aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2019-12-13 10:13:05 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2019-12-13 10:13:05 +0100
commit6fc2e600055d4737ce94d8a012eb3764bd7e93c8 (patch)
tree56aebaaac2c87458ebfd798a2c66f95718e1dd4e /id/server/idserverlib/src/main
parentde2e45024694c7eb5e033bc6b1bcb90f5f499b07 (diff)
parentbea0d19650b5fbbb48fcda0f39ef3a93d6cf6f1f (diff)
downloadmoa-id-spss-6fc2e600055d4737ce94d8a012eb3764bd7e93c8.tar.gz
moa-id-spss-6fc2e600055d4737ce94d8a012eb3764bd7e93c8.tar.bz2
moa-id-spss-6fc2e600055d4737ce94d8a012eb3764bd7e93c8.zip
Merge branch 'current_development' into development_preview
# Conflicts: # id/history.txt # id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java # pom.xml
Diffstat (limited to 'id/server/idserverlib/src/main')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java78
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java49
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java33
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java68
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java4
-rw-r--r--id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule1
-rw-r--r--id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml27
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties4
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties3
30 files changed, 203 insertions, 206 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
index d654eb359..f6d116198 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
@@ -97,6 +97,12 @@ public interface MOAIDEventConstants extends EventConstants {
public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED = 6202;
public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR = 6203;
public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID = 6204;
+
+ public static final int AUTHPROCESS_EID_SERVICE_SELECTED = 6300;
+ public static final int AUTHPROCESS_EID_SERVICE_REQUESTED = 6301;
+ public static final int AUTHPROCESS_EID_SERVICE_RECEIVED = 6302;
+ public static final int AUTHPROCESS_EID_SERVICE_RECEIVED_ERROR = 6303;
+ public static final int AUTHPROCESS_EID_SERVICE_ATTRIBUTES_VALID = 6304;
//person information
public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK = 5000;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index a35b45af2..b0f452861 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -158,7 +158,7 @@ public class MOAIDAuthInitializer {
fixJava8_141ProblemWithSSLAlgorithms();
- if (!authConf.getBasicMOAIDConfigurationBoolean(ConfigurationProviderImpl.VALIDATION_AUTHBLOCK_TARGETFRIENDLYNAME, true))
+ if (!authConf.getBasicConfigurationBoolean(ConfigurationProviderImpl.VALIDATION_AUTHBLOCK_TARGETFRIENDLYNAME, true))
Logger.info("AuthBlock 'TargetFriendlyName' validation deactivated");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index acf59cebf..d26f7b396 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -53,6 +53,7 @@ import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.EAAFParserException;
import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
import at.gv.egiz.eaaf.core.exceptions.XPathException;
@@ -60,6 +61,7 @@ import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator;
import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -84,7 +86,6 @@ import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
@@ -116,7 +117,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
@PostConstruct
private void initialize() {
- Map<String, String> pubKeyMap = authConfig.getBasicMOAIDConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS);
+ Map<String, String> pubKeyMap = authConfig.getBasicConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS);
for (Entry<String, String> el : pubKeyMap.entrySet()) {
try {
encKeyMap.put(el.getKey(), new X509Certificate(Base64Utils.decode(el.getValue(), false)));
@@ -134,7 +135,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
}
@Override
- public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
+ protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EAAFException {
try {
return buildAuthenticationData(pendingReq,
pendingReq.getSessionData(AuthenticationSessionWrapper.class),
@@ -145,7 +146,6 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
throw new EAAFAuthenticationException("builder.11", new Object[]{e.getMessage()}, e);
}
-
}
private IAuthData buildAuthenticationData(IRequest pendingReq,
@@ -216,7 +216,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException, EAAFBuilderException {
try {
//generate basic authentication data
- generateBasicAuthData(authData, protocolRequest, session);
+ generateDeprecatedBasicAuthData(authData, protocolRequest, session);
//set Austrian eID demo-mode flag
authData.setIseIDNewDemoMode(Boolean.parseBoolean(
@@ -428,6 +428,24 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
authData.setMISMandate(misMandate);
authData.setUseMandate(true);
+ //####################################################
+ // set bPK and IdentityLink for Organwalter -->
+ // Organwalter has a special bPK is received from MIS
+ if (authData.isUseMandate() && session.isOW() && misMandate != null
+ && MiscUtil.isNotEmpty(misMandate.getOWbPK())) {
+ //TODO: if full-mandate is removed in OPB --> OWbPK functionality needs an update!!!
+ authData.setBPK(misMandate.getOWbPK());
+ authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
+ Logger.trace("Authenticated User is OW: " + misMandate.getOWbPK());
+
+ //set bPK and IdenityLink for all other
+ Logger.debug("User is an OW. Set original IDL into authdata ... ");
+ authData.setIdentityLink(session.getIdentityLink());
+
+
+
+ }
+
} catch (IOException e) {
Logger.error("Base64 decoding of PVP-Attr:"+ PVPConstants.MANDATE_FULL_MANDATE_FRIENDLY_NAME
+ " FAILED.", e);
@@ -471,24 +489,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
}
}
- //####################################################
- // set bPK and IdentityLink for Organwalter -->
- // Organwalter has a special bPK is received from MIS
- if (authData.isUseMandate() && session.isOW() && misMandate != null
- && MiscUtil.isNotEmpty(misMandate.getOWbPK())) {
- //TODO: if full-mandate is removed in OPB --> OWbPK functionality needs an update!!!
- authData.setBPK(misMandate.getOWbPK());
- authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
- Logger.trace("Authenticated User is OW: " + misMandate.getOWbPK());
-
- //set bPK and IdenityLink for all other
- Logger.debug("User is an OW. Set original IDL into authdata ... ");
- authData.setIdentityLink(session.getIdentityLink());
-
-
-
- }
-
+
//###################################################################
//set PVP role attribute (implemented for ISA 1.18 action)
includedToGenericAuthData.remove(PVPConstants.ROLES_NAME);
@@ -926,4 +927,35 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
}
}
}
+ @Override
+ protected boolean matchsReceivedbPKToOnlineApplication(ISPConfiguration oaParam, String bPKType) {
+ boolean bPKTypeMatch = oaParam.getAreaSpecificTargetIdentifier().equals(bPKType);
+ if (!bPKTypeMatch) {
+ Logger.trace("bPKType does not match to Online-Application. Checking if it is Prof.Rep. bPK ... ");
+ if (EAAFConstants.URN_PREFIX_OW_BPK.equals(bPKType)) {
+ Logger.debug("Find Prof.Rep. bPKType. This matchs on every SP-Target");
+ bPKTypeMatch = true;
+
+ } else
+ Logger.trace("bPKType is not of type: " + EAAFConstants.URN_PREFIX_OW_BPK + " Matching failed.");
+
+ }
+
+ return bPKTypeMatch;
+
+ }
+
+ @Override
+ protected IAuthData getAuthDataInstance(IRequest pendingReq) throws EAAFException {
+ throw new RuntimeException("This method is NOT supported by MOA-ID");
+
+ }
+
+ @Override
+ protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq)
+ throws EAAFException {
+ throw new RuntimeException("This method is NOT supported by MOA-ID");
+
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index cadaec2a0..8b587c550 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -674,5 +674,17 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi
result.put(GENERIC_PREFIX + el.getKey(), el.getValue());
return Collections.unmodifiableMap(result);
+ }
+
+ @Override
+ public boolean isEIDProcess() {
+ return false;
+
+ }
+
+ @Override
+ public void setEIDProcess(boolean value) {
+ Logger.warn("set E-ID process will be ignored!!!");
+
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
index c054976ec..636871a09 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
@@ -261,7 +261,6 @@ public Date getSigningDateTime() {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSigningDateTime(java.util.Date)
*/
-@Override
public void setSigningDateTime(Date signingDateTime) {
this.signingDateTime = signingDateTime;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
index 48d652671..6426e0e0c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
@@ -22,9 +22,14 @@
*/
package at.gv.egovernment.moa.id.auth.modules;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider;
/**
* @author tlenz
@@ -32,6 +37,8 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
*/
public class BKUSelectionModuleImpl implements AuthModule {
+ @Autowired(required=false) private IConfiguration configuration;
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
*/
@@ -44,13 +51,14 @@ public class BKUSelectionModuleImpl implements AuthModule {
* @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
*/
@Override
- public String selectProcess(ExecutionContext context) {
+ public String selectProcess(ExecutionContext context, IRequest pendingReq) {
boolean performBKUSelection = false;
Object performBKUSelectionObj = context.get(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION);
if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean)
performBKUSelection = (boolean) performBKUSelectionObj;
- if (performBKUSelection)
+ if (performBKUSelection && configuration != null
+ && configuration.getBasicConfigurationBoolean(PropertyBasedAuthConfigurationProvider.PROP_MOAID_MODE, false))
return "BKUSelectionProcess";
else
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java
index b624e13ef..e8ce0f9c1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java
@@ -22,6 +22,7 @@
*/
package at.gv.egovernment.moa.id.auth.modules;
+import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
@@ -46,7 +47,7 @@ public class SingleSignOnConsentsModuleImpl implements AuthModule {
* @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
*/
@Override
- public String selectProcess(ExecutionContext context) {
+ public String selectProcess(ExecutionContext context, IRequest pendingReq) {
Object evaluationObj = context.get(PARAM_SSO_CONSENTS_EVALUATION);
if (evaluationObj != null && evaluationObj instanceof Boolean) {
boolean evaluateSSOConsents = (boolean) evaluationObj;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
index 375b144d7..2c099abf6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
@@ -98,6 +98,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
pendingReq.setRawDataToTransaction(ssoMOSSession.getKeyValueRepresentationFromAuthSession());;
//authenticate pending-request
+ pendingReq.setNeedUserConsent(false);
pendingReq.setAuthenticated(true);
pendingReq.setAbortedByUser(false);
@@ -112,7 +113,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
requestStoreage.storePendingRequest(pendingReq);
//redirect to auth. protocol finalization
- performRedirectToProtocolFinialization(pendingReq, response);
+ performRedirectToProtocolFinialization(executionContext, pendingReq, request, response);
} catch (MOAIDException e) {
throw new TaskExecutionException(pendingReq, e.getMessage(), e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
index 98e632bd8..cc070f8fd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
@@ -73,7 +73,7 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask {
SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_BKUSELECTION,
GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION);
- guiBuilder.build(response, config, "BKU-Selection form");
+ guiBuilder.build(request, response, config, "BKU-Selection form");
} catch (GUIBuildException e) {
Logger.warn("Can not build GUI:'BKU-Selection'. Msg:" + e.getMessage());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
index 3c364e924..64c3721df 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
@@ -71,7 +71,7 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas
SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_SENDASSERTION,
GeneralProcessEngineSignalController.ENDPOINT_SENDASSERTION_EVALUATION);
- guiBuilder.build(response, config, "SendAssertion-Evaluation");
+ guiBuilder.build(request, response, config, "SendAssertion-Evaluation");
//Log consents evaluator event to revisionslog
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
index c66353846..32660a3db 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
@@ -176,7 +176,7 @@ public class VerifyXMLSignatureResponseParser {
public IVerifiyXMLSignatureResponse parseData() throws ParseException {
- IVerifiyXMLSignatureResponse respData=new VerifyXMLSignatureResponse();
+ VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse();
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
index 18aa93cc9..6803264dd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
@@ -59,7 +59,7 @@ public class GUILayoutBuilderServlet extends AbstractController {
@Autowired AuthConfiguration authConfig;
@Autowired IRequestStorage requestStoreage;
- @Autowired IGUIFormBuilder formBuilder;
+ @Autowired IGUIFormBuilder formBuilder;
public GUILayoutBuilderServlet() {
super();
@@ -93,7 +93,7 @@ public class GUILayoutBuilderServlet extends AbstractController {
}
//build GUI component
- formBuilder.build(resp, config, MOAIDConstants.DEFAULT_CONTENT_TYPE_HTML_UTF8, "BKUDetection-Frame");
+ formBuilder.build(req, resp, config, MOAIDConstants.DEFAULT_CONTENT_TYPE_HTML_UTF8, "BKUDetection-Frame");
} catch (Exception e) {
@@ -124,7 +124,7 @@ public class GUILayoutBuilderServlet extends AbstractController {
null);
//build GUI component
- formBuilder.build(resp, config, "text/css; charset=UTF-8", "CSS-Form");
+ formBuilder.build(req, resp, config, "text/css; charset=UTF-8", "CSS-Form");
} catch (Exception e) {
Logger.warn("GUI ressource:'CSS' generation FAILED.", e);
@@ -153,7 +153,7 @@ public class GUILayoutBuilderServlet extends AbstractController {
GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION);
//build GUI component
- formBuilder.build(resp, config, "text/javascript; charset=UTF-8", "JavaScript");
+ formBuilder.build(req, resp, config, "text/javascript; charset=UTF-8", "JavaScript");
} catch (Exception e) {
Logger.warn("GUI ressource:'JavaScript' generation FAILED.", e);
@@ -168,7 +168,7 @@ public class GUILayoutBuilderServlet extends AbstractController {
req.getParameter(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID));
if (MiscUtil.isNotEmpty(pendingReqID)) {
- IRequest pendingReq = requestStorage.getPendingRequest(pendingReqID);
+ IRequest pendingReq = requestStoreage.getPendingRequest(pendingReqID);
if (pendingReq != null) {
Logger.trace("GUI-Layout builder: Pending-request:"
+ pendingReqID + " found -> Build specific template");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java
index 87325989a..09b18d9c6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java
@@ -31,6 +31,7 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
/**
@@ -50,7 +51,7 @@ public class GeneralProcessEngineSignalController extends AbstractProcessEngineS
"/signalProcess"
},
method = {RequestMethod.POST, RequestMethod.GET})
- public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {
signalProcessManagement(req, resp);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index c39d78d8b..496501760 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -37,10 +37,13 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager;
+import at.gv.egiz.eaaf.core.api.idp.auth.services.IProtocolAuthenticationService;
import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
+import at.gv.egiz.eaaf.core.exceptions.SLOException;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
import at.gv.egiz.eaaf.core.impl.utils.Random;
@@ -70,13 +73,14 @@ public class IDPSingleLogOutServlet extends AbstractController {
@Autowired SSOManager ssoManager;
@Autowired IAuthenticationManager authManager;
- @Autowired IAuthenticationSessionStoreage authenicationStorage;
- @Autowired SingleLogOutBuilder sloBuilder;
-
+ @Autowired IAuthenticationSessionStoreage authenicationStorage;
+ @Autowired IProtocolAuthenticationService protAuthService;
+ @Autowired(required=true) private IGUIFormBuilder guiBuilder;
+ @Autowired(required=false) SingleLogOutBuilder sloBuilder;
@RequestMapping(value = "/idpSingleLogout", method = {RequestMethod.GET})
public void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException, EAAFException {
Logger.debug("Receive IDP-initiated SingleLogOut");
String authURL = HTTPUtils.extractAuthURLFromRequest(req);
@@ -117,21 +121,21 @@ public class IDPSingleLogOutServlet extends AbstractController {
null);
if (MOAIDAuthConstants.SLOSTATUS_SUCCESS.equals(status))
- config.putCustomParameter("successMsg",
+ config.putCustomParameter(null, "successMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.00", null));
else
- config.putCustomParameterWithOutEscaption("errorMsg",
+ config.putCustomParameterWithOutEscaption(null, "errorMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
- guiBuilder.build(resp, config, "Single-LogOut GUI");
+ guiBuilder.build(req, resp, config, "Single-LogOut GUI");
} catch (GUIBuildException e) {
- handleErrorNoRedirect(e, req, resp, false);
+ protAuthService.handleErrorNoRedirect(e, req, resp, false);
} catch (MOADatabaseException e) {
- handleErrorNoRedirect(e, req, resp, false);
+ protAuthService.handleErrorNoRedirect(e, req, resp, false);
} catch (EAAFException e) {
- handleErrorNoRedirect(e, req, resp, false);
+ protAuthService.handleErrorNoRedirect(e, req, resp, false);
}
@@ -146,15 +150,22 @@ public class IDPSingleLogOutServlet extends AbstractController {
if(MiscUtil.isNotEmpty(internalSSOId)) {
ISLOInformationContainer sloInfoContainer = authManager.performSingleLogOut(req, resp, null, internalSSOId);
- Logger.debug("Starting technical SLO process ... ");
- sloBuilder.toTechnicalLogout(sloInfoContainer, req, resp, authURL);
+ if (sloBuilder != null) {
+ Logger.debug("Starting technical SLO process ... ");
+ sloBuilder.toTechnicalLogout(sloInfoContainer, req, resp, authURL);
+
+ } else {
+ Logger.warn("Can NOT perfom Single LogOut process! NO SLOBuilder in ClassPath");
+ throw new SLOException("init.05", new Object[] {"Missing depentency or modul not active"});
+
+ }
return;
}
}
} catch (Exception e) {
- handleErrorNoRedirect(e, req, resp, false);
+ protAuthService.handleErrorNoRedirect(e, req, resp, false);
}
@@ -166,7 +177,7 @@ public class IDPSingleLogOutServlet extends AbstractController {
SLOInformationContainer sloContainer = transactionStorage.get(restartProcess, SLOInformationContainer.class);
if (sloContainer == null) {
Logger.info("No Single LogOut processing information with ID: " + restartProcess);
- handleErrorNoRedirect(new MOAIDException("slo.03", null), req, resp, false);
+ protAuthService.handleErrorNoRedirect(new MOAIDException("slo.03", null), req, resp, false);
return;
}
@@ -176,7 +187,7 @@ public class IDPSingleLogOutServlet extends AbstractController {
String redirectURL = null;
IRequest sloReq = sloContainer.getSloRequest();
- if (sloReq != null && sloReq instanceof PVPSProfilePendingRequest) {
+ if (sloBuilder != null && sloReq != null && sloReq instanceof PVPSProfilePendingRequest) {
//send SLO response to SLO request issuer
SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPSProfilePendingRequest)sloContainer.getSloRequest());
LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPSProfilePendingRequest)sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
@@ -233,10 +244,10 @@ public class IDPSingleLogOutServlet extends AbstractController {
DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT,
null);
- config.putCustomParameterWithOutEscaption("errorMsg",
+ config.putCustomParameterWithOutEscaption(null, "errorMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
- guiBuilder.build(resp, config, "Single-LogOut GUI");
+ guiBuilder.build(req, resp, config, "Single-LogOut GUI");
} catch (GUIBuildException e) {
e.printStackTrace();
@@ -251,10 +262,10 @@ public class IDPSingleLogOutServlet extends AbstractController {
DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT,
null);
- config.putCustomParameter("successMsg",
+ config.putCustomParameter(null, "successMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.02", null));
- guiBuilder.build(resp, config, "Single-LogOut GUI");
+ guiBuilder.build(req, resp, config, "Single-LogOut GUI");
} catch (GUIBuildException e) {
e.printStackTrace();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index 478462adb..abb19c6cf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -122,9 +122,9 @@ public class RedirectServlet {
authURL,
DefaultGUIFormBuilderConfiguration.VIEW_REDIRECT,
null);
- config.putCustomParameterWithOutEscaption(URL, StringEscapeUtils.escapeHtml(url));
- config.putCustomParameter(TARGET, redirectTarget);
- guiBuilder.build(resp, config, "RedirectForm.html");
+ config.putCustomParameterWithOutEscaption(null, URL, StringEscapeUtils.escapeHtml(url));
+ config.putCustomParameter(null, TARGET, redirectTarget);
+ guiBuilder.build(req, resp, config, "RedirectForm.html");
} else if (MiscUtil.isNotEmpty(interIDP)) {
//store IDP identifier and redirect to generate AuthRequst service
@@ -153,10 +153,10 @@ public class RedirectServlet {
authURL,
DefaultGUIFormBuilderConfiguration.VIEW_REDIRECT,
null);
- config.putCustomParameterWithOutEscaption(URL, StringEscapeUtils.escapeHtml(url));
- config.putCustomParameter(TARGET, redirectTarget);
+ config.putCustomParameterWithOutEscaption(null, URL, StringEscapeUtils.escapeHtml(url));
+ config.putCustomParameter(null, TARGET, redirectTarget);
- guiBuilder.build(resp, config, "RedirectForm.html");
+ guiBuilder.build(req, resp, config, "RedirectForm.html");
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index fff019ae7..eae7aae9d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -51,6 +51,8 @@ import iaik.pki.revocation.RevocationSourceTypes;
public class PropertyBasedAuthConfigurationProvider extends ConfigurationProviderImpl implements AuthConfiguration {
+ public static final String PROP_MOAID_MODE = "general.moaidmode.active";
+
private static final boolean TRUST_MANAGER_REVOCATION_CHECKING_DEFAULT = true;
private MOAIDConfiguