Merge branch 'samlengine_update' into moa-2.1-Snapshot

9 files changed, 151 insertions, 15 deletions

diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule
new file mode 100644
index 000000000..865096055
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule
@@ -0,0 +1,2 @@
+# The default moaid process
+at.gv.egovernment.moa.id.auth.modules.internal.DefaultAuthModuleImpl
diff --git a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
new file mode 100644
index 000000000..3860ddef4
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<pd:ProcessDefinition id="DefaultAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">

+

+<!--

+	- National authentication with Austrian Citizen Card and mobile signature with our without mandate.

+	- Legacy authentication for foreign citizens using MOCCA supported signature cards.

+-->

+	<pd:Task id="createIdentityLinkForm"    class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.CreateIdentityLinkFormTask" />

+	<pd:Task id="verifyIdentityLink"        class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyIdentityLinkTask"        async="true" />

+	<pd:Task id="verifyAuthBlock"           class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyAuthenticationBlockTask" async="true" />

+	<pd:Task id="verifyCertificate"         class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyCertificateTask"         async="true" />

+	<pd:Task id="getMISSessionID"           class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetMISSessionIDTask"           async="true" />

+	<pd:Task id="certificateReadRequest"    class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.CertificateReadRequestTask" />

+	<pd:Task id="prepareAuthBlockSignature" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.PrepareAuthBlockSignatureTask" />

+	<pd:Task id="getForeignID"              class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetForeignIDTask"              async="true" />

+

+	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->

+	<pd:StartEvent id="start" />

+	

+	<pd:Transition from="start"                     to="createIdentityLinkForm" />

+	

+	<pd:Transition from="createIdentityLinkForm"    to="verifyIdentityLink" />

+	

+	<pd:Transition from="verifyIdentityLink"        to="certificateReadRequest" conditionExpression="!ctx['identityLinkAvailable'] || ctx['useMandate']" />

+	<pd:Transition from="verifyIdentityLink"        to="prepareAuthBlockSignature" />

+	

+	<pd:Transition from="prepareAuthBlockSignature" to="verifyAuthBlock" />

+	<!-- Note: verifyAuthBlock still creates a MIS session and redirects the user to the MIS gui. This should be separated from the auth block verification. -->

+	

+	<pd:Transition from="certificateReadRequest"    to="verifyCertificate" />

+	<!-- Note: verifyCertificate still creates the auth block to be signed which should be separated from certificat verification. -->

+	

+	<pd:Transition from="verifyCertificate"         to="verifyAuthBlock" conditionExpression="ctx['useMandate']" />

+	<pd:Transition from="verifyCertificate"         to="getForeignID" />

+	

+	<pd:Transition from="verifyAuthBlock"           to="getMISSessionID" conditionExpression="ctx['useMandate']" />

+	<pd:Transition from="verifyAuthBlock"           to="end" />

+	

+	<pd:Transition from="getMISSessionID"           to="end" />

+	<pd:Transition from="getForeignID"              to="end" />

+	

+	<pd:EndEvent id="end" />

+

+</pd:ProcessDefinition>

diff --git a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/process/ProcessDefinition.xsd b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/process/ProcessDefinition.xsd
new file mode 100644
index 000000000..d6ab7ae46
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/process/ProcessDefinition.xsd
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+	targetNamespace="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"
+	xmlns:tns="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"
+	elementFormDefault="qualified" version="1.0">
+
+	<xsd:element name="ProcessDefinition">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:choice minOccurs="0" maxOccurs="unbounded">
+					<xsd:element name="StartEvent" type="tns:StartEventType" />
+					<xsd:element name="Task" type="tns:TaskType" />
+					<xsd:element name="Transition" type="tns:TransitionType" />
+					<xsd:element name="EndEvent" type="tns:EndEventType" />
+				</xsd:choice>
+			</xsd:sequence>
+			<xsd:attribute name="id" type="xsd:ID" use="required" />
+		</xsd:complexType>
+	</xsd:element>
+
+	<xsd:complexType name="ProcessNodeType" abstract="true">
+		<xsd:attribute name="id" type="xsd:ID" use="required" />
+	</xsd:complexType>
+
+	<xsd:complexType name="StartEventType">
+		<xsd:complexContent>
+			<xsd:extension base="tns:ProcessNodeType" />
+		</xsd:complexContent>
+	</xsd:complexType>
+
+	<xsd:complexType name="TransitionType">
+		<xsd:attribute name="from" type="xsd:IDREF" use="required" />
+		<xsd:attribute name="to" type="xsd:IDREF" use="required" />
+		<xsd:attribute name="id" type="xsd:ID" />
+		<xsd:attribute name="conditionExpression" type="xsd:string" />
+	</xsd:complexType>
+
+	<xsd:complexType name="EndEventType">
+		<xsd:complexContent>
+			<xsd:extension base="tns:ProcessNodeType" />
+		</xsd:complexContent>
+	</xsd:complexType>
+
+	<xsd:complexType name="TaskType">
+		<xsd:complexContent>
+			<xsd:extension base="tns:ProcessNodeType">
+				<xsd:attribute name="async" type="xsd:boolean" default="false"/>
+				<xsd:attribute name="class" type="xsd:string" />
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+
+</xsd:schema>
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 8fda4566c..0d91fc2c0 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -229,6 +229,14 @@ stork.18=STORK-SAML Engine konnte nicht initialisiert werden.
 stork.19=Das erforderliche Attribut ist f\u00FCr naturliche Personen nicht vorhanden\: {0}

