Properties();
- //TODO: determine from new config file path
// determine the directory of the root config file
rootConfigFileDir = new File(fileName).getParent();
@@ -306,7 +228,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
fis = new FileInputStream(propertiesFile);
props.load(fis);
-
+ //TODO: maybe some general hibnerate config!!!
// read MOAID Session Hibernate properties
Properties moaSessionProp = new Properties();
for (Object key : props.keySet()) {
@@ -331,7 +253,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
synchronized (AuthConfigurationProvider.class) {
//Initial config Database
- ConfigurationUtil.initHibernate(configProp);
+ ConfigurationDBUtils.initHibernate(configProp);
//initial MOAID Session Database
Configuration config = new Configuration();
@@ -340,7 +262,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
config.addAnnotatedClass(OASessionStore.class);
config.addAnnotatedClass(OldSSOSessionIDStore.class);
config.addProperties(moaSessionProp);
- MOASessionUtil.initHibernate(config, moaSessionProp);
+ MOASessionDBUtils.initHibernate(config, moaSessionProp);
}
Logger.trace("Hibernate initialization finished.");
@@ -360,113 +282,141 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
Logger.info("Starting initialization of OpenSAML...");
STORKBootstrap.bootstrap();
Logger.debug("OpenSAML successfully initialized");
+
+
+ String legacyconfig = props.getProperty("configuration.xml.legacy");
+ String xmlconfig = props.getProperty("configuration.xml");
+
+ //check if XML config should be used
+ if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) {
+ Logger.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!");
+ moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
+ if (moaidconfig != null)
+ ConfigurationDBUtils.delete(moaidconfig);
+ }
+
+ //load legacy config if it is configured
+ if (MiscUtil.isNotEmpty(legacyconfig)) {
+ Logger.warn("WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!");
+ MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(legacyconfig, rootConfigFileDir);
+ ConfigurationDBUtils.save(moaconfig);
+ Logger.info("Legacy Configuration load is completed.");
+
+ //TODO: only for Testing!!!
+ if (MiscUtil.isNotEmpty(xmlconfig)) {
+ Logger.info("Write MOA-ID 2.x xml config into " + xmlconfig);
+ JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
+ Marshaller m = jc.createMarshaller();
+ m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
+ File test = new File(xmlconfig);
+ m.marshal(moaconfig, test);
+
+ }
+ }
- //TODO: load from Legacy if legacy.xml.configuration != null
-// MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(fileName, rootConfigFileDir);
-// ConfigurationUtil.save(moaconfig);
+ //load legacy config if it is configured
+ if (MiscUtil.isNotEmpty(xmlconfig)) {
+ Logger.warn("Load configuration from MOA-ID 2.x XML configuration");
- //TODO: Save MOAID 2.0 config to XML
-// JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
-// Marshaller m = jc.createMarshaller();
-// m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
-// File test = new File("D:/moa2.0_config.xml");
-// m.marshal(moaconfig, test);
+ try {
+ JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
+ Unmarshaller m = jc.createUnmarshaller();
+ File file = new File(xmlconfig);
+ MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(file);
+ //ConfigurationDBUtils.save(moaconfig);
+ ConfigurationDBUtils.saveOrUpdate(moaconfig);
+
+ } catch (Exception e) {
+ Log.err("MOA-ID XML configuration can not be loaded from File.");
+ throw new ConfigurationException("config.02", null);
+ }
+ Logger.info("XML Configuration load is completed.");
+ }
+ Logger.info("Read MOA-ID 2.0 configuration from database.");
+ moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
+ Logger.info("MOA-ID 2.0 is loaded.");
-// // build the internal datastructures
- builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
- bKUConnectionParameter = builder.buildAuthBKUConnectionParameter();
- bKUSelectable = (bKUConnectionParameter!=null);
- bKUSelectionType = builder.buildAuthBKUSelectionType();
- genericConfiguration = builder.buildGenericConfiguration();
- transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH);
- transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames);
- moaSpConnectionParameter = builder.buildMoaSpConnectionParameter();
- moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID();
- moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID();
- moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs();
- defaultVerifyInfoboxParameters = null;
- Node defaultVerifyInfoboxParamtersElem = XPathUtils.selectSingleNode(configElem, ConfigurationBuilder.AUTH_VERIFY_INFOBOXES_XPATH);
- if (defaultVerifyInfoboxParamtersElem != null) {
- defaultVerifyInfoboxParameters =
- builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID);
- }
-
-
- foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter();
- onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter();
- onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID);
- identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames();
- defaultChainingMode = builder.getDefaultChainingMode();
- chainingModes = builder.buildChainingModes();
- trustedCACertificates = builder.getTrustedCACertificates();
- trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir);
- trustedBKUs = builder.getTrustedBKUs();
- trustedTemplateURLs = builder.getTrustedTemplateURLs();
- storkConfig = new STORKConfig(builder.buildSTORKSignatureCreationParameter(),builder.buildSTORKSignatureVerificationParameter(), builder.buildSTORKcPEPSMap());
+
+ //build STORK Config
+ AuthComponentGeneral authgeneral = getAuthComponentGeneral();
+ ForeignIdentities foreign = authgeneral.getForeignIdentities();
+ if (foreign == null ) {
+ Logger.warn("Error in MOA-ID Configuration. No STORK configuration found.");
+ throw new ConfigurationException("config.02", null);
+ }
+ storkconfig = new STORKConfig(foreign.getSTORK(), props);
+
+
+ //load Chaining modes
+ ChainingModes cm = moaidconfig.getChainingModes();
+ if (cm != null) {
+ defaultChainingMode = cm.getSystemDefaultMode().value();
+
+ List<TrustAnchor> tas = cm.getTrustAnchor();
+
+ chainingModes = new HashMap<IssuerAndSerial, String>();
+ for (TrustAnchor ta : tas) {
+ IssuerAndSerial is = new IssuerAndSerial(ta.getX509IssuerName(), ta.getX509SerialNumber());
+ chainingModes.put(is, ta.getMode().value());
+ }
+ } else {
+ Logger.warn("Error in MOA-ID Configuration. No ChainingMode configuration found.");
+ throw new ConfigurationException("config.02", null);
+ }
+ //set Trusted CA certs directory
+ trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates();
+
+ //set CertStoreDirectory
+ setCertStoreDirectory();
+
+ //set TrustManagerRevocationChecking
+ setTrustManagerRevocationChecking();
+
+
} catch (Throwable t) {
throw new ConfigurationException("config.02", null, t);
}
}
- /**
- * Loads the <code>transformsInfos</code> from files.
- * @throws Exception on any exception thrown
- */
-// private void loadTransformsInfos() throws Exception {
-//
-// transformsInfos = new String[transformsInfoFileNames.length];
-// for (int i = 0; i < transformsInfoFileNames.length; i++) {
-// String fileURL = transformsInfoFileNames[i];
-//
-// //if fileURL is relative to rootConfigFileDir make it absolute
-// fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir);
-// String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING);
-// transformsInfos[i] = transformsInfo;
-// }
-// }
-
-// /**
-// * Loads the <code>transformsInfos</code> from files.
-// * @throws Exception on any exception thrown
-// */
-// private String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception {
-//
-// String[] transformsInfos = new String[transformsInfoFileNames.length];
-// for (int i = 0; i < transformsInfoFileNames.length; i++) {
-// String fileURL = transformsInfoFileNames[i];
-//
-// //if fileURL is relative to rootConfigFileDir make it absolute
-// fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir);
-// String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING);
-// transformsInfos[i] = transformsInfo;
-// }
-// return transformsInfos;
-// }
-
-
- /**
- * Return a string array with all filenames leading
- * to the Transforms Information for the Security Layer
- * @return String[] of filenames to the Security Layer Transforms Information
- */
- //TODO: only for testing
-// public String[] getTransformsInfoFileNames() {
-// return transformsInfoFileNames;
-// }
+ public TimeOuts getTimeOuts() throws ConfigurationException {
+ AuthComponentGeneral auth = getAuthComponentGeneral();
+
+ if (auth.getGeneralConfiguration() != null)
+ return auth.getGeneralConfiguration().getTimeOuts();
+ else {
+ Logger.warn("Error in MOA-ID Configuration. No TimeOuts defined.");
+ throw new ConfigurationException("config.02", null);
+ }
+ }
- /**
- * Build an array of the OnlineApplication Parameters containing information
- * about the authentication component
- * @return An OAProxyParameter array containing beans
- * with all relevant information for theauthentication component of the online
- * application
- */
- public OAAuthParameter[] getOnlineApplicationParameters() {
- return onlineApplicationAuthParameters;
+ public String getAlternativeSourceID() throws ConfigurationException {
+ AuthComponentGeneral auth = getAuthComponentGeneral();
+
+ if (auth.getGeneralConfiguration() != null)
+ return auth.getGeneralConfiguration().getAlternativeSourceID();
+ else {
+ Logger.warn("Error in MOA-ID Configuration. No AlternativeSourceID defined.");
+ throw new ConfigurationException("config.02", null);
+ }
}
+
+ public List<String> getLegacyAllowedProtocols() {
+ try {
+ AuthComponentGeneral auth = getAuthComponentGeneral();
+ Protocols procols = auth.getProtocols();
+ LegacyAllowed legacy = procols.getLegacyAllowed();
+ return legacy.getProtocolName();
+
+ } catch (Exception e) {
+ Logger.info("No protocols found with legacy allowed flag!");
+ return new ArrayList<String>();
+ }
+
+ }
+
/**
* Provides configuration information regarding the online application behind
@@ -478,15 +428,14 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
*/
public OAAuthParameter getOnlineApplicationParameter(String oaURL) {
-// return ConfigurationDBUtils.getOnlineApplication(oaURL);
+ OnlineApplication oa = ConfigurationDBRead.getOnlineApplication(oaURL);
- OAAuthParameter[] oaParams = getOnlineApplicationParameters();
- for (int i = 0; i < oaParams.length; i++) {
- OAAuthParameter oaParam = oaParams[i];
- if (oaURL.indexOf(oaParam.getPublicURLPrefix()) == 0)
- return oaParam;
- }
- return null;
+ if (oa == null) {
+ Logger.warn("Online application with identifier " + oaURL + " is not found.");
+ return null;
+ }
+
+ return new OAAuthParameter(oa);
}
@@ -495,9 +444,19 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
* profile id within the moa-sp part of the authentication component
*
* @return String with a url-reference to the VerifyAuthBlock trust profile ID
+ * @throws ConfigurationException
*/
- public String getMoaSpAuthBlockTrustProfileID() {
- return moaSpAuthBlockTrustProfileID;
+ public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException {
+ AuthComponentGeneral auth = getAuthComponentGeneral();
+ MOASP moasp = getMOASPConfig(auth);
+ VerifyAuthBlock verifyidl = moasp.getVerifyAuthBlock();
+
+ if (verifyidl != null)
+ return verifyidl.getTrustProfileID();
+
+ Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation.");
+ throw new ConfigurationException("config.02", null);
+
}
/**
@@ -505,119 +464,207 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
* IDs within the moa-sp part of the authentication component
* @return A string array containing all urls to the
* verify transform info IDs
+ * @throws ConfigurationException
*/
- public String[] getMoaSpAuthBlockVerifyTransformsInfoIDs() {
- return moaSpAuthBlockVerifyTransformsInfoIDs;
+ public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException {
+
+ AuthComponentGeneral auth = getAuthComponentGeneral();
+ MOASP moasp = getMOASPConfig(auth);
+ VerifyAuthBlock verifyidl = moasp.getVerifyAuthBlock();
+
+ if (verifyidl != null)
+ return verifyidl.getVerifyTransformsInfoProfileID();
+
+ Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation.");
+ throw new ConfigurationException("config.02", null);
}
/**
* Return a ConnectionParameter bean containing all information
* of the authentication component moa-sp element
* @return ConnectionParameter of the authentication component moa-sp element
+ * @throws ConfigurationException
*/
- public ConnectionParameter getMoaSpConnectionParameter() {
- return moaSpConnectionParameter;
+ public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException {
+
+ AuthComponentGeneral authgeneral = getAuthComponentGeneral();
+ MOASP moasp = getMOASPConfig(authgeneral);
+
+ if (moasp.getConnectionParameter() != null)
+ return new ConnectionParameterMOASP(moasp.getConnectionParameter(), props, this.rootConfigFileDir);
+ else
+ return null;
}
/**
* Return a ConnectionParameter bean containing all information
* of the authentication component foreigid element
* @return ConnectionParameter of the authentication component foreignid element
+ * @throws ConfigurationException
*/
- public ConnectionParameter getForeignIDConnectionParameter() {
- return foreignIDConnectionParameter;
+ public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException {
+
+ AuthComponentGeneral authgeneral = getAuthComponentGeneral();
+ ForeignIdentities foreign = authgeneral.getForeignIdentities();
+
+ if (foreign != null) {
+ return new ConnectionParameterForeign(foreign.getConnectionParameter(), props, this.rootConfigFileDir);
+ }
+ Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to SZRGW Service found");
+ throw new ConfigurationException("config.02", null);
}
/**
* Return a ConnectionParameter bean containing all information
* of the authentication component OnlineMandates element
* @return ConnectionParameter of the authentication component OnlineMandates element
+ * @throws ConfigurationException
*/
- public ConnectionParameter getOnlineMandatesConnectionParameter() {
- return onlineMandatesConnectionParameter;
+ public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException {
+
+ AuthComponentGeneral authgeneral = getAuthComponentGeneral();
+ OnlineMandates ovs = authgeneral.getOnlineMandates();
+
+ if (ovs != null) {
+ return new ConnectionParameterMandate(ovs.getConnectionParameter(), props, this.rootConfigFileDir);
+ }
+ Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to OVS Service found");
+ throw new ConfigurationException("config.02", null);
}
/**
* Return a string with a url-reference to the VerifyIdentityLink trust
* profile id within the moa-sp part of the authentication component
* @return String with a url-reference to the VerifyIdentityLink trust profile ID
+ * @throws ConfigurationException
*/
- public String getMoaSpIdentityLinkTrustProfileID() {
- return moaSpIdentityLinkTrustProfileID;
+ public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException {
+ AuthComponentGeneral auth = getAuthComponentGeneral();
+ MOASP moasp = getMOASPConfig(auth);
+ VerifyIdentityLink verifyidl = moasp.getVerifyIdentityLink();
+
+ if (verifyidl != null)
+ return verifyidl.getTrustProfileID();
+
+ Logger.warn("Error in MOA-ID Configuration. No Trustprofile for IdentityLink validation.");
+ throw new ConfigurationException("config.02", null);
}
+
/**
* Returns the transformsInfos.
* @return String[]
+ * @throws ConfigurationException
*/
- public String[] getTransformsInfos() {
- return transformsInfos;
+ public List<String> getTransformsInfos() throws ConfigurationException {
+
+ AuthComponentGeneral authgeneral = getAuthComponentGeneral();
+
+ SecurityLayer seclayer = authgeneral.getSecurityLayer();
+ if (seclayer == null) {
+ Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found");
+ throw new ConfigurationException("config.02", null);
+ }
+
+ return ConfigurationUtils.getTransformInfos(seclayer.getTransformsInfo());
}
/**
* Returns the identityLinkX509SubjectNames.
* @return List
+ * @throws ConfigurationException
*/
- public List getIdentityLinkX509SubjectNames() {
- return identityLinkX509SubjectNames;
+ public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException {
+
+ AuthComponentGeneral auth = getAuthComponentGeneral();
+ IdentityLinkSigners idlsigners = auth.getIdentityLinkSigners();
+
+ if (idlsigners != null) {
+ return idlsigners.getX509SubjectName();
+
+ }
+
+ Logger.warn("Warning in MOA-ID Configuration. No IdenitiyLink signer found.");
+ return new ArrayList<String>();
}
- /**
- * Returns the trustBKUs.
- * @return List
- */
- public List getTrustedBKUs() {
- return this.trustedBKUs;
- }
-
- /**
- * Returns the trustedTemplateURLs.
- * @return List
- */
- public List getTrustedTemplateURLs() {
- return this.trustedTemplateURLs;
- }
-
- /**
- * Returns the bKUConnectionParameter.
- * @return ConnectionParameter
- */
- public ConnectionParameter getBKUConnectionParameter() {
- return bKUConnectionParameter;
- }
-
- /**
- * Returns the bKUSelectable.
- * @return boolean
- */
- public boolean isBKUSelectable() {
- return bKUSelectable;
- }
-
- /**
- * Returns the bKUSelectionType.
- * @return String
- */
- public String getBKUSelectionType() {
- return bKUSelectionType;
+ public List<String> getSLRequestTemplates() throws ConfigurationException {
+ SLRequestTemplates templ = moaidconfig.getSLRequestTemplates();
+ List<String> list = new ArrayList<String>();
+
+ if (templ == null) {
+ Logger.warn("Error in MOA-ID Configuration. No SLRequestTemplates found");
+ throw new ConfigurationException("config.02", null);
+ }
+ list.add(templ.getOnlineBKU());
+ list.add(templ.getHandyBKU());
+ list.add(templ.getLocalBKU());
+ return list;
}
-
- /**
- * Returns the defaultVerifyInfoboxParameters.
- *
- * @return The defaultVerifyInfoboxParameters.
- */
- public VerifyInfoboxParameters getDefaultVerifyInfoboxParameters() {
- return defaultVerifyInfoboxParameters;
+
+ public String getSLRequestTemplates(String type) throws ConfigurationException {
+ SLRequestTemplates templ = moaidconfig.getSLRequestTemplates();
+ if (templ != null) {
+ if (type.equals(OAAuthParameter.ONLINEBKU))
+ return templ.getOnlineBKU();
+ else if (type.equals(OAAuthParameter.HANDYBKU))
+ return templ.getHandyBKU();
+ else if (type.equals(OAAuthParameter.LOCALBKU))
+ return templ.getLocalBKU();
+
+ }
+ Logger.warn("getSLRequestTemplates: BKU Type does not match: "
+ + OAAuthParameter.ONLINEBKU + " or " + OAAuthParameter.HANDYBKU + " or " + OAAuthParameter.LOCALBKU);
+ return null;
}
-
+
/**
* Retruns the STORK Configuration
* @return STORK Configuration
+ * @throws ConfigurationException
*/
- public STORKConfig getStorkConfig() {
- return storkConfig;
+ public STORKConfig getStorkConfig() throws ConfigurationException {
+
+ return storkconfig;
}
+
+ private void setCertStoreDirectory() throws ConfigurationException {
+ AuthComponentGeneral auth = getAuthComponentGeneral();
+
+ if (auth.getGeneralConfiguration() != null)
+ certstoreDirectory = rootConfigFileDir + auth.getGeneralConfiguration().getCertStoreDirectory();
+ else {
+ Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined.");
+ throw new ConfigurationException("config.02", null);
+ }
+ }
+
+ private void setTrustManagerRevocationChecking() throws ConfigurationException {
+ AuthComponentGeneral auth = getAuthComponentGeneral();
+ if (auth.getGeneralConfiguration() != null)
+ trustmanagerrevoationchecking = auth.getGeneralConfiguration().isTrustManagerRevocationChecking();
+ else {
+ Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined.");
+ throw new ConfigurationException("config.02", null);
+ }
+ }
+ private AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException {
+ AuthComponentGeneral authgeneral = moaidconfig.getAuthComponentGeneral();
+ if (authgeneral == null) {
+ Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found");
+ throw new ConfigurationException("config.02", null);
+ }
+ return authgeneral;
+ }
+ private MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException {
+ MOASP moasp = authgeneral.getMOASP();
+
+ if (moasp == null) {
+ Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found");
+ throw new ConfigurationException("config.02", null);
+ }
+ return moasp;
+ }
} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 7c174de77..32c609e81 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -25,10 +25,21 @@
package at.gv.egovernment.moa.id.config.auth;
import java.util.ArrayList;
+import java.util.List;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-
+import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
+import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
+import at.gv.egovernment.moa.id.config.ConfigurationUtils;
import at.gv.egovernment.moa.id.config.OAParameter;
+import at.gv.egovernment.moa.logging.Logger;
import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
import eu.stork.vidp.messages.common.STORKConstants;
import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
@@ -47,88 +58,20 @@ import eu.stork.vidp.messages.stork.RequestedAttributes;
* @author Harald Bratko
*/
public class OAAuthParameter extends OAParameter {
- /**
- * Sercurity Layer version
- */
- private String slVersion;
- /**
- * true, if the Security Layer version is version 1.2, otherwise false
- */
- private boolean slVersion12;
- /**
- * identityLinkDomainIdentifier
- * (e.g <code>urn:publicid:gv.at+wbpk+FN468i</code> for a "Firmenbuchnummer")
- * <br>
- * only used within a business application context for providing it to the
- * security layer as input for wbPK computation
- */
- private String identityLinkDomainIdentifier;
- /**
- * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair)
- */
- private String keyBoxIdentifier;
- /**
- * transformations for rendering in the secure viewer of the security layer
- * implementation; multiple transformation can be given for different mime types
- */
- private String[] transformsInfos;
- /**
- * determines whether "Stammzahl" is to be included in the authentication data
- */
- private boolean provideStammzahl;
- /**
- * determines whether AUTH block is to be included in the authentication data
- */
- private boolean provideAuthBlock;
- /**
- * determines whether identity link is to be included in the authentication data
- */
- private boolean provideIdentityLink;
- /**
- * determines whether the certificate is to be included in the authentication data
- */
- private boolean provideCertificate;
- /**
- * determines whether the full mandator data (i.e. the mandate) is to be included in the authentication data
- */
- private boolean provideFullMandatorData;
-
- /** determines wheter the IssueInstant of the SAML assertion is in UTC or not*/
- private boolean useUTC;
-
- /** determines wheter a saml:Condition is added to the SAML assertion or not */
- private boolean useCondition;
-
- /** determines the validity time of the SAML assertion (if useCondition is true) in seconds */
- private int conditionLength;
- /**
- * url to a template for web page "Auswahl der B&uuml;rgerkartenumgebung"
- */
- private String bkuSelectionTemplateURL;
- /**
- * template for web page "Anmeldung mit B&uuml;rgerkarte"
- */
- private String templateURL;
- /**
- * template for web page "Signatur der Anmeldedaten"
- */
- private String inputProcessorSignTemplateURL;
- /**
- * Parameters for verifying infoboxes.
- */
- private VerifyInfoboxParameters verifyInfoboxParameters;
-
- /**
- * Parameter for Mandate profiles
- */
- private String mandateProfiles;
-
- /**
- *
- * Type for authentication number (e.g. Firmenbuchnummer)
- */
- private String identityLinkDomainIdentifierType;
+ public static final String ONLINEBKU = "online";
+ public static final String HANDYBKU = "handy";
+ public static final String LOCALBKU = "local";
+
+ private AuthComponentOA oa_auth;
+
+ public OAAuthParameter(OnlineApplication oa) {
+ super(oa);
+
+ this.oa_auth = oa.getAuthComponentOA();
+
+ this.keyBoxIdentifier = oa.getKeyBoxIdentifier().value();
+}
/**
* STORK QAA Level, Default = 4
@@ -144,359 +87,205 @@ public class OAAuthParameter extends OAParameter {
STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null),
STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null),
STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null));
-
-
-/**
- * Returns <code>true</code> if the Security Layer version is version 1.2,
- * otherwise <code>false</code>.
- * @return <code>true</code> if the Security Layer version is version 1.2,
- * otherwise <code>false</code>
- */
- public boolean getSlVersion12() {
- return slVersion12;
- }
-
- /**
- * Returns the security layer version.
- * @return the security layer version.
- */
- public String getSlVersion() {
- return slVersion;
- }
-
- /**
- * Returns the identityLinkDomainIdentifier.
- * @return the identityLinkDomainIdentifier.
- */
- public String getIdentityLinkDomainIdentifier() {
- return identityLinkDomainIdentifier;
- }
-
- /**
- * Returns the transformsInfos.
- * @return the transformsInfos.
- */
- public String[] getTransformsInfos() {
- return transformsInfos;
- }
-
- /**
- * Returns the provideAuthBlock.
- * @return String
- */
- public boolean getProvideAuthBlock() {
- return provideAuthBlock;
- }
-
- /**
- * Returns the provideIdentityLink.
- * @return String
- */
- public boolean getProvideIdentityLink() {
- return provideIdentityLink;
- }
- /**
- * Returns the provideStammzahl.
- * @return String
- */
- public boolean getProvideStammzahl() {
- return provideStammzahl;
- }
-
- /**
- * Returns <code>true</code> if the certificate should be provided within the
- * authentication data, otherwise <code>false</code>.
- * @return <code>true</code> if the certificate should be provided,
- * otherwise <code>false</code>
- */
- public boolean getProvideCertifcate() {
- return provideCertificate;
- }
-
- /**
- * Returns <code>true</code> if the full mandator data should be provided within the
- * authentication data, otherwise <code>false</code>.
- * @return <code>true</code> if the full mandator data should be provided,
- * otherwise <code>false</code>
- */
- public boolean getProvideFullMandatorData() {
- return provideFullMandatorData;
- }
-
- /**
- * Returns <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>.
- * @return <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>.
- */
- public boolean getUseUTC() {
- return useUTC;
- }
-
- /**
- * Returns <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>.
- * @return <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>.
- */
- public boolean getUseCondition() {
- return useCondition;
- }
-
- /**
- * Returns the validity time of the SAML assertion (if useCondition is true) in seconds
- * @return the validity time of the SAML assertion (if useCondition is true) in seconds
- */
- public int getConditionLength() {
- return conditionLength;
- }
+ private String keyBoxIdentifier;
-
/**
- * Returns the key box identifier.
- * @return String
- */
- public String getKeyBoxIdentifier() {
- return keyBoxIdentifier;
- }
-
- /**
- * Returns the BkuSelectionTemplate url.
- * @return The BkuSelectionTemplate url or <code>null</code> if no url for
- * a BkuSelectionTemplate is set.
- */
- public String getBkuSelectionTemplateURL() {
- return bkuSelectionTemplateURL;
- }
-
- /**
- * Returns the TemplateURL url.
- * @return The TemplateURL url or <code>null</code> if no url for
- * a Template is set.
- */
- public String getTemplateURL() {
- return templateURL;
- }
-
-
- /**
- * Returns the inputProcessorSignTemplateURL url.
- * @return The inputProcessorSignTemplateURL url or <code>null</code> if no url for
- * a input processor sign template is set.
- */
- public String getInputProcessorSignTemplateURL() {
- return inputProcessorSignTemplateURL;
- }
-
- /**
- * Returns the parameters for verifying additional infoboxes.
- *
- * @return The parameters for verifying additional infoboxes.
- * Maybe <code>null</code>.
- */
- public VerifyInfoboxParameters getVerifyInfoboxParameters() {
- return verifyInfoboxParameters;
- }
-
- /**
- * Sets the security layer version.
- * Also sets <code>slVersion12</code> ({@link #getSlVersion12()})
- * to <code>true</code> if the Security Layer version is 1.2.
- * @param slVersion The security layer version to be used.
- */
- public void setSlVersion(String slVersion) {
- this.slVersion = slVersion;
- if ("1.2".equals(slVersion)) {
- this.slVersion12 = true;
- }
- }
- /**
- * Sets the IdentityLinkDomainIdentifier.
- * @param identityLinkDomainIdentifier The IdentityLinkDomainIdentifiern number of the online application.
- */
- public void setIdentityLinkDomainIdentifier(String identityLinkDomainIdentifier) {
- this.identityLinkDomainIdentifier = identityLinkDomainIdentifier;
- }
- /**
- * Sets the transformsInfos.
- * @param transformsInfos The transformsInfos to be used.
- */
- public void setTransformsInfos(String[] transformsInfos) {
- this.transformsInfos = transformsInfos;
- }
-
+ * @return the slVersion
+ */
+public String getSlVersion() {
+ return oa_auth.getSlVersion();
+}
/**
- * Sets the provideAuthBlock.
- * @param provideAuthBlock The provideAuthBlock to set
- */
- public void setProvideAuthBlock(boolean provideAuthBlock) {
- this.provideAuthBlock = provideAuthBlock;
- }
+ * @return the slVersion12
+ */
+public boolean isSlVersion12() {
+ if ("1.2".equals(oa_auth.getSlVersion()))
+ return true;
+ else
+ return false;
+ }
- /**
- * Sets the provideIdentityLink.
- * @param provideIdentityLink The provideIdentityLink to set
- */
- public void setProvideIdentityLink(boolean provideIdentityLink) {
- this.provideIdentityLink = provideIdentityLink;
- }
+public boolean getUseUTC() {
+ return oa_auth.isUseUTC();
+}
- /**
- * Sets the provideStammzahl.
- * @param provideStammzahl The provideStammzahl to set
- */
- public void setProvideStammzahl(boolean provideStammzahl) {
- this.provideStammzahl = provideStammzahl;
- }
-
- /**
- * Sets the provideCertificate variable.
- * @param provideCertificate The provideCertificate value to set
- */
- public void setProvideCertificate(boolean provideCertificate) {
- this.provideCertificate = provideCertificate;
- }
-
- /**
- * Sets the provideFullMandatorData variable.
- * @param provideFullMandatorData The provideFullMandatorData value to set
- */
- public void setProvideFullMandatorData(boolean provideFullMandatorData) {
- this.provideFullMandatorData = provideFullMandatorData;
- }
-
- /**
- * Sets the useUTC variable.
- * @param useUTC The useUTC value to set
- */
- public void setUseUTC(boolean useUTC) {
- this.useUTC = useUTC;
- }
-
- /**
- * Sets the useCondition variable
- * @param useCondition The useCondition value to set
- */
- public void setUseCondition(boolean useCondition) {
- this.useCondition = useCondition;
- }
-
- /**
- * Sets the conditionLength variable
- * @param conditionLength the conditionLength value to set
- */
- public void setConditionLength(int conditionLength) {
- this.conditionLength = conditionLength;
- }
-
+public boolean useIFrame() {
+ return oa_auth.isUseIFrame();
+}
- /**
- * Sets the key box identifier.
- * @param keyBoxIdentifier to set
- */
- public void setKeyBoxIdentier(String keyBoxIdentifier) {
- this.keyBoxIdentifier = keyBoxIdentifier;
- }
-
- /**
- * Sets the BkuSelectionTemplate url.
- * @param bkuSelectionTemplateURL The url string specifying the location
- * of a BkuSelectionTemplate.
- */
- public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) {
- this.bkuSelectionTemplateURL = bkuSelectionTemplateURL;
- }
-
- /**
- * Sets the Template url.
- * @param templateURL The url string specifying the location
- * of a Template.
- */
- public void setTemplateURL(String templateURL) {
- this.templateURL = templateURL;
- }
-
- /**
- * Sets the input processor sign form template url.
- *
- * @param inputProcessorSignTemplateURL The url string specifying the
- * location of the input processor sign form
- */
- public void setInputProcessorSignTemplateURL(String inputProcessorSignTemplateURL) {
- this.inputProcessorSignTemplateURL = inputProcessorSignTemplateURL;
- }
+/**
+ * @return the identityLinkDomainIdentifier
+ */
+public String getIdentityLinkDomainIdentifier() {
+
+ IdentificationNumber idnumber = oa_auth.getIdentificationNumber();
+ if (idnumber != null)
+ return idnumber.getValue();
+
+ return null;
+}
- /**
- * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes.
- *
- * @param verifyInfoboxParameters The verifyInfoboxParameters to set.
- */
- public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) {
- this.verifyInfoboxParameters = verifyInfoboxParameters;
- }
-
- /**
- * Gets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
- * @return IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
- */
- public String getIdentityLinkDomainIdentifierType() {
- return identityLinkDomainIdentifierType;
- }
+/**
+ * @return the keyBoxIdentifier
+ */
+public String getKeyBoxIdentifier() {
+
+ return keyBoxIdentifier;
+}
- /**
- * Sets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
- * @param identityLinkDomainIdentifierType The IdentityLinkDomainIdentifier to set (e.g. Firmenbuchnummer)
- */
- public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) {
- this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType;
- }
-
- /**
- * Sets the Mandate/Profiles
- * @param profiles
- */
- public void setMandateProfiles(String profiles) {
- this.mandateProfiles = profiles;
- }
-
- /**
- * Returns the Mandates/Profiles
- * @return
- */
- public String getMandateProfiles() {
- return this.mandateProfiles;
- }
+/**
+ * @return the transformsInfos
+ */
+public List<String> getTransformsInfos() {
+
+ List<TransformsInfoType> transformations = oa_auth.getTransformsInfo();
+ return ConfigurationUtils.getTransformInfos(transformations);
+}
- /**
- * Returns the defined STORK QAALevel
- * @return STORK QAALevel
- */
- public QualityAuthenticationAssuranceLevel getQaaLevel() {
- return qaaLevel;
+ public OASAML1 getSAML1Parameter() {
+ return oa_auth.getOASAML1();
}
+ public OAPVP2 getPVP2Parameter() {
+ return oa_auth.getOAPVP2();
+ }
+
+///**
+// * @return the bkuSelectionTemplateURL
+// */
+//public String getBkuSelectionTemplateURL() {
+// return bkuSelectionTemplateURL;
+//}
+
/**
- * Sets the STORK QAALevel
- * @param qaaLevel
+ * @return the templateURL
*/
- public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) {
- this.qaaLevel = qaaLevel;
+ public String getTemplateURL() {
+ TemplatesType templates = oa_auth.getTemplates();
+
+ if (templates != null) {
+ if (templates.getTemplate() != null)
+ return templates.getTemplate().getURL();
+ }
+ return null;
}
- /**
- * Returns the desired STORK Requested Attributes
- * @return STORK Requested Attributes
- */
- public RequestedAttributes getRequestedAttributes() {
- return requestedAttributes;
+ public String getAditionalAuthBlockText() {
+ TemplatesType templates = oa_auth.getTemplates();
+
+ if (templates != null) {
+ return templates.getAditionalAuthBlockText();
+ }
+ return null;
}
- /**
- * Sets the desired STORK Requested Attributes
- * @param requestedAttributes
- */
- public void setRequestedAttributes(RequestedAttributes requestedAttributes) {
- this.requestedAttributes = requestedAttributes;
+ public String getBKUURL(String bkutype) {
+ BKUURLS bkuurls = oa_auth.getBKUURLS();
+ if (bkuurls != null) {
+ if (bkutype.equals(ONLINEBKU))
+ return bkuurls.getOnlineBKU();
+ else if (bkutype.equals(HANDYBKU))
+ return bkuurls.getHandyBKU();
+ else if (bkutype.equals(LOCALBKU))
+ return bkuurls.getLocalBKU();
+
+ }
+ Logger.warn("BKU Type does not match: "
+ + ONLINEBKU + " or " + HANDYBKU + " or " + LOCALBKU);
+ return null;
+ }
+
+ public List<String> getBKUURL() {
+ BKUURLS bkuurls = oa_auth.getBKUURLS();
+
+ List<String> list = new ArrayList<String>();
+
+ if (bkuurls == null) {
+ Logger.warn("BKU Type does not match: "
+ + ONLINEBKU + " or " + HANDYBKU + " or " + LOCALBKU);
+ } else {
+ list.add(bkuurls.getOnlineBKU());
+ list.add(bkuurls.getHandyBKU());
+ list.add(bkuurls.getLocalBKU());
+ }
+ return list;
}
+
+
+ public boolean useSSO() {
+ OASSO sso = oa_auth.getOASSO();
+ if (sso != null)
+ return sso.isUseSSO();
+ else
+ return false;
+ }
+
+ public String getSingleLogOutURL() {
+ OASSO sso = oa_auth.getOASSO();
+ if (sso != null)
+ return sso.getSingleLogOutURL();
+ else
+ return null;
+ }
+
+///**
+// * @return the inputProcessorSignTemplateURL
+// */
+//public String getInputProcessorSignTemplateURL() {
+// return inputProcessorSignTemplateURL;
+//}
+
+///**
+// * @return the verifyInfoboxParameters
+// */
+//public VerifyInfoboxParameters getVerifyInfoboxParameters() {
+// return verifyInfoboxParameters;
+//}
+
+/**
+ * @return the mandateProfiles
+ */
+public String getMandateProfiles() {
+
+ Mandates mandates = oa_auth.getMandates();
+
+ if (mandates != null)
+ return mandates.getProfiles();
+ else
+ return null;
+}
+
+/**
+ * @return the identityLinkDomainIdentifierType
+ */
+public String getIdentityLinkDomainIdentifierType() {
+ IdentificationNumber idnumber = oa_auth.getIdentificationNumber();
+ if (idnumber != null)
+ return idnumber.getType();
+
+ return null;
+}
+
+/**
+ * @return the qaaLevel
+ */
+public QualityAuthenticationAssuranceLevel getQaaLevel() {
+ return qaaLevel;
+}
+
+/**
+ * @return the requestedAttributes
+ */
+public RequestedAttributes getRequestedAttributes() {
+ return requestedAttributes;
+}
+
+
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
index 62f85fa3c..1536b907b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
@@ -18,6 +18,9 @@ import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.xml.XMLObject;
import org.w3c.dom.Element;
+import eu.stork.vidp.messages.util.SAMLUtil;
+import eu.stork.vidp.messages.util.XMLUtil;
+
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral;
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS;
@@ -62,18 +65,14 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor;
import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock;
import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink;
-import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
-import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+
import at.gv.egovernment.moa.id.data.IssuerAndSerial;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
public class BuildFromLegacyConfig {
@@ -200,8 +199,9 @@ public class BuildFromLegacyConfig {
for (String transformInfo : transformsInfos) {
TransformsInfoType transforminfotype = new TransformsInfoType();
transforminfotype.setFilename("");
+
//TODO: Transformation is stored in BASE64
- transforminfotype.setTransformation(Base64Utils.encode(transformInfo.getBytes()).getBytes());
+ transforminfotype.setTransformation(Base64Utils.encode(transformInfo.getBytes("UTF-8")).getBytes("UTF-8"));
auth_transformInfos.add(transforminfotype);
}
SecurityLayer auth_securityLayer = new SecurityLayer();
@@ -271,31 +271,22 @@ public class BuildFromLegacyConfig {
auth_foreign.setSTORK(auth_foreign_stork);
//set CPEPS
- Map<String, at.gv.egovernment.moa.id.config.stork.CPEPS> map = storkConfig.getCpepsMap();
+ Map<String, at.gv.egovernment.moa.id.config.legacy.CPEPS> map = storkConfig.getCpepsMap();
Set<String> map_keys = map.keySet();
- List<CPEPS> auth_foreign_stork_cpeps = new ArrayList<CPEPS>();
+ List<CPEPS> auth_foreign_stork_cpeps = new ArrayList<CPEPS>();
for (String key : map_keys) {
CPEPS cpep = new CPEPS();
cpep.setCountryCode(map.get(key).getCountryCode());
cpep.setURL(map.get(key).getPepsURL().toExternalForm()); //check correctness!!!!
- List<RequestedAttributeType> cpep_reqs = new ArrayList<RequestedAttributeType>();
+ List<String> cpep_reqs = new ArrayList<String>();
+
List<RequestedAttribute> map1 = map.get(key).getCountrySpecificRequestedAttributes();
for (RequestedAttribute e1 : map1) {
- RequestedAttributeType cpep_req = new RequestedAttributeType();
- cpep_req.setIsRequired(e1.isRequired());
- cpep_req.setFriendlyName(e1.getFriendlyName());
- cpep_req.setNameFormat(e1.getNameFormat());
- cpep_req.setName(e1.getName());
-
- List<XMLObject> e2s = e1.getAttributeValues();
- List<Object> cpep_req_attr = new ArrayList<Object>();
- for (XMLObject e2 : e2s) {
- cpep_req_attr.add(e2);
- }
- cpep_req.setAttributeValue(cpep_req_attr);
+ Element element = SAMLUtil.marshallMessage(e1);
+ cpep_reqs.add(XMLUtil.printXML(element));
}
- cpep.setRequestedAttribute(cpep_reqs);
+ cpep.setAttributeValue(cpep_reqs);
auth_foreign_stork_cpeps.add(cpep);
}
auth_foreign_stork.setCPEPS(auth_foreign_stork_cpeps);
@@ -358,6 +349,7 @@ public class BuildFromLegacyConfig {
//SLLayer Version / useIframe
oa_auth.setSlVersion(oa.getSlVersion());
oa_auth.setUseIFrame(false);
+ oa_auth.setUseUTC(oa.getUseUTC());
//BKUURLs
@@ -417,7 +409,6 @@ public class BuildFromLegacyConfig {
oa_saml1.setProvideIdentityLink(oa.getProvideIdentityLink());
oa_saml1.setProvideStammzahl(oa.getProvideStammzahl());
oa_saml1.setUseCondition(oa.getUseCondition());
- oa_saml1.setUseUTC(oa.getUseUTC());
//OA_PVP2
OAPVP2 oa_pvp2 = new OAPVP2();
@@ -494,11 +485,13 @@ public class BuildFromLegacyConfig {
ConnectionParameter old) {
ConnectionParameterClientAuthType auth_moaSP_connection = new ConnectionParameterClientAuthType();
auth_moaSP_connection.setURL(old.getUrl());
- auth_moaSP_connection.setAcceptedServerCertificates(old.getAcceptedServerCertificates());
- ClientKeyStore auth_moaSP_connection_keyStore = new ClientKeyStore();
- auth_moaSP_connection_keyStore.setValue(old.getClientKeyStore());
- auth_moaSP_connection_keyStore.setPassword(old.getClientKeyStorePassword());
- auth_moaSP_connection.setClientKeyStore(auth_moaSP_connection_keyStore);
+
+ //TODO: remove from Database config!!!!!
+// auth_moaSP_connection.setAcceptedServerCertificates(old.getAcceptedServerCertificates());
+// ClientKeyStore auth_moaSP_connection_keyStore = new ClientKeyStore();
+// auth_moaSP_connection_keyStore.setValue(old.getClientKeyStore());
+// auth_moaSP_connection_keyStore.setPassword(old.getClientKeyStorePassword());
+// auth_moaSP_connection.setClientKeyStore(auth_moaSP_connection_keyStore);
return auth_moaSP_connection;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java
new file mode 100644
index 000000000..c191d7b2b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java
@@ -0,0 +1,98 @@
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.config.legacy;
+
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
+/**
+ * Encpasulates C-PEPS information according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class CPEPS {
+
+ /** Country Code of C-PEPS */
+ private String countryCode;
+
+ /** URL of C-PEPS */
+ private URL pepsURL;
+
+ /** Specific attributes to be requested for this C-PEPS */
+ private List<RequestedAttribute> countrySpecificRequestedAttributes = new ArrayList<RequestedAttribute>();
+
+ /**
+ * Constructs a C-PEPS
+ * @param countryCode ISO Country Code of C-PEPS
+ * @param pepsURL URL of C-PEPS
+ */
+ public CPEPS(String countryCode, URL pepsURL) {
+ super();
+ this.countryCode = countryCode;
+ this.pepsURL = pepsURL;
+ }
+
+ /**
+ * Gets the country code of this C-PEPS
+ * @return ISO country code
+ */
+ public String getCountryCode() {
+ return countryCode;
+ }
+
+ /**
+ * Sets the country code of this C-PEPS
+ * @param countryCode ISO country code
+ */
+ public void setCountryCode(String countryCode) {
+ this.countryCode = countryCode;
+ }
+
+ /**
+ * Gets the URL of this C-PEPS
+ * @return C-PEPS URL
+ */
+ public URL getPepsURL() {
+ return pepsURL;
+ }
+
+ /**
+ * Sets the C-PEPS URL
+ * @param pepsURL C-PEPS URL
+ */
+ public void setPepsURL(URL pepsURL) {
+ this.pepsURL = pepsURL;
+ }
+
+ /**
+ * Gets the country specific attributes of this C-PEPS
+ * @return List of country specific attributes
+ */
+ public List<RequestedAttribute> getCountrySpecificRequestedAttributes() {
+ return countrySpecificRequestedAttributes;
+ }
+
+ /**
+ * Sets the country specific attributes
+ * @param countrySpecificRequestedAttributes List of country specific requested attributes
+ */
+ public void setCountrySpecificRequestedAttributes(
+ List<RequestedAttribute> countrySpecificRequestedAttributes) {
+ this.countrySpecificRequestedAttributes = countrySpecificRequestedAttributes;
+ }
+
+ /**
+ * Adds a Requested attribute to the country specific attribute List
+ * @param countrySpecificRequestedAttribute Additional country specific requested attribute to add
+ */
+ public void addCountrySpecificRequestedAttribute(RequestedAttribute countrySpecificRequestedAttribute) {
+ this.countrySpecificRequestedAttributes.add(countrySpecificRequestedAttribute);
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java
index 2f138fbfc..c2898f314 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java
@@ -22,7 +22,7 @@
*/
-package at.gv.egovernment.moa.id.config;
+package at.gv.egovernment.moa.id.config.legacy;
import iaik.pki.pathvalidation.ChainingModes;
import iaik.utils.RFC2253NameParser;
@@ -51,12 +51,13 @@ import org.w3c.dom.traversal.NodeIterator;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.Schema;
import at.gv.egovernment.moa.id.auth.data.SchemaImpl;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter;
-import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
-import at.gv.egovernment.moa.id.config.stork.CPEPS;
-import at.gv.egovernment.moa.id.config.stork.SignatureCreationParameter;
-import at.gv.egovernment.moa.id.config.stork.SignatureVerificationParameter;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.legacy.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.legacy.VerifyInfoboxParameter;
+import at.gv.egovernment.moa.id.config.legacy.VerifyInfoboxParameters;
+import at.gv.egovernment.moa.id.config.legacy.CPEPS;
+import at.gv.egovernment.moa.id.config.legacy.SignatureCreationParameter;
+import at.gv.egovernment.moa.id.config.legacy.SignatureVerificationParameter;
import at.gv.egovernment.moa.id.data.IssuerAndSerial;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
@@ -72,7 +73,6 @@ import eu.stork.vidp.messages.common.STORKConstants;
import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
import eu.stork.vidp.messages.stork.RequestedAttributes;
import eu.stork.vidp.messages.util.SAMLUtil;
-import eu.stork.vidp.messages.util.XMLUtil;
/**
* A class that builds configuration data from a DOM based representation.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java
index b1b90f40b..455fde9bf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java
@@ -22,7 +22,7 @@
*/
-package at.gv.egovernment.moa.id.config;
+package at.gv.egovernment.moa.id.config.legacy;
/**
* This bean class is used to store data for various connectionParameter
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java
new file mode 100644
index 000000000..3948522c0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java
@@ -0,0 +1,501 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.config.legacy;
+
+import java.util.ArrayList;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
+import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
+import eu.stork.vidp.messages.common.STORKConstants;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+import eu.stork.vidp.messages.stork.RequestedAttributes;
+
+/**
+ * Configuration parameters belonging to an online application,
+ * to use with the MOA ID Auth component.
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+/**
+ *
+ *
+ * @author Harald Bratko
+ */
+public class OAAuthParameter extends OAParameter {
+ /**
+ * Sercurity Layer version
+ */
+ private String slVersion;
+ /**
+ * true, if the Security Layer version is version 1.2, otherwise false
+ */
+ private boolean slVersion12;
+ /**
+ * identityLinkDomainIdentifier
+ * (e.g <code>urn:publicid:gv.at+wbpk+FN468i</code> for a "Firmenbuchnummer")
+ * <br>
+ * only used within a business application context for providing it to the
+ * security layer as input for wbPK computation
+ */
+ private String identityLinkDomainIdentifier;
+ /**
+ * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair)
+ */
+ private String keyBoxIdentifier;
+ /**
+ * transformations for rendering in the secure viewer of the security layer
+ * implementation; multiple transformation can be given for different mime types
+ */
+ private String[] transformsInfos;
+ /**
+ * determines whether "Stammzahl" is to be included in the authentication data
+ */
+ private boolean provideStammzahl;
+ /**
+ * determines whether AUTH block is to be included in the authentication data
+ */
+ private boolean provideAuthBlock;
+ /**
+ * determines whether identity link is to be included in the authentication data
+ */
+ private boolean provideIdentityLink;
+ /**
+ * determines whether the certificate is to be included in the authentication data
+ */
+ private boolean provideCertificate;
+ /**
+ * determines whether the full mandator data (i.e. the mandate) is to be included in the authentication data
+ */
+ private boolean provideFullMandatorData;
+
+ /** determines wheter the IssueInstant of the SAML assertion is in UTC or not*/
+ private boolean useUTC;
+
+ /** determines wheter a saml:Condition is added to the SAML assertion or not */
+ private boolean useCondition;
+
+ /** determines the validity time of the SAML assertion (if useCondition is true) in seconds */
+ private int conditionLength;
+ /**
+ * url to a template for web page "Auswahl der B&uuml;rgerkartenumgebung"
+ */
+ private String bkuSelectionTemplateURL;
+ /**
+ * template for web page "Anmeldung mit B&uuml;rgerkarte"
+ */
+ private String templateURL;
+
+ /**
+ * template for web page "Signatur der Anmeldedaten"
+ */
+ private String inputProcessorSignTemplateURL;
+ /**
+ * Parameters for verifying infoboxes.
+ */
+ private VerifyInfoboxParameters verifyInfoboxParameters;
+
+ /**
+ * Parameter for Mandate profiles
+ */
+ private String mandateProfiles;
+
+ /**
+ *
+ * Type for authentication number (e.g. Firmenbuchnummer)
+ */
+ private String identityLinkDomainIdentifierType;
+
+ /**
+ * STORK QAA Level, Default = 4
+ */
+ private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4);
+
+ /**
+ * STORK RequestedAttributes for Online Application
+ * Default RequestedAttributes are: eIdentifier, givenName, surname, dateOfBirth
+ */
+ private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes(
+ STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null),
+ STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null),
+ STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null),
+ STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null));
+
+
+/**
+ * Returns <code>true</code> if the Security Layer version is version 1.2,
+ * otherwise <code>false</code>.
+ * @return <code>true</code> if the Security Layer version is version 1.2,
+ * otherwise <code>false</code>
+ */
+ public boolean getSlVersion12() {
+ return slVersion12;
+ }
+
+ /**
+ * Returns the security layer version.
+ * @return the security layer version.
+ */
+ public String getSlVersion() {
+ return slVersion;
+ }
+
+ /**
+ * Returns the identityLinkDomainIdentifier.
+ * @return the identityLinkDomainIdentifier.
+ */
+ public String getIdentityLinkDomainIdentifier() {
+ return identityLinkDomainIdentifier;
+ }
+
+ /**
+ * Returns the transformsInfos.
+ * @return the transformsInfos.
+ */
+ public String[] getTransformsInfos() {
+ return transformsInfos;
+ }
+
+ /**
+ * Returns the provideAuthBlock.
+ * @return String
+ */
+ public boolean getProvideAuthBlock() {
+ return provideAuthBlock;
+ }
+
+ /**
+ * Returns the provideIdentityLink.
+ * @return String
+ */
+ public boolean getProvideIdentityLink() {
+ return provideIdentityLink;
+ }
+
+ /**
+ * Returns the provideStammzahl.
+ * @return String
+ */
+ public boolean getProvideStammzahl() {
+ return provideStammzahl;
+ }
+
+ /**
+ * Returns <code>true</code> if the certificate should be provided within the
+ * authentication data, otherwise <code>false</code>.
+ * @return <code>true</code> if the certificate should be provided,
+ * otherwise <code>false</code>
+ */
+ public boolean getProvideCertifcate() {
+ return provideCertificate;
+ }
+
+ /**
+ * Returns <code>true</code> if the full mandator data should be provided within the
+ * authentication data, otherwise <code>false</code>.
+ * @return <code>true</code> if the full mandator data should be provided,
+ * otherwise <code>false</code>
+ */
+ public boolean getProvideFullMandatorData() {
+ return provideFullMandatorData;
+ }
+
+ /**
+ * Returns <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>.
+ * @return <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>.
+ */
+ public boolean getUseUTC() {
+ return useUTC;
+ }
+
+ /**
+ * Returns <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>.
+ * @return <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>.
+ */
+ public boolean getUseCondition() {
+ return useCondition;
+ }
+
+ /**
+ * Returns the validity time of the SAML assertion (if useCondition is true) in seconds
+ * @return the validity time of the SAML assertion (if useCondition is true) in seconds
+ */
+ public int getConditionLength() {
+ return conditionLength;
+ }
+
+
+/**
+ * Returns the key box identifier.
+ * @return String
+ */
+ public String getKeyBoxIdentifier() {
+ return keyBoxIdentifier;
+ }
+
+ /**
+ * Returns the BkuSelectionTemplate url.
+ * @return The BkuSelectionTemplate url or <code>null</code> if no url for
+ * a BkuSelectionTemplate is set.
+ */
+ public String getBkuSelectionTemplateURL() {
+ return bkuSelectionTemplateURL;
+ }
+
+ /**
+ * Returns the TemplateURL url.
+ * @return The TemplateURL url or <code>null</code> if no url for
+ * a Template is set.
+ */
+ public String getTemplateURL() {
+ return templateURL;
+ }
+
+
+ /**
+ * Returns the inputProcessorSignTemplateURL url.
+ * @return The inputProcessorSignTemplateURL url or <code>null</code> if no url for
+ * a input processor sign template is set.
+ */
+ public String getInputProcessorSignTemplateURL() {
+ return inputProcessorSignTemplateURL;
+ }
+
+ /**
+ * Returns the parameters for verifying additional infoboxes.
+ *
+ * @return The parameters for verifying additional infoboxes.
+ * Maybe <code>null</code>.
+ */
+ public VerifyInfoboxParameters getVerifyInfoboxParameters() {
+ return verifyInfoboxParameters;
+ }
+
+ /**
+ * Sets the security layer version.
+ * Also sets <code>slVersion12</code> ({@link #getSlVersion12()})
+ * to <code>true</code> if the Security Layer version is 1.2.
+ * @param slVersion The security layer version to be used.
+ */
+ public void setSlVersion(String slVersion) {
+ this.slVersion = slVersion;
+ if ("1.2".equals(slVersion)) {
+ this.slVersion12 = true;
+ }
+ }
+ /**
+ * Sets the IdentityLinkDomainIdentifier.
+ * @param identityLinkDomainIdentifier The IdentityLinkDomainIdentifiern number of the online application.
+ */
+ public void setIdentityLinkDomainIdentifier(String identityLinkDomainIdentifier) {
+ this.identityLinkDomainIdentifier = identityLinkDomainIdentifier;
+ }
+ /**
+ * Sets the transformsInfos.
+ * @param transformsInfos The transformsInfos to be used.
+ */
+ public void setTransformsInfos(String[] transformsInfos) {
+ this.transformsInfos = transformsInfos;
+ }
+
+
+/**
+ * Sets the provideAuthBlock.
+ * @param provideAuthBlock The provideAuthBlock to set
+ */
+ public void setProvideAuthBlock(boolean provideAuthBlock) {
+ this.provideAuthBlock = provideAuthBlock;
+ }
+
+ /**
+ * Sets the provideIdentityLink.
+ * @param provideIdentityLink The provideIdentityLink to set
+ */
+ public void setProvideIdentityLink(boolean provideIdentityLink) {
+ this.provideIdentityLink = provideIdentityLink;
+ }
+
+ /**
+ * Sets the provideStammzahl.
+ * @param provideStammzahl The provideStammzahl to set
+ */
+ public void setProvideStammzahl(boolean provideStammzahl) {
+ this.provideStammzahl = provideStammzahl;
+ }
+
+ /**
+ * Sets the provideCertificate variable.
+ * @param provideCertificate The provideCertificate value to set
+ */
+ public void setProvideCertificate(boolean provideCertificate) {
+ this.provideCertificate = provideCertificate;
+ }
+
+ /**
+ * Sets the provideFullMandatorData variable.
+ * @param provideFullMandatorData The provideFullMandatorData value to set
+ */
+ public void setProvideFullMandatorData(boolean provideFullMandatorData) {
+ this.provideFullMandatorData = provideFullMandatorData;
+ }
+
+ /**
+ * Sets the useUTC variable.
+ * @param useUTC The useUTC value to set
+ */
+ public void setUseUTC(boolean useUTC) {
+ this.useUTC = useUTC;
+ }
+
+ /**
+ * Sets the useCondition variable
+ * @param useCondition The useCondition value to set
+ */
+ public void setUseCondition(boolean useCondition) {
+ this.useCondition = useCondition;
+ }
+
+ /**
+ * Sets the conditionLength variable
+ * @param conditionLength the conditionLength value to set
+ */
+ public void setConditionLength(int conditionLength) {
+ this.conditionLength = conditionLength;
+ }
+
+
+ /**
+ * Sets the key box identifier.
+ * @param keyBoxIdentifier to set
+ */
+ public void setKeyBoxIdentier(String keyBoxIdentifier) {
+ this.keyBoxIdentifier = keyBoxIdentifier;
+ }
+
+ /**
+ * Sets the BkuSelectionTemplate url.
+ * @param bkuSelectionTemplateURL The url string specifying the location
+ * of a BkuSelectionTemplate.
+ */
+ public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) {
+ this.bkuSelectionTemplateURL = bkuSelectionTemplateURL;
+ }
+
+ /**
+ * Sets the Template url.
+ * @param templateURL The url string specifying the location
+ * of a Template.
+ */
+ public void setTemplateURL(String templateURL) {
+ this.templateURL = templateURL;
+ }
+
+ /**
+ * Sets the input processor sign form template url.
+ *
+ * @param inputProcessorSignTemplateURL The url string specifying the
+ * location of the input processor sign form
+ */
+ public void setInputProcessorSignTemplateURL(String inputProcessorSignTemplateURL) {
+ this.inputProcessorSignTemplateURL = inputProcessorSignTemplateURL;
+ }
+
+ /**
+ * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes.
+ *
+ * @param verifyInfoboxParameters The verifyInfoboxParameters to set.
+ */
+ public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) {
+ this.verifyInfoboxParameters = verifyInfoboxParameters;
+ }
+
+ /**
+ * Gets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
+ * @return IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
+ */
+ public String getIdentityLinkDomainIdentifierType() {
+ return identityLinkDomainIdentifierType;
+ }
+
+ /**
+ * Sets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
+ * @param identityLinkDomainIdentifierType The IdentityLinkDomainIdentifier to set (e.g. Firmenbuchnummer)
+ */
+ public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) {
+ this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType;
+ }
+
+ /**
+ * Sets the Mandate/Profiles
+ * @param profiles
+ */
+ public void setMandateProfiles(String profiles) {
+ this.mandateProfiles = profiles;
+ }
+
+ /**
+ * Returns the Mandates/Profiles
+ * @return
+ */
+ public String getMandateProfiles() {
+ return this.mandateProfiles;
+ }
+
+ /**
+ * Returns the defined STORK QAALevel
+ * @return STORK QAALevel
+ */
+ public QualityAuthenticationAssuranceLevel getQaaLevel() {
+ return qaaLevel;
+ }
+
+ /**
+ * Sets the STORK QAALevel
+ * @param qaaLevel
+ */
+ public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) {
+ this.qaaLevel = qaaLevel;
+ }
+
+ /**
+ * Returns the desired STORK Requested Attributes
+ * @return STORK Requested Attributes
+ */
+ public RequestedAttributes getRequestedAttributes() {
+ return requestedAttributes;
+ }
+
+ /**
+ * Sets the desired STORK Requested Attributes
+ * @param requestedAttributes
+ */
+ public void setRequestedAttributes(RequestedAttributes requestedAttributes) {
+ this.requestedAttributes = requestedAttributes;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java
new file mode 100644
index 000000000..de449cbcf
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java
@@ -0,0 +1,164 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.config.legacy;
+
+/**
+ * Configuration parameters belonging to an online application,
+ * to be used within both, the MOA ID Auth and the
+ * MOA ID PROXY component.
+ *
+ * @author Harald Bratko
+ */
+public class OAParameter {
+
+ /**
+ * type of the online application (maybe "PublicService" or "BusinessService")
+ */
+ private String oaType;
+
+ /**
+ * specifies whether the online application is a business application or not
+ * (<code>true</code> if value of {@link #oaType} is "businessService"
+ */
+ private boolean businessService;
+
+ /**
+ * public URL prefix of the online application
+ */
+ private String publicURLPrefix;
+
+ /**
+ * specifies a human readable name of the Online Application
+ */
+ private String friendlyName;
+
+ /**
+ * specified a specific target for the Online Application (overwrites the target in der request)
+ */
+ private String target;
+ /**
+ * specifies a friendly name for the target
+ */
+ private String targetFriendlyName;
+
+ /**
+ * Returns the type of the online application.
+ * @return the type of the online application.
+ */
+ public String getOaType() {
+ return oaType;
+ }
+
+ /**
+ * Returns <code>true</code> is the OA is a businss application, otherwise
+ * <code>false</code>.
+ * @return <code>true</code> is the OA is a businss application, otherwise
+ * <code>false</code>
+ */
+ public boolean getBusinessService() {
+ return this.businessService;
+ }
+
+ /**
+ * Returns the publicURLPrefix.
+ * @return String
+ */
+ public String getPublicURLPrefix() {
+ return publicURLPrefix;
+ }
+
+ /**
+ *
+ * Sets the type of the online application.
+ * If the type is "businessService" the value of <code>businessService</code>
+ * ({@link #getBusinessService()}) is also set to <code>true</code>
+ * @param oaType The type of the online application.
+ */
+ public void setOaType(String oaType) {
+ this.oaType = oaType;
+ if ("businessService".equalsIgnoreCase(oaType)) {
+ this.businessService = true;
+ }
+ }
+
+ /**
+ * Sets the publicURLPrefix.
+ * @param publicURLPrefix The publicURLPrefix to set
+ */
+ public void setPublicURLPrefix(String publicURLPrefix) {
+ this.publicURLPrefix = publicURLPrefix;
+ }
+
+
+ /**
+ * Gets the friendly name of the OA
+ * @return Friendly Name of the OA
+ */
+ public String getFriendlyName() {
+ return friendlyName;
+ }
+
+ /**
+ * Sets the friendly name of the OA
+ * @param friendlyName
+ */
+ public void setFriendlyName(String friendlyName) {
+ this.friendlyName = friendlyName;
+ }
+
+ /**
+ * Gets the target of the OA
+ * @return target of the OA
+ */
+ public String getTarget() {
+ return target;
+ }
+
+ /**
+ * Sets the target of the OA
+ * @param target
+ */
+ public void setTarget(String target) {
+ this.target = target;
+ }
+
+ /**
+ * Gets the target friendly name of the OA
+ * @return target Friendly Name of the OA
+ */
+ public String getTargetFriendlyName() {
+ return targetFriendlyName;
+ }
+
+ /**
+ * Sets the target friendly name of the OA
+ * @param targetFriendlyName
+ */
+ public void setTargetFriendlyName(String targetFriendlyName) {
+ this.targetFriendlyName = targetFriendlyName;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java
new file mode 100644
index 000000000..2d0a91fb9
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java
@@ -0,0 +1,90 @@
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.config.legacy;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * Encapsulates several STORK configuration parameters according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class STORKConfig {
+
+ /** STORK SAML signature creation parameters */
+ private SignatureCreationParameter signatureCreationParameter;
+
+ /** STORK SAML signature verification parameters */
+ private SignatureVerificationParameter signatureVerificationParameter;
+
+ /** Map of supported C-PEPSs */
+ private Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>();
+
+
+ /**
+ * Constructs a STORK Config object
+ * @param signatureCreationParameter STORK SAML Signature creation parameters
+ * @param signatureVerificationParameter STORK SAML Signature verification parameters
+ * @param cpepsMap Map of supported C-PEPS
+ */
+ public STORKConfig(SignatureCreationParameter signatureCreationParameter,
+ SignatureVerificationParameter signatureVerificationParameter,
+ Map<String, CPEPS> cpepsMap) {
+ super();
+ this.signatureCreationParameter = signatureCreationParameter;
+ this.signatureVerificationParameter = signatureVerificationParameter;
+ this.cpepsMap = cpepsMap;
+ }
+
+ public SignatureCreationParameter getSignatureCreationParameter() {
+ return signatureCreationParameter;
+ }
+
+ public void setSignatureCreationParameter(
+ SignatureCreationParameter signatureCreationParameter) {
+ this.signatureCreationParameter = signatureCreationParameter;
+ }
+
+ public SignatureVerificationParameter getSignatureVerificationParameter() {
+ return signatureVerificationParameter;
+ }
+
+ public void setSignatureVerificationParameter(
+ SignatureVerificationParameter signatureVerificationParameter) {
+ this.signatureVerificationParameter = signatureVerificationParameter;
+ }
+
+ public Map<String, CPEPS> getCpepsMap() {
+ return cpepsMap;
+ }
+
+ public void setCpepsMap(Map<String, CPEPS> cpepsMap) {
+ this.cpepsMap = cpepsMap;
+ }
+
+ public boolean isSTORKAuthentication(String ccc) {
+
+ if (StringUtils.isEmpty(ccc) || this.cpepsMap.isEmpty())
+ return false;
+
+ if (this.cpepsMap.containsKey(ccc.toUpperCase()))
+ return true;
+ else
+ return false;
+
+ }
+
+ public CPEPS getCPEPS(String ccc) {
+ if (isSTORKAuthentication(ccc))
+ return this.cpepsMap.get(ccc);
+ else
+ return null;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java
new file mode 100644
index 000000000..fcccf41f0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java
@@ -0,0 +1,112 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.id.config.legacy;
+
+/**
+ * Encapsulates signature creation parameters according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class SignatureCreationParameter {
+
+ /** KeyStore Path */
+ private String keyStorePath;
+
+ /** KeyStore Password */
+ private String keyStorePassword;
+
+ /** Signing Key Name */
+ private String keyName;
+
+ /** Signing Key Password */
+ private String keyPassword;
+
+ /**
+ * Gets the KeyStore Path
+ * @return File Path to KeyStore
+ */
+ public String getKeyStorePath() {
+ return keyStorePath;
+ }
+
+ /**
+ * Sets the KeyStore Path
+ * @param keyStorePath Path to KeyStore
+ */
+ public void setKeyStorePath(String keyStorePath) {
+ this.keyStorePath = keyStorePath;
+ }
+
+ /**
+ * Gets the KeyStore Password
+ * @return Password to KeyStore
+ */
+ public String getKeyStorePassword() {
+ return keyStorePassword;
+ }
+
+ /**
+ * Sets the KeyStore Password
+ * @param keyStorePassword Password to KeyStore
+ */
+ public void setKeyStorePassword(String keyStorePassword) {
+ this.keyStorePassword = keyStorePassword;
+ }
+
+ /**
+ * Gets the Signing Key Name
+ * @return Siging Key Name
+ */
+ public String getKeyName() {
+ return keyName;
+ }
+
+ /**
+ * Sets the Signing Key Name
+ * @param keyName Signing Key Name
+ */
+ public void setKeyName(String keyName) {
+ this.keyName = keyName;
+ }
+
+ /**
+ * Gets the Signing Key Password
+ * @return Signing Key Password
+ */
+ public String getKeyPassword() {
+ return keyPassword;
+ }
+
+ /**
+ * Sets the Signing Key Password
+ * @param keyPassword Signing Key Password
+ */
+ public void setKeyPassword(String keyPassword) {
+ this.keyPassword = keyPassword;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java
new file mode 100644
index 000000000..d01c8e541
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java
@@ -0,0 +1,35 @@
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.config.legacy;
+
+/**
+ * Encapsulates Signature Verification data for STORK according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class SignatureVerificationParameter {
+
+ /** ID of the MOA-SP TrustProfile to be used for STORK SAML signature verification */
+ private String trustProfileID;
+
+ /**
+ * Gets the MOA-SP TrustProfileID
+ * @return TrustProfileID of MOA-SP for STORK signature verification
+ */
+ public String getTrustProfileID() {
+ return trustProfileID;
+ }
+
+ /**
+ * Sets the MOA-SP TrustProfileID
+ * @param trustProfileID TrustProfileID of MOA-SP for STORK signature verification
+ */
+ public void setTrustProfileID(String trustProfileID) {
+ this.trustProfileID = trustProfileID;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java
new file mode 100644
index 000000000..a482da430
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java
@@ -0,0 +1,411 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.config.legacy;
+
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.transform.TransformerException;
+
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.auth.data.Schema;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * This class is a container for parameters that maybe needed for verifying an infobox.
+ *
+ * @author Harald Bratko
+ */
+public class VerifyInfoboxParameter {
+
+ /**
+ * The default package name (first part) of a infobox validator class.
+ */
+ public static final String DEFAULT_PACKAGE_TRUNK = "at.gv.egovernment.moa.id.auth.validator.";
+
+ /**
+ * The identifier of the infobox to be verified. This identifier must exactly the
+ * identifier of the infobox returned by BKU.
+ */
+ protected String identifier_;
+
+ /**
+ * The friendly name of the infobox.
+ * This name is used within browser messages, thus it should be the german equivalent of
+ * the {@link #identifier_ infobox identifier} (e.g. &quot;<code>Stellvertretungen</code>&quot;
+ * for &quot;<code>Mandates</code>&quot; or &quot;<code>GDAToken</code>&quot; for
+ * &quot;<code>EHSPToken</code>&quot;.
+ * <br>If not specified within the config file the {@link #identifier_ infobox identifier}
+ * will be used.
+ */
+ protected String friendlyName_;
+
+ /**
+ * The Id of the TrustProfile to be used for validating certificates.
+ */
+ protected String trustProfileID_;
+
+ /**
+ * The full name of the class to be used for verifying the infobox.
+ */
+ protected String validatorClassName_;
+
+ /**
+ * Schema location URIs that may be needed by the
+ * validator to parse infobox tokens.
+ * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema}
+ * specifying the location of an XML schema.
+ */
+ protected List schemaLocations_;
+
+ /**
+ * Application specific parameters that may be needed for verifying an infobox.
+ */
+ protected Element applicationSpecificParams_;
+
+ /**
+ * Specifies if the infobox is be required to be returned by the BKU.
+ */
+ protected boolean required_;
+
+ /**
+ * Specifies whether the <code>Stammzahl</code> should be passed to the verifying
+ * application or not.
+ */
+ protected boolean provideStammzahl_;
+
+ /**
+ * Specifies whether the <code>identity link</code> should be passed to the verifying
+ * application or not.
+ */
+ protected boolean provideIdentityLink_;
+
+ /**
+ * Initializes this VerifiyInfoboxParamater with the given identifier and a default
+ * validator class name.
+ *
+ * @param identifier The identifier of the infobox to be verified.
+ */
+ public VerifyInfoboxParameter(String identifier) {
+ identifier_ = identifier;
+ StringBuffer sb = new StringBuffer(DEFAULT_PACKAGE_TRUNK);
+ sb.append(identifier.toLowerCase());
+ sb.append(".");
+ sb.append(identifier.substring(0, 1).toUpperCase());
+ sb.append(identifier.substring(1));
+ sb.append("Validator");
+ validatorClassName_ = sb.toString();
+ }
+
+ /**
+ * Returns application specific parameters.
+ * Each child element of this element contains a verifying application specific parameter. {@link #applicationSpecificParams_}
+ *
+ * @see #applicationSpecificParams_
+ *
+ * @return Application specific parameters.
+ */
+ public Element getApplicationSpecificParams() {
+ return applicationSpecificParams_;
+ }
+
+ /**
+ * Sets the application specific parameters.
+ *
+ * @see #applicationSpecificParams_
+ *
+ * @param applicationSpecificParams The application specific parameters to set.
+ */
+ public void setApplicationSpecificParams(Element applicationSpecificParams) {
+ applicationSpecificParams_ = applicationSpecificParams;
+ }
+
+ /**
+ * Appends special application specific parameters for party representation.
+ *
+ * @param applicationSpecificParams The application specific parameters for party representation to set.
+ */
+ public void appendParepSpecificParams(Element applicationSpecificParams) {
+ try {
+ if (applicationSpecificParams_==null) {
+ applicationSpecificParams_ = applicationSpecificParams.getOwnerDocument().createElement("ApplicationSpecificParameters");
+ }
+ Element nameSpaceNode = applicationSpecificParams.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+ NodeList nodeList = XPathAPI.selectNodeList(applicationSpecificParams, "*", nameSpaceNode);
+ if (null!=nodeList) {
+ for (int i=0; i<nodeList.getLength(); i++) {
+ applicationSpecificParams_.appendChild((Node) nodeList.item(i));
+ }
+ }
+ } catch (TransformerException e) {
+ //Do nothing
+ }
+ }
+
+ /**
+ * Returns the friendly name.
+ *
+ * @see #friendlyName_
+ *
+ * @return The friendly name.
+ */
+ public String getFriendlyName() {
+ return friendlyName_;
+ }
+
+ /**
+ * Sets the friendly name.
+ *
+ * @param friendlyName The friendly name to set.
+ */
+ public void setFriendlyName(String friendlyName) {
+ friendlyName_ = friendlyName;
+ }
+
+ /**
+ * Returns the infobox identifier.
+ *
+ * @see #identifier_
+ *
+ * @return The infobox identifier.
+ */
+ public String getIdentifier() {
+ return identifier_;
+ }
+
+ /**
+ * Sets the the infobox identifier.
+ *
+ * @see #identifier_
+ *
+ * @param identifier The infobox identifier to set.
+ */
+ public void setIdentifier(String identifier) {
+ identifier_ = identifier;
+ }
+
+ /**
+ * Specifies whether the identity link should be passed to the verifying application
+ * or not.
+ *
+ * @return <code>True</code> if the identity link should be passed to the verifying
+ * application, otherwise <code>false</code>.
+ */
+ public boolean getProvideIdentityLink() {
+ return provideIdentityLink_;
+ }
+
+ /**
+ * Sets the {@link #provideIdentityLink_} parameter.
+ *
+ * @param provideIdentityLink <code>True</code> if the identity link should be passed to
+ * the verifying application, otherwise <code>false</code>.
+ */
+ public void setProvideIdentityLink(boolean provideIdentityLink) {
+ provideIdentityLink_ = provideIdentityLink;
+ }
+
+ /**
+ * Specifies whether the <code>Stammzahl</code> should be passed to the verifying
+ * application or not.
+ *
+ * @return <code>True</code> if the <code>Stammzahl</code> should be passed to the
+ * verifying application, otherwise <code>false</code>.
+ */
+ public boolean getProvideStammzahl() {
+ return provideStammzahl_;
+ }
+
+ /**
+ * Sets the {@link #provideStammzahl_} parameter.
+ *
+ * @param provideStammzahl <code>True</code> if the <code>Stammzahl</code> should be
+ * passed to the verifying application, otherwise <code>false</code>.
+ */
+ public void setProvideStammzahl(boolean provideStammzahl) {
+ provideStammzahl_ = provideStammzahl;
+ }
+
+ /**
+ * Specifies whether the infobox is required or not.
+ *
+ * @return <code>True</code> if the infobox is required to be returned by the BKU,
+ * otherwise <code>false</code>.
+ */
+ public boolean isRequired() {
+ return required_;
+ }
+
+ /**
+ * Sets the {@link #required_} parameter.
+ *
+ * @param required <code>True</code> if the infobox is required to be returned by the
+ * BKU, otherwise <code>false</code>.
+ */
+ public void setRequired(boolean required) {
+ required_ = required;
+ }
+
+ /**
+ * Schema location URIs that may be needed by the
+ * validator to parse infobox tokens.
+ * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema}
+ * specifying the location of an XML schema.
+ *
+ * @return A list of {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} objects
+ * each of them specifying the location of an XML schema.
+ */
+ public List getSchemaLocations() {
+ return schemaLocations_;
+ }
+
+ /**
+ * Sets the schema locations.
+ *
+ * @see #schemaLocations_
+ *
+ * @param schemaLocations The schema location list to be set.
+ */
+ public void setSchemaLocations(List schemaLocations) {
+ schemaLocations_ = schemaLocations;
+ }
+
+ /**
+ * Returns the ID of the trust profile to be used for verifying certificates.
+ *
+ * @return The ID of the trust profile to be used for verifying certificates.
+ * Maybe <code>null</code>.
+ */
+ public String getTrustProfileID() {
+ return trustProfileID_;
+ }
+
+ /**
+ * Sets the ID of the trust profile to be used for verifying certificates.
+ *
+ * @param trustProfileID The ID of the trust profile to be used for verifying certificates.
+ */
+ public void setTrustProfileID(String trustProfileID) {
+ trustProfileID_ = trustProfileID;
+ }
+
+ /**
+ * Returns the name of the class to be used for verifying this infobox.
+ *
+ * @return The name of the class to be used for verifying this infobox.
+ */
+ public String getValidatorClassName() {
+ return validatorClassName_;
+ }
+
+ /**
+ * Sets the name of the class to be used for verifying this infobox.
+ *
+ * @param validatorClassName The name of the class to be used for verifying this infobox.
+ */
+ public void setValidatorClassName(String validatorClassName) {
+ validatorClassName_ = validatorClassName;
+ }
+
+ /**
+ * Get a string representation of this object.
+ * This method is for debugging purposes only.
+ *
+ * @return A string representation of this object.
+ */
+ public String toString() {
+
+ StringBuffer buffer = new StringBuffer(1024);
+
+ buffer.append(" <Infobox Identifier=\"");
+ buffer.append(identifier_);
+ buffer.append("\" required=\"");
+ buffer.append(required_);
+ buffer.append("\" provideStammzahl=\"");
+ buffer.append(provideStammzahl_);
+ buffer.append("\" provideIdentityLink=\"");
+ buffer.append(provideIdentityLink_);
+ buffer.append("\">");
+ buffer.append("\n");
+ if (friendlyName_ != null) {
+ buffer.append(" <FriendlyName>");
+ buffer.append(friendlyName_);
+ buffer.append("</FriendlyName>");
+ buffer.append("\n");
+ }
+ if (trustProfileID_ != null) {
+ buffer.append(" <TrustProfileID>");
+ buffer.append(trustProfileID_);
+ buffer.append("</TrustProfileID>");
+ buffer.append("\n");
+ }
+ if (validatorClassName_ != null) {
+ buffer.append(" <ValidatorClass>");
+ buffer.append(validatorClassName_);
+ buffer.append("</ValidatorClass>");
+ buffer.append("\n");
+ }
+ if (schemaLocations_ != null) {
+ buffer.append(" <SchemaLocations>");
+ buffer.append("\n");
+ Iterator it = schemaLocations_.iterator();
+ while (it.hasNext()) {
+ buffer.append(" <Schema namespace=\"");
+ Schema schema = (Schema)it.next();
+ buffer.append(schema.getNamespace());
+ buffer.append("\" schemaLocation=\"");
+ buffer.append(schema.getSchemaLocation());
+ buffer.append("\"/>\n");
+ }
+ buffer.append(" </SchemaLocations>");
+ buffer.append("\n");
+ }
+ if (applicationSpecificParams_ != null) {
+ try {
+ String applicationSpecificParams = DOMUtils.serializeNode(applicationSpecificParams_);
+ buffer.append(" ");
+ buffer.append(StringUtils.removeXMLDeclaration(applicationSpecificParams));
+ buffer.append("\n");
+ } catch (TransformerException e) {
+ // do nothing
+ } catch (IOException e) {
+ // do nothing
+ }
+ }
+ buffer.append(" </Infobox>");
+
+
+ return buffer.toString() ;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java
new file mode 100644
index 000000000..c7f5aa7ff
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java
@@ -0,0 +1,159 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.config.legacy;
+
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * This class contains the parameters for verifying all the infoboxes configured for an
+ * online application.
+ *
+ * @author Harald Bratko
+ */
+public class VerifyInfoboxParameters {
+
+ /**
+ * A map of {@link VerifyInfoboxParameter} objects.
+ * Each of these objects contains parameters that maybe needed for validating an
+ * infobox.
+ */
+ protected Map infoboxParameters_;
+
+ /**
+ * A list of the identifiers of the infoboxes supported by this
+ * VerifyInfoboxParameters;
+ */
+ protected List identifiers_;
+
+ /**
+ * Holds the (comma separated) identifiers of those infoboxes MOA-IF is able to validate
+ * in the context of the actual online application.
+ * The string will be added as value of the <code>PushInfobox</code> parameter in the
+ * HTML form used for reading the infoboxes from the BKU.
+ */
+ protected String pushInfobox_;
+
+ /**
+ * Initializes this VerifyInfoboxParameters with an empty {@link #infoboxParameters_}
+ * map.
+ */
+ public VerifyInfoboxParameters() {
+ infoboxParameters_ = new Hashtable();
+ pushInfobox_ = "";
+ }
+
+ /**
+ * Initializes this VerifyInfoboxParameters with the given
+ * <code>infoboxParameters</code> map and builds the {@link #pushInfobox_} string
+ * from the keys of the given map.
+ */
+ public VerifyInfoboxParameters(List identifiers, Map infoboxParameters) {
+ identifiers_ = identifiers;
+ infoboxParameters_ = infoboxParameters;
+ // build the pushInfobox string
+ if ((identifiers != null) && (!identifiers.isEmpty())) {
+ StringBuffer identifiersSB = new StringBuffer();
+ int identifiersNum = identifiers.size();
+ int i = 1;
+ Iterator it = identifiers.iterator();
+ while (it.hasNext()) {
+ identifiersSB.append((String)it.next());
+ if (i != identifiersNum) {
+ identifiersSB.append(",");
+ }
+ i++;
+ }
+ pushInfobox_ = identifiersSB.toString();
+ } else {
+ pushInfobox_ = "";
+ }
+ }
+
+ /**
+ * Returns the (comma separated) identifiers of the infoboxes configured for the actual
+ * online application.
+ *
+ * @see #pushInfobox_
+ *
+ * @return The (comma separated) identifiers of the infoboxes configured for the actual
+ * online application.
+ */
+ public String getPushInfobox() {
+ return pushInfobox_;
+ }
+
+ /**
+ * Sets the {@link #pushInfobox_} string.
+ *
+ * @param pushInfobox The pushInfobox string to be set.
+ */
+ public void setPushInfobox(String pushInfobox) {
+ pushInfobox_ = pushInfobox;
+ }
+
+ /**
+ * Returns map of {@link VerifyInfoboxParameter} objects.
+ * Each of these objects contains parameters that maybe needed for validating an
+ * infobox.
+ *
+ * @return The map of {@link VerifyInfoboxParameter} objects.
+ */
+ public Map getInfoboxParameters() {
+ return infoboxParameters_;
+ }
+
+ /**
+ * Sets the map of {@link VerifyInfoboxParameter} objects.
+ *
+ * @see #infoboxParameters_
+ *
+ * @param infoboxParameters The infoboxParameters to set.
+ */
+ public void setInfoboxParameters(Map infoboxParameters) {
+ infoboxParameters_ = infoboxParameters;
+ }
+
+ /**
+ * Returns the identifiers of the supported infoboxes.
+ *
+ * @return The identifiers.
+ */
+ public List getIdentifiers() {
+ return identifiers_;
+ }
+
+ /**
+ * Sets the identifiers.
+ *
+ * @param identifiers The identifiers to set.
+ */
+ public void setIdentifiers(List identifiers) {
+ identifiers_ = identifiers;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
index ed0de8ebe..d14d570ab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
@@ -24,8 +24,8 @@
package at.gv.egovernment.moa.id.config.proxy;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.OAParameter;
+import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.legacy.OAParameter;
/**
* Configuration parameters belonging to an online application,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
index 219b0f8ba..094e7162e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
@@ -33,9 +33,9 @@ import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.w3c.dom.traversal.NodeIterator;
-import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
+import at.gv.egovernment.moa.id.config.legacy.ConfigurationBuilder;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.FileUtils;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
index 86ae93a4b..1c9c1caa8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
@@ -33,7 +33,7 @@ import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.FileUtils;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
index 485a44421..4b4364555 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
@@ -3,9 +3,32 @@
*/
package at.gv.egovernment.moa.id.config.stork;
+import iaik.util.logging.Log;
+
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.ArrayList;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
+import java.util.Properties;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import eu.stork.vidp.messages.util.SAMLUtil;
+import eu.stork.vidp.messages.util.XMLUtil;
+import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributeType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter;
+import at.gv.egovernment.moa.id.commons.db.dao.config.STORK;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.StringUtils;
/**
@@ -17,55 +40,83 @@ import at.gv.egovernment.moa.util.StringUtils;
public class STORKConfig {
/** STORK SAML signature creation parameters */
- private SignatureCreationParameter signatureCreationParameter;
+ private STORK stork;
+ private Properties props;
+ private Map<String, CPEPS> cpepsMap;
- /** STORK SAML signature verification parameters */
- private SignatureVerificationParameter signatureVerificationParameter;
-
- /** Map of supported C-PEPSs */
- private Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>();
-
-
- /**
- * Constructs a STORK Config object
- * @param signatureCreationParameter STORK SAML Signature creation parameters
- * @param signatureVerificationParameter STORK SAML Signature verification parameters
- * @param cpepsMap Map of supported C-PEPS
- */
- public STORKConfig(SignatureCreationParameter signatureCreationParameter,
- SignatureVerificationParameter signatureVerificationParameter,
- Map<String, CPEPS> cpepsMap) {
- super();
- this.signatureCreationParameter = signatureCreationParameter;
- this.signatureVerificationParameter = signatureVerificationParameter;
- this.cpepsMap = cpepsMap;
+ public STORKConfig(STORK stork, Properties props) {
+ this.stork = stork;
+ this.props = props;
+
+ //create CPEPS map
+ List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = stork.getCPEPS();
+
+ cpepsMap = new HashMap<String, CPEPS>();
+
+ for(at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS cpep : cpeps) {
+
+ try {
+ CPEPS moacpep = new CPEPS(cpep.getCountryCode(), new URL(cpep.getURL()));
+
+ List<String> attr = cpep.getAttributeValue();
+
+ ArrayList<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>();
+
+ for (String e1 : attr) {
+ Element element = XMLUtil.stringToDOM(e1);
+ RequestedAttribute requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(element);
+ requestedAttributes.add(requestedAttribute);
+ }
+ moacpep.setCountrySpecificRequestedAttributes(requestedAttributes);
+
+ cpepsMap.put(cpep.getCountryCode(), moacpep);
+
+ } catch (MalformedURLException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid URL and is ignored.");
+ } catch (ParserConfigurationException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (SAXException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (IOException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (MessageEncodingException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ }
+ }
}
public SignatureCreationParameter getSignatureCreationParameter() {
- return signatureCreationParameter;
- }
-
- public void setSignatureCreationParameter(
- SignatureCreationParameter signatureCreationParameter) {
- this.signatureCreationParameter = signatureCreationParameter;
+
+ return new SignatureCreationParameter(props);
}
public SignatureVerificationParameter getSignatureVerificationParameter() {
- return signatureVerificationParameter;
- }
-
- public void setSignatureVerificationParameter(
- SignatureVerificationParameter signatureVerificationParameter) {
- this.signatureVerificationParameter = signatureVerificationParameter;
+
+ SAMLSigningParameter samlsign = stork.getSAMLSigningParameter();
+
+ if (samlsign == null) {
+ Log.warn("Error in MOA-ID Configuration. No STORK->SAMLSigningParameter configuration found.");
+ return null;
+ }
+
+ SignatureVerificationParameterType sigverify = samlsign.getSignatureVerificationParameter();
+
+ if (sigverify == null) {
+ Log.warn("Error in MOA-ID Configuration. No STORK->SignatureVerificationParameter configuration found.");
+ return null;
+ }
+
+ return new SignatureVerificationParameter(sigverify.getTrustProfileID());
}
public Map<String, CPEPS> getCpepsMap() {
return cpepsMap;
}
-
- public void setCpepsMap(Map<String, CPEPS> cpepsMap) {
- this.cpepsMap = cpepsMap;
- }
public boolean isSTORKAuthentication(String ccc) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java
index 1f66b7752..ee4fc1e20 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java
@@ -23,6 +23,8 @@
package at.gv.egovernment.moa.id.config.stork;
+import java.util.Properties;
+
/**
* Encapsulates signature creation parameters according MOA configuration
*
@@ -31,32 +33,24 @@ package at.gv.egovernment.moa.id.config.stork;
*/
public class SignatureCreationParameter {
- /** KeyStore Path */
- private String keyStorePath;
+ private static final String PROPS_PREFIX = "stork.samlsigningparameter.signaturecreation.";
+ private static final String PROPS_KEYSTORE_FILE = "keystore.file";
+ private static final String PROPS_KEYSTORE_PASS = "keystore.password";
+ private static final String PROPS_KEYNAME_NAME = "keyname.name";
+ private static final String PROPS_KEYNAME_PASS = "keyname.password";
- /** KeyStore Password */
- private String keyStorePassword;
+ private Properties props;
- /** Signing Key Name */
- private String keyName;
+ SignatureCreationParameter(Properties props) {
+ this.props = props;
+ }
- /** Signing Key Password */
- private String keyPassword;
-
/**
* Gets the KeyStore Path
* @return File Path to KeyStore
*/
public String getKeyStorePath() {
- return keyStorePath;
- }
-
- /**
- * Sets the KeyStore Path
- * @param keyStorePath Path to KeyStore
- */
- public void setKeyStorePath(String keyStorePath) {
- this.keyStorePath = keyStorePath;
+ return props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_FILE);
}
/**
@@ -64,15 +58,7 @@ public class SignatureCreationParameter {
* @return Password to KeyStore
*/
public String getKeyStorePassword() {
- return keyStorePassword;
- }
-
- /**
- * Sets the KeyStore Password
- * @param keyStorePassword Password to KeyStore
- */
- public void setKeyStorePassword(String keyStorePassword) {
- this.keyStorePassword = keyStorePassword;
+ return props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_PASS);
}
/**
@@ -80,15 +66,7 @@ public class SignatureCreationParameter {
* @return Siging Key Name
*/
public String getKeyName() {
- return keyName;
- }
-
- /**
- * Sets the Signing Key Name
- * @param keyName Signing Key Name
- */
- public void setKeyName(String keyName) {
- this.keyName = keyName;
+ return props.getProperty(PROPS_PREFIX+PROPS_KEYNAME_NAME);
}
/**
@@ -96,17 +74,6 @@ public class SignatureCreationParameter {
* @return Signing Key Password
*/
public String getKeyPassword() {
- return keyPassword;
+ return props.getProperty(PROPS_PREFIX+PROPS_KEYNAME_PASS);
}
-
- /**
- * Sets the Signing Key Password
- * @param keyPassword Signing Key Password
- */
- public void setKeyPassword(String keyPassword) {
- this.keyPassword = keyPassword;
- }
-
-
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java
index 2d8402e4d..211c7dde4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java
@@ -14,6 +14,10 @@ public class SignatureVerificationParameter {
/** ID of the MOA-SP TrustProfile to be used for STORK SAML signature verification */
private String trustProfileID;
+ public SignatureVerificationParameter(String trustProfileID2) {
+ this.trustProfileID = trustProfileID2;
+ }
+
/**
* Gets the MOA-SP TrustProfileID
* @return TrustProfileID of MOA-SP for STORK signature verification
@@ -22,14 +26,6 @@ public class SignatureVerificationParameter {
return trustProfileID;
}
- /**
- * Sets the MOA-SP TrustProfileID
- * @param trustProfileID TrustProfileID of MOA-SP for STORK signature verification
- */
- public void setTrustProfileID(String trustProfileID) {
- this.trustProfileID = trustProfileID;
- }
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 4c5b82db8..a453010da 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -11,11 +11,14 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
@@ -58,6 +61,10 @@ public class DispatcherServlet extends AuthServlet{
protected void processRequest(HttpServletRequest req,
HttpServletResponse resp) throws ServletException, IOException {
+
+ boolean isValidSSOSession = false;
+ boolean useSSOOA = false;
+
try {
Logger.info("REQUEST: " + req.getRequestURI());
Logger.info("QUERY : " + req.getQueryString());
@@ -191,10 +198,19 @@ public class DispatcherServlet extends AuthServlet{
return;
}
+ //load Parameters from OnlineApplicationConfiguration
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(protocolRequest.getOAURL());
+ if (oaParam == null) {
+ //TODO: Find a better place for this!!
+ req.getSession().invalidate();
+ throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() });
+ }
+
RequestStorage.setPendingRequest(httpSession, protocolRequest);
AuthenticationManager authmanager = AuthenticationManager.getInstance();
-
+
SSOManager ssomanager = SSOManager.getInstance();
//get SSO Cookie for Request
@@ -215,10 +231,8 @@ public class DispatcherServlet extends AuthServlet{
}
}
- boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req);
-
- //TODO: load useSSO from config!
- boolean useSSOOA = true;
+ isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req);
+ useSSOOA = oaParam.useSSO();
if (protocolRequest.isPassiv()
&& protocolRequest.forceAuth()) {
@@ -257,22 +271,26 @@ public class DispatcherServlet extends AuthServlet{
moduleAction.processRequest(protocolRequest, req, resp);
- //save SSO session usage in Database
- String moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
- AuthenticationManager.MOA_SESSION, null);
+ RequestStorage.removePendingRequest(httpSession);
+
+ if (useSSOOA || isValidSSOSession) {
+ //save SSO session usage in Database
+ String moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
+ AuthenticationManager.MOA_SESSION, null);
- String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
+ String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
- if (newSSOSessionId != null) {
- ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
+ if (newSSOSessionId != null) {
+ ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
+
+ } else {
+ ssomanager.deleteSSOSessionID(req, resp);
+ }
} else {
- ssomanager.deleteSSOSessionID(req, resp);
+ authmanager.logout(req, resp);
}
-
- RequestStorage.removePendingRequest(httpSession);
-
-
+
//authmanager.logout(req, resp);
} catch (Throwable e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
index e1a8673b7..10ff4bfc8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
@@ -58,18 +58,19 @@ public class CertStoreConfigurationImpl extends ObservableImpl
*/
public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
this.conf=conf;
- String paramName = ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY;
- String certStoreRootDirParam = conf.getGenericConfigurationParameter(paramName);
+
+ String certStoreRootDirParam = conf.getCertstoreDirectory();
+
if (certStoreRootDirParam == null)
throw new ConfigurationException(
- "config.08", new Object[] {paramName});
+ "config.08", new Object[] {"CertStoreDirectory"});
rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir());
if(rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(6);
File f = new File(rootDirectory);
if (!f.isDirectory())
throw new ConfigurationException(
- "config.05", new Object[] {paramName});
+ "config.05", new Object[] {"CertStoreDirectory"});
parameters = new CertStoreParameters[] { this };
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index d04c0b3d5..7c2a9d533 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -2,21 +2,15 @@ package at.gv.egovernment.moa.id.moduls;
import java.io.IOException;
import java.io.PrintWriter;
-import java.util.ArrayList;
-import java.util.Arrays;
import java.util.List;
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletContext;
import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
@@ -202,11 +196,10 @@ public class AuthenticationManager extends AuthServlet {
setNoCachingHeadersInHttpRespone(request, response);
- //TODO:move this to config!!!
- final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x");
+ List<String> legacyallowed_prot = AuthConfigurationProvider.getInstance().getLegacyAllowedProtocols();
//is legacy allowed
- boolean legacyallowed = PROTOCOLS_LEGACY_ALLOWED.contains(target.requestedModule());
+ boolean legacyallowed = legacyallowed_prot.contains(target.requestedModule());
//check legacy request parameter
boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(request);
@@ -265,12 +258,9 @@ public class AuthenticationManager extends AuthServlet {
.getOnlineApplicationParameter(target.getOAURL());
if (oaParam == null) {
- //TODO: Find a better place for this!!
- request.getSession().invalidate();
throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() });
}
-
-
+
else {
//check if an MOASession exists and if not create an new MOASession
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index eeb0afae2..1e863ec81 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -10,7 +10,7 @@ import org.hibernate.Query;
import org.hibernate.Session;
import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.commons.db.MOASessionUtil;
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -57,7 +57,7 @@ public class SSOManager {
public String existsOldSSOSession(String ssoId) {
Logger.trace("Check that the SSOID has already been used");
- Session session = MOASessionUtil.getCurrentSession();
+ Session session = MOASessionDBUtils.getCurrentSession();
List<OldSSOSessionIDStore> result;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 2c4b7c4c5..f3df7a4df 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -1,5 +1,7 @@
package at.gv.egovernment.moa.id.protocols.saml1;
+import java.io.IOException;
+import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import javax.servlet.http.HttpServletRequest;
@@ -11,7 +13,11 @@ import org.apache.commons.lang.StringEscapeUtils;
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -19,6 +25,7 @@ import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.URLEncoder;
@@ -65,12 +72,13 @@ public class GetArtifactAction implements IAction {
//AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(),
// useUTC, false);
+ SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
+
AuthenticationData authData = SAML1AuthenticationServer.buildAuthenticationData(session,
oaParam,
target);
- String samlArtifactBase64 = SAML1AuthenticationServer
- .BuildSAMLArtifact(session, oaParam, authData);
+ String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData);
String redirectURL = oaURL;
session.getOAURLRequested();
@@ -85,8 +93,15 @@ public class GetArtifactAction implements IAction {
httpResp.setContentType("text/html");
httpResp.setStatus(302);
+
+// if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) {
+// String url = "RedirectServlet?"+RedirectServlet.REDIRCT_GETPARAM+"="+redirectURL;
+// httpResp.addHeader("Location", url);
+//
+// } else {
+ httpResp.addHeader("Location", redirectURL);
+// }
- httpResp.addHeader("Location", redirectURL);
Logger.debug("REDIRECT TO: " + redirectURL);
// CONFIRMATION FOR SSO!
@@ -128,7 +143,13 @@ public class GetArtifactAction implements IAction {
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- }
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } //catch (MOADatabaseException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// }
}
protected static String addURLParameter(String url, String paramname,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index 784dec0df..c8a9a24ad 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -113,7 +113,9 @@ public class GetAuthenticationDataService implements Constants {
String samlArtifact = DOMUtils.getText(samlArtifactElem);
try {
- AuthenticationData authData = SAML1AuthenticationServer.getSaml1AuthenticationData(samlArtifact);
+ SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
+
+ AuthenticationData authData = saml1server.getSaml1AuthenticationData(samlArtifact);
useUTC = authData.getUseUTC();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index e79954daa..1b516fe19 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -6,18 +6,32 @@ import java.io.File;
import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.util.Date;
+import java.util.List;
+import java.util.Vector;
+
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.ServiceException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
@@ -26,10 +40,21 @@ import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.StringUtils;
public class SAML1AuthenticationServer extends AuthenticationServer {
+ private static SAML1AuthenticationServer instance;
+
+ public static SAML1AuthenticationServer getInstace() {
+ if (instance == null)
+ instance = new SAML1AuthenticationServer();
+
+ return instance;
+ }
+
//private static Map authenticationDataStore = new HashMap();
private static AssertionStorage authenticationDataStore = AssertionStorage.getInstance();
@@ -48,7 +73,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
*
* @return <code>AuthenticationData</code>
*/
- public static AuthenticationData getSaml1AuthenticationData(String samlArtifact)
+ public AuthenticationData getSaml1AuthenticationData(String samlArtifact)
throws AuthenticationException {
try {
new SAMLArtifactParser(samlArtifact).parseAssertionHandle();
@@ -71,17 +96,19 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
boolean keepAssertion = false;
- try {
- String boolStr = AuthConfigurationProvider.getInstance()
- .getGenericConfigurationParameter(
- "AuthenticationServer.KeepAssertion");
- if (null != boolStr && boolStr.equalsIgnoreCase("true"))
- keepAssertion = true;// Only allowed for debug purposes!!!
-
- } catch (ConfigurationException ex) {
- throw new AuthenticationException("1205", new Object[] {
- samlArtifact, ex.toString() });
- }
+
+ //removed from MOA-ID 2.0 config
+// try {
+// String boolStr = AuthConfigurationProvider.getInstance()
+// .getGenericConfigurationParameter(
+// "AuthenticationServer.KeepAssertion");
+// if (null != boolStr && boolStr.equalsIgnoreCase("true"))
+// keepAssertion = true;// Only allowed for debug purposes!!!
+//
+// } catch (ConfigurationException ex) {
+// throw new AuthenticationException("1205", new Object[] {
+// samlArtifact, ex.toString() });
+// }
if (!keepAssertion) {
authenticationDataStore.remove(samlArtifact);
}
@@ -96,7 +123,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
return authData;
}
- public static String BuildSAMLArtifact(AuthenticationSession session,
+ public String BuildSAMLArtifact(AuthenticationSession session,
OAAuthParameter oaParam,
AuthenticationData authData)
throws ConfigurationException, BuildException, AuthenticationException {
@@ -112,14 +139,17 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
// conditionLength);
- boolean useCondition = oaParam.getUseCondition();
- int conditionLength = oaParam.getConditionLength();
+ //Load SAML1 Parameter from OA config
+ OASAML1 saml1parameter = oaParam.getSAML1Parameter();
+
+ boolean useCondition = saml1parameter.isUseCondition();
+ int conditionLength = saml1parameter.getConditionLength().intValue();
try {
//set BASE64 encoded signer certificate
String signerCertificateBase64 = "";
- if (oaParam.getProvideCertifcate()) {
+ if (saml1parameter.isProvideCertificate()) {
byte[] signerCertificate = session.getEncodedSignerCertificate();
if (signerCertificate != null) {
@@ -131,19 +161,19 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
//set prPersion
- boolean provideStammzahl = oaParam.getProvideStammzahl();
+ boolean provideStammzahl = saml1parameter.isProvideStammzahl();
String prPerson = new PersonDataBuilder().build(session.getIdentityLink(),
provideStammzahl);
//set Authblock
- String authBlock = oaParam.getProvideAuthBlock() ? session
+ String authBlock = saml1parameter.isProvideAUTHBlock() ? session
.getAuthBlock() : "";
//set IdentityLink for assortion
- String ilAssertion = oaParam.getProvideIdentityLink() ? session.getIdentityLink()
+ String ilAssertion = saml1parameter.isProvideIdentityLink() ? session.getIdentityLink()
.getSerializedSamlAssertion()
: "";
- if (!oaParam.getProvideStammzahl()) {
+ if (!saml1parameter.isProvideStammzahl()) {
ilAssertion = StringUtils.replaceAll(ilAssertion, session.getIdentityLink()
.getIdentificationValue(), "");
}
@@ -151,16 +181,87 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
String samlAssertion;
if (session.getUseMandate()) {
+ List oaAttributes = session.getExtendedSAMLAttributesOA();;
+
+ if (saml1parameter.isProvideFullMandatorData()) {
+
+ try {
+
+ ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes(
+ session.getMISMandate(), oaParam.getBusinessService(),
+ saml1parameter.isProvideStammzahl());
+
+ if (extendedSAMLAttributes != null) {
+
+ String identifier = "MISService";
+ String friendlyName ="MISService";
+
+ int length = extendedSAMLAttributes.length;
+ for (int i = 0; i < length; i++) {
+ ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i];
+
+ Object value = verifySAMLAttribute(samlAttribute, i, identifier,
+ friendlyName);
+
+ if ((value instanceof String) || (value instanceof Element)) {
+ switch (samlAttribute.getAddToAUTHBlock()) {
+ case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK:
+ replaceExtendedSAMLAttribute(oaAttributes, samlAttribute);
+ break;
+ case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK:
+ replaceExtendedSAMLAttribute(oaAttributes, samlAttribute);
+ break;
+ default:
+ Logger
+ .info("Invalid return value from method \"getAddToAUTHBlock()\" ("
+ + samlAttribute.getAddToAUTHBlock()
+ + ") in SAML attribute number "
+ + (i + 1)
+ + " for infobox " + identifier);
+ throw new ValidateException("validator.47", new Object[] {
+ friendlyName, String.valueOf((i + 1)) });
+ }
+ } else {
+ Logger
+ .info("The type of SAML-Attribute number "
+ + (i + 1)
+ + " returned from "
+ + identifier
+ + "-infobox validator is not valid. Must be either \"java.Lang.String\""
+ + " or \"org.w3c.dom.Element\"");
+ throw new ValidateException("validator.46", new Object[] {
+ identifier, String.valueOf((i + 1)) });
+ }
+ }
+ }
+
+ } catch (SAXException e) {
+ throw new AuthenticationException("auth.16",
+ new Object[] { GET_MIS_SESSIONID }, e);
+ } catch (IOException e) {
+ throw new AuthenticationException("auth.16",
+ new Object[] { GET_MIS_SESSIONID }, e);
+ } catch (ParserConfigurationException e) {
+ throw new AuthenticationException("auth.16",
+ new Object[] { GET_MIS_SESSIONID }, e);
+ } catch (TransformerException e) {
+ throw new AuthenticationException("auth.16",
+ new Object[] { GET_MIS_SESSIONID }, e);
+ }
+ }
+
+ String mandateDate = generateMandateDate(session, oaParam);
+
samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate(
authData,
prPerson,
- session.getMandateData(),
+ mandateDate,
authBlock,
ilAssertion,
session.getBkuURL(),
signerCertificateBase64,
oaParam.getBusinessService(),
- session.getExtendedSAMLAttributesOA(),
+ oaAttributes,
useCondition,
conditionLength);
@@ -180,21 +281,24 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
authData.setSamlAssertion(samlAssertion);
- String assertionFile = AuthConfigurationProvider.getInstance()
- .getGenericConfigurationParameter(
- "AuthenticationServer.WriteAssertionToFile");
- if (!ParepUtils.isEmpty(assertionFile))
- try {
- ParepUtils.saveStringToFile(samlAssertion, new File(
- assertionFile));
- } catch (IOException e) {
- throw new BuildException("builder.00", new Object[] {
- "AuthenticationData", e.toString() }, e);
- }
+ //is removed from MOA-ID 2.0 config
+// String assertionFile = AuthConfigurationProvider.getInstance()
+// .getGenericConfigurationParameter(
+// "AuthenticationServer.WriteAssertionToFile");
+// if (!ParepUtils.isEmpty(assertionFile))
+// try {
+// ParepUtils.saveStringToFile(samlAssertion, new File(
+// assertionFile));
+// } catch (IOException e) {
+// throw new BuildException("builder.00", new Object[] {
+// "AuthenticationData", e.toString() }, e);
+// }
+
+ //TODO: get sourceID from oaConfig!!!
String samlArtifact = new SAMLArtifactBuilder().build(
session.getAuthURL(), session.getSessionID(),
- session.getSourceID());
+ saml1parameter.getSourceID());
storeAuthenticationData(samlArtifact, authData);
@@ -209,6 +313,157 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
+ private String generateMandateDate(AuthenticationSession session,
+ OAAuthParameter oaParam
+ ) throws AuthenticationException, BuildException,
+ ParseException, ConfigurationException, ServiceException,
+ ValidateException {
+
+ if (session == null)
+ throw new AuthenticationException("auth.10", new Object[] {
+ REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID });
+
+ //AuthenticationSession session = getSession(sessionID);
+ // AuthConfigurationProvider authConf =
+ // AuthConfigurationProvider.getInstance();
+
+ IdentityLink tempIdentityLink = null;
+
+ Element mandate = session.getMandate();
+
+ if (session.getUseMandate()) {
+ tempIdentityLink = new IdentityLink();
+ Element mandator = ParepUtils.extractMandator(mandate);
+ String dateOfBirth = "";
+ Element prPerson = null;
+ String familyName = "";
+ String givenName = "";
+ String identificationType = "";
+ String identificationValue = "";
+ if (mandator != null) {
+ boolean physical = ParepUtils.isPhysicalPerson(mandator);
+ if (physical) {
+ familyName = ParepUtils.extractText(mandator,
+ "descendant-or-self::pr:Name/pr:FamilyName/text()");
+ givenName = ParepUtils.extractText(mandator,
+ "descendant-or-self::pr:Name/pr:GivenName/text()");
+ dateOfBirth = ParepUtils
+ .extractMandatorDateOfBirth(mandator);
+ } else {
+ familyName = ParepUtils.extractMandatorFullName(mandator);
+ }
+ identificationType = ParepUtils.getIdentification(mandator,
+ "Type");
+ identificationValue = ParepUtils.extractMandatorWbpk(mandator);
+
+ prPerson = ParepUtils.extractPrPersonOfMandate(mandate);
+ if (physical
+ && oaParam.getBusinessService()
+ && identificationType != null
+ && Constants.URN_PREFIX_BASEID
+ .equals(identificationType)) {
+ // now we calculate the wbPK and do so if we got it from the
+ // BKU
+ identificationType = Constants.URN_PREFIX_WBPK + "+"
+ + session.getDomainIdentifier();
+ identificationValue = new BPKBuilder().buildWBPK(
+ identificationValue, session.getDomainIdentifier());
+ ParepUtils
+ .HideStammZahlen(prPerson, true, null, null, true);
+ }
+
+ tempIdentityLink.setDateOfBirth(dateOfBirth);
+ tempIdentityLink.setFamilyName(familyName);
+ tempIdentityLink.setGivenName(givenName);
+ tempIdentityLink.setIdentificationType(identificationType);
+ tempIdentityLink.setIdentificationValue(identificationValue);
+ tempIdentityLink.setPrPerson(prPerson);
+ try {
+ tempIdentityLink.setSamlAssertion(session.getIdentityLink()
+ .getSamlAssertion());
+ } catch (Exception e) {
+ throw new ValidateException("validator.64", null);
+ }
+
+ }
+
+ }
+
+ Element mandatePerson = tempIdentityLink.getPrPerson();
+
+ String mandateData = null;
+ try {
+
+ boolean provideStammzahl = oaParam.getSAML1Parameter().isProvideStammzahl();
+
+ String oatargetType;
+
+ if(oaParam.getBusinessService()) {
+ oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier();
+
+ } else {
+ oatargetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
+ }
+
+ Element prIdentification = (Element) mandatePerson
+ .getElementsByTagNameNS(Constants.PD_NS_URI,
+ "Identification").item(0);
+
+ if (!oatargetType.equals(tempIdentityLink.getIdentificationType())) {
+
+ String isPrPerson = mandatePerson.getAttribute("xsi:type");
+
+ if (!StringUtils.isEmpty(isPrPerson)) {
+ if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) {
+ String baseid = getBaseId(mandatePerson);
+ Element identificationBpK = createIdentificationBPK(mandatePerson,
+ baseid, oaParam.getTarget());
+
+ if (!provideStammzahl) {
+ prIdentification.getFirstChild().setTextContent("");
+ }
+
+ mandatePerson.insertBefore(identificationBpK,
+ prIdentification);
+ }
+ }
+
+ } else {
+
+// Element identificationBpK = mandatePerson.getOwnerDocument()
+// .createElementNS(Constants.PD_NS_URI, "Identification");
+// Element valueBpK = mandatePerson.getOwnerDocument().createElementNS(
+// Constants.PD_NS_URI, "Value");
+//
+// valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode(
+// tempIdentityLink.getIdentificationValue()));
+// Element typeBpK = mandatePerson.getOwnerDocument().createElementNS(
+// Constants.PD_NS_URI, "Type");
+// typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode(
+// "urn:publicid:gv.at:cdid+bpk"));
+// identificationBpK.appendChild(valueBpK);
+// identificationBpK.appendChild(typeBpK);
+//
+// mandatePerson.insertBefore(identificationBpK, prIdentification);
+ }
+
+
+ mandateData = DOMUtils.serializeNode(mandatePerson);
+
+ } catch (TransformerException e1) {
+ throw new AuthenticationException("auth.16",
+ new Object[] { GET_MIS_SESSIONID });
+ } catch (IOException e1) {
+ throw new AuthenticationException("auth.16",
+ new Object[] { GET_MIS_SESSIONID });
+ }
+
+ return mandateData;
+ }
+
+
+
+
/**
* Stores authentication data indexed by the assertion handle contained in
* the given saml artifact.
@@ -220,7 +475,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
* @throws AuthenticationException
* when SAML artifact is invalid
*/
- private static void storeAuthenticationData(String samlArtifact,
+ private void storeAuthenticationData(String samlArtifact,
AuthenticationData authData) throws AuthenticationException {
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
index 850f2438a..e1bd38d68 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
@@ -63,9 +63,11 @@ public class DefaultConnectionBuilder implements ConnectionBuilder {
* @throws ConfigurationException on any config error
*/
public DefaultConnectionBuilder() throws ConfigurationException {
- cbDisableHostnameVerification = BoolUtils.valueOf(
- ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
- "ProxyComponent.DisableHostnameVerification"));
+ //INFO: removed from MOA-ID 2.0 config
+ cbDisableHostnameVerification = false;
+// cbDisableHostnameVerification = BoolUtils.valueOf(
+// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
+// "ProxyComponent.DisableHostnameVerification"));
//TODO MOA-ID BRZ undocumented feature
if (cbDisableHostnameVerification)
Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
index 49e3c09b8..1243960ac 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
@@ -86,9 +86,12 @@ public class ElakConnectionBuilder implements ConnectionBuilder {
* @throws ConfigurationException on any config error
*/
public ElakConnectionBuilder() throws ConfigurationException {
- cbDisableHostnameVerification = BoolUtils.valueOf(
- ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
- "ProxyComponent.DisableHostnameVerification"));
+
+ //INFO: removed from MOA-ID 2.0 config
+ cbDisableHostnameVerification = false;
+// cbDisableHostnameVerification = BoolUtils.valueOf(
+// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
+// "ProxyComponent.DisableHostnameVerification"));
//TODO MOA-ID BRZ undocumented feature
if (cbDisableHostnameVerification)
Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
index d4a3e4634..9bbef8aa9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
@@ -79,9 +79,12 @@ public class EnhancedConnectionBuilder implements ConnectionBuilder {
* @throws ConfigurationException on any config error
*/
public EnhancedConnectionBuilder() throws ConfigurationException {
- cbDisableHostnameVerification = BoolUtils.valueOf(
- ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
- "ProxyComponent.DisableHostnameVerification"));
+
+ //INFO: removed from MOA-ID 2.0 config
+ cbDisableHostnameVerification = false;
+// cbDisableHostnameVerification = BoolUtils.valueOf(
+// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
+// "ProxyComponent.DisableHostnameVerification"));
//TODO MOA-ID BRZ undocumented feature
if (cbDisableHostnameVerification)
Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
index 61f38412e..e075c99ef 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
@@ -33,7 +33,7 @@ import java.security.GeneralSecurityException;
import javax.net.ssl.SSLSocketFactory;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl;
@@ -91,8 +91,10 @@ public class MOAIDProxyInitializer {
ConnectionParameter connParamAuth = proxyConf.getAuthComponentConnectionParameter();
if (connParamAuth!=null) {
if (connParamAuth.isHTTPSURL()) {
- SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth);
- AxisSecureSocketFactory.initialize(ssf);
+
+ //TODO: einkommentieren!!!!
+ //SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth);
+ //AxisSecureSocketFactory.initialize(ssf);
}
} else {
throw new ConfigurationException("config.16", null);
@@ -104,8 +106,10 @@ public class MOAIDProxyInitializer {
for (int i = 0; i < oaParams.length; i++) {
OAProxyParameter oaParam = oaParams[i];
ConnectionParameter oaConnParam = oaParam.getConnectionParameter();
- if (oaConnParam.isHTTPSURL())
- SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
+ if (oaConnParam.isHTTPSURL());
+
+ //TODO: einkommentieren!!!!
+ //SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
}
// Initializes the ConnectionBuilderFactory from configuration data
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
index fa455b4ef..6cb7ffdfc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
@@ -41,7 +41,7 @@ import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.ServiceException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.data.SAMLStatus;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
index 6a497f174..ddaab7a28 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
@@ -55,7 +55,7 @@ import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.ServiceException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
@@ -265,7 +265,9 @@ public class ProxyServlet extends HttpServlet {
// setup SSLSocketFactory for communication with the online application
if (oaConnParam.isHTTPSURL()) {
try {
- ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
+
+ //TODO: einkommentieren!!!!
+ //ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
} catch (Throwable ex) {
throw new ProxyException(
"proxy.05",
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
index 9933142e3..b01a6a36e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
@@ -11,7 +11,7 @@ import org.hibernate.HibernateException;
import org.hibernate.Query;
import org.hibernate.Session;
-import at.gv.egovernment.moa.id.commons.db.MOASessionUtil;
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.logging.Logger;
@@ -52,7 +52,7 @@ public class AssertionStorage {
//store AssertionStore element to Database
try {
- MOASessionUtil.saveOrUpdate(element);
+ MOASessionDBUtils.saveOrUpdate(element);
Log.info("Assertion with Artifact=" + artifact + " is stored in Database");
} catch (MOADatabaseException e) {
@@ -85,7 +85,7 @@ public class AssertionStorage {
Date expioredate = new Date(now - authDataTimeOut);
List<AssertionStore> results;
- Session session = MOASessionUtil.getCurrentSession();
+ Session session = MOASessionDBUtils.getCurrentSession();
synchronized (session) {
session.beginTransaction();
@@ -98,7 +98,7 @@ public class AssertionStorage {
if (results.size() != 0) {
for(AssertionStore result : results) {
try {
- MOASessionUtil.delete(result);
+ MOASessionDBUtils.delete(result);
Logger.info("Remove Assertion with Artifact=" + result.getArtifact()
+ " after assertion timeout.");
@@ -115,7 +115,7 @@ public class AssertionStorage {
try {
AssertionStore element = searchInDatabase(artifact);
- MOASessionUtil.delete(element);
+ MOASessionDBUtils.delete(element);
} catch (MOADatabaseException e) {
Logger.info("Assertion not removed! (Assertion with Artifact=" + artifact
@@ -130,7 +130,7 @@ public class AssertionStorage {
private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException {
MiscUtil.assertNotNull(artifact, "artifact");
Logger.trace("Getting Assertion with Artifact " + artifact + " from database.");
- Session session = MOASessionUtil.getCurrentSession();
+ Session session = MOASessionDBUtils.getCurrentSession();
List result;
synchronized (session) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index faff2955b..90c938e7f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -18,7 +18,7 @@ import org.hibernate.Transaction;
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.commons.db.MOASessionUtil;
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
@@ -62,7 +62,7 @@ public class AuthenticationSessionStoreage {
//store AssertionStore element to Database
try {
- MOASessionUtil.saveOrUpdate(dbsession);
+ MOASessionDBUtils.saveOrUpdate(dbsession);
Log.info("MOASession with sessionID=" + id + " is stored in Database");
} catch (MOADatabaseException e) {
@@ -83,7 +83,7 @@ public class AuthenticationSessionStoreage {
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
dbsession.setUpdated(new Date());
- MOASessionUtil.saveOrUpdate(dbsession);
+ MOASessionDBUtils.saveOrUpdate(dbsession);
Log.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database");
} catch (MOADatabaseException e) {
@@ -96,7 +96,7 @@ public class AuthenticationSessionStoreage {
public static void destroySession(String moaSessionID) throws MOADatabaseException {
- Session session = MOASessionUtil.getCurrentSession();
+ Session session = MOASessionDBUtils.getCurrentSession();
List result;
@@ -168,7 +168,7 @@ public class AuthenticationSessionStoreage {
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
dbsession.setUpdated(new Date());
- MOASessionUtil.saveOrUpdate(dbsession);
+ MOASessionDBUtils.saveOrUpdate(dbsession);
return id;
@@ -203,7 +203,7 @@ public class AuthenticationSessionStoreage {
try {
- Session session = MOASessionUtil.getCurrentSession();
+ Session session = MOASessionDBUtils.getCurrentSession();
List result;
synchronized (session) {
@@ -284,11 +284,24 @@ public class AuthenticationSessionStoreage {
}
}
+ public static boolean isSSOSession(String sessionID) throws MOADatabaseException {
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+ return dbsession.isSSOSession();
+
+ } catch (MOADatabaseException e) {
+ Logger.info("No MOA Session with id: " + sessionID);
+ throw new MOADatabaseException("No MOA Session with id: " + sessionID);
+ }
+
+
+ }
+
public static boolean isValidSessionWithSSOID(String SSOId, String moaSessionId) {
MiscUtil.assertNotNull(SSOId, "moasessionID");
Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
- Session session = MOASessionUtil.getCurrentSession();
+ Session session = MOASessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
@@ -327,16 +340,18 @@ public class AuthenticationSessionStoreage {
}
- public static void clean(long now, long authDataTimeOut) {
- Date expioredate = new Date(now - authDataTimeOut);
+ public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) {
+ Date expioredatecreate = new Date(now - authDataTimeOutCreated);
+ Date expioredateupdate = new Date(now - authDataTimeOutUpdated);
List<AuthenticatedSessionStore> results;
- Session session = MOASessionUtil.getCurrentSession();
+ Session session = MOASessionDBUtils.getCurrentSession();
synchronized (session) {
session.beginTransaction();
Query query = session.getNamedQuery("getMOAISessionsWithTimeOut");
- query.setTimestamp("timeout", expioredate);
+ query.setTimestamp("timeoutcreate", expioredatecreate);
+ query.setTimestamp("timeoutupdate", expioredateupdate);
results = query.list();
session.getTransaction().commit();
}
@@ -344,7 +359,7 @@ public class AuthenticationSessionStoreage {
if (results.size() != 0) {
for(AuthenticatedSessionStore result : results) {
try {
- MOASessionUtil.delete(result);
+ MOASessionDBUtils.delete(result);
Logger.info("Authenticated session with sessionID=" + result.getSessionid()
+ " after session timeout.");
@@ -361,7 +376,7 @@ public class AuthenticationSessionStoreage {
private static AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException {
MiscUtil.assertNotNull(sessionID, "moasessionID");
Logger.trace("Get authenticated session with sessionID " + sessionID + " from database.");
- Session session = MOASessionUtil.getCurrentSession();
+ Session session = MOASessionDBUtils.getCurrentSession();
List result;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index 6c8365e67..be8e475f2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -46,6 +46,7 @@ import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
@@ -177,7 +178,7 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
* @param target HTTP parameter from request
* @return
*/
- public static boolean isValidBKUURI(String bkuURI) {
+ public static boolean isValidBKUURI(String bkuURI, List<String> allowedBKUs) {
Logger.debug("Ueberpruefe Parameter bkuURI");
// if non parameter is given return true
@@ -202,9 +203,7 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
}
else {
Logger.debug("Parameter bkuURI ist keine lokale BKU. Ueberpruefe Liste der vertrauenswuerdigen BKUs.");
- AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- List trustedBKUs = authConf.getTrustedBKUs();
- boolean b = trustedBKUs.contains(bkuURI);
+ boolean b = allowedBKUs.contains(bkuURI);
if (b) {
Logger.debug("Parameter bkuURI erfolgreich ueberprueft");
return true;
@@ -228,10 +227,7 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
} catch (MalformedURLException e) {
Logger.error("Fehler Ueberpruefung Parameter bkuURI", e);
return false;
- } catch (ConfigurationException e) {
- Logger.error("Fehler Ueberpruefung Parameter bkuURI", e);
- return false;
- }
+ }
}
@@ -270,7 +266,7 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
else {
//check against configured trustet template urls
AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- List trustedTemplateURLs = authConf.getTrustedTemplateURLs();
+ List<String> trustedTemplateURLs = authConf.getSLRequestTemplates();
boolean b = trustedTemplateURLs.contains(template);
if (b) {
Logger.debug("Parameter Template erfolgreich ueberprueft");
@@ -486,9 +482,9 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
try {
if (!ParamValidatorUtils.isValidOA(oaURL))
throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
- if (!ParamValidatorUtils.isValidBKUURI(bkuURL))
+ if (MiscUtil.isEmpty(bkuURL))
throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
- if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
+ if (MiscUtil.isEmpty(templateURL))
throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
if (!ParamValidatorUtils.isValidUseMandate(useMandate))
throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index 705b4e881..a6619fc11 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -154,9 +154,7 @@ public class SSLUtils {
PKIConfiguration cfg = null;
if (! PKIFactory.getInstance().isAlreadyConfigured())
cfg = new PKIConfigurationImpl(conf);
- String boolString = conf.getGenericConfigurationParameter(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING);
- //not using BoolUtils because default value hast to be true!
- boolean checkRevocation = !("false".equals(boolString) || "0".equals(boolString));
+ boolean checkRevocation = conf.isTrustmanagerrevoationchecking();
PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
// This call fixes a bug occuring when PKIConfiguration is
// initialized by the MOA-SP initialization code, in case
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
index 1f5f1ea20..979744edb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
@@ -23,9 +23,13 @@
package at.gv.egovernment.moa.id.util.client.mis.simple;
+
+import java.io.Serializable;
-public class MISMandate {
-
+public class MISMandate implements Serializable{
+
+ private static final long serialVersionUID = 1L;
+
final static private String OID_NOTAR = "1.2.40.0.10.3.1";
final static private String TEXT_NOTAR = "berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
index 7ee3b4e84..8970abc10 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -109,16 +109,7 @@ public class MISSimpleClient {
ArrayList foundMandates = new ArrayList();
for (int i=0; i<mandateElements.getLength(); i++) {
Element mandate = (Element) mandateElements.item(i);
-
-// try {
-// String s = DOMUtils.serializeNode(mandate);
-// System.out.println("\n\n Mandate: \n" + s);
-// } catch (IOException e) {
-// // TODO Auto-generated catch block
-// e.printStackTrace();
-// }
-
-
+
MISMandate misMandate = new MISMandate();
if (mandate.hasAttribute("ProfessionalRepresentative")) {
// System.out.println("OID: " + mandate.getAttribute("ProfessionalRepresentative"));