 stork.20=Fehler bei der Datenkonversion - eingegebens Datum fehlerhaft

 stork.21=Der angeforderte QAA-level {0} ist h\u00F6her als der QAA-level der Authentifizierung {1}

+stork.22=Der STORK Authentifizierung erfordert die Auswahl des Herkunftslandes der Betroffenen.

+stork.23=Die STORK Authentifizierung f\u00FCr "{0}" wird nicht unterst\u00FCtzt.

+stork.24=Die STORK Authentifizierungsantwort enth\uFFFDlt leere Angaben zum Geschlecht.

+stork.25=Die Attribute referenzieren verschiedene Personen.

+stork.26=Fehler bei der Extrahierung von Vollmachtendaten.

+stork.27=Fehler bei der Verarbeitung von STORKRequest.

+stork.28=Fehler bei der Umwandelung von QAA Daten.

+stork.29=Fehler bei der Generierung von STORK-Attribut (eIdentifier/eLPIdentifier)

 

 pvp2.00={0} ist kein gueltiger consumer service index

 pvp2.01=Fehler beim kodieren der PVP2 Antwort

@@ -266,4 +274,7 @@ oauth20.09=Zertifikat fuer JSON Web-Token ist falsch konfiguriert. Fehler bei "{
 

 slo.00=Sie konnten erfolgreich von allen Online-Applikation abgemeldet werden.

 slo.01=Sie konnten NICHT erfolgreich von allen Online-Applikationen abgemeldet werden\!<BR>Bitte schlie\u00DFen Sie aus sicherheitsgr\u00FCnden Ihren Browser.

-slo.02=Es wurde keine aktive SSO Session gefunden oder Sie sind bei keiner Online-Applikation angemeldet.
\ No newline at end of file
+slo.02=Es wurde keine aktive SSO Session gefunden oder Sie sind bei keiner Online-Applikation angemeldet.

+

+process.01=Fehler beim Ausf\u00FChren des Prozesses.

+process.02=Fehler beim Erstellen eines geeigneten Prozesses f\u00FCr die SessionID {0}.

diff --git a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
index 63745f826..ca12fada4 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
@@ -1,9 +1,31 @@
 ##PVP role mapping
 viewer=CIRCABC/viewer
 CIRCABC-viewer=CIRCABC/viewer
+CIRCABC-DIRECTOR=CIRCABC/DIRECTOR
+CIRCABC-SECRETARY=CIRCABC/SECRETARY
+CIRCABC-MEMBER=CIRCABC/MEMBER
 
-##PVP SecClass mapping
+ecas-demo-EUROPEAN_COMMISSION=ecas-demo/EUROPEAN_COMMISSION
+ecas-demo-EXTERNAL_INTRAMUROS=ecas-demo/EXTERNAL_INTRAMUROS
+ecas-demo-INTERNET=ecas-demo/INTERNET
+ecas-demo-LIVENEWS=ecas-demo/LIVENEWS
+
+DIGIT-EUROPEAN_COMMISSION=DIGIT/EUROPEAN_COMMISSION
+DIGIT-EXTERNAL_INTRAMUROS=DIGIT/EXTERNAL_INTRAMUROS
+DIGIT-INTERNET=DIGIT/INTERNET
+DIGIT-LIVENEWS=DIGIT/LIVENEWS
+
+
+
+
+##PVP SecClass to STORK-QAA mapping
 secclass/0=http://www.stork.gov.eu/1.0/citizenQAALevel/1
 secclass/0-1=http://www.stork.gov.eu/1.0/citizenQAALevel/2
-secclass/0-2=http://www.stork.gov.eu/1.0/citizenQAALevel/3
-secclass/0-3=http://www.stork.gov.eu/1.0/citizenQAALevel/4
\ No newline at end of file
+secclass/0-2=http://www.stork.gov.eu/1.0/citizenQAALevel/4
+secclass/0-3=http://www.stork.gov.eu/1.0/citizenQAALevel/4
+
+##STORK-QAA to PVP SecClass mapping
+citizenQAALevel/1=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0
+citizenQAALevel/2=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-1
+citizenQAALevel/3=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-2
+citizenQAALevel/4=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-2
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
index 7e2ddc491..e293d8456 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
@@ -837,7 +837,7 @@
 				src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
 			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
 				style="border: 0; width: 88px; height: 31px"
-				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+				src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
 				alt="CSS ist valide!" />
 			</a>
 		</div>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
index e75bef70c..033a574b9 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
@@ -545,7 +545,7 @@ button:hover,button:focus,button:active,.sendButton:hover,.sendButton:focus,.sen
 				src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
 			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
 				style="border: 0; width: 88px; height: 31px"
-				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+				src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
 				alt="CSS ist valide!" />
 			</a>
 		</div>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
index b241e85cf..8976b2bd6 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
@@ -436,7 +436,7 @@
 				src="$contextpath/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
 			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
 				style="border: 0; width: 88px; height: 31px"
-				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+				src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
 				alt="CSS ist valide!" />
 			</a>
 		</div>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html b/id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html
index e21a61665..0ab41f146 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html
@@ -80,6 +80,7 @@
 				  overflow:auto;	
           min-width: 190px;
           height: 260px;
+          padding: 20px;
 			  }
       
         h2#tabheader{
@@ -134,6 +135,7 @@
         
         #bkulogin {
         min-height: 150px;
+        padding: 20px;
         } 
       }
 
@@ -146,6 +148,7 @@
         
         #bkulogin {
           height: 180px;
+          padding: 20px;
         }  
       }
 
@@ -175,7 +178,7 @@
 					color : #000;
 			  	text-align: center;
           font-size: 100%;
-			  	background-color: #MAIN_BACKGOUNDCOLOR#;
+			  	background-color: ${MAIN_BACKGOUNDCOLOR};
 				}
         				
 			  #page {
@@ -230,6 +233,7 @@
        	#bkulogin {	
           min-width: 190px;
           height: 155px;	
+          padding: 20px;
 			 }
         
 			 .setAssertionButton_full {
@@ -249,7 +253,7 @@
 			* {
 				margin: 0;
 				padding: 0;
-        font-family: #FONTTYPE#;
+        font-family: ${FONTTYPE};
 			}
 							      			
 			#selectArea {
@@ -333,13 +337,13 @@
 			}
 			
 			.hell {
-				background-color : #MAIN_BACKGOUNDCOLOR#;
-        color: #MAIN_COLOR#;	
+				background-color : ${MAIN_BACKGOUNDCOLOR};
+        color: ${MAIN_COLOR};	
 			}
 			
 			.dunkel {
-				background-color: #HEADER_BACKGROUNDCOLOR#;
-        color: #HEADER_COLOR#;
+				background-color: ${HEADER_BACKGROUNDCOLOR};
+        color: ${HEADER_COLOR};
 			}
 			      
 			.main_header {
@@ -404,7 +408,7 @@
       
     }
 	</script>
-<title>#HEADER_TEXT#</title>
+<title>Informationsfreigabe</title>
 </head>
 <body onload="onChangeChecks();" onresize="onChangeChecks();">
 	<div id="page">
@@ -417,7 +421,7 @@
 							<h2 id="tabheader" class="dunkel" role="heading">STORK Informationsfreigabe</h2>
 						</div>
 						<div id="bkulogin" class="hell" role="form">
-							Alle angehakten Daten werden an das fragende Drittland &uuml;bermittelt.
+							W&auml;hlen Sie jene Daten, die, wenn verf&uuml;gbar, an ein Drittland weitergegeben werden sollen:</br>
 	  						<table>
 	  							${tablecontent}
 							</table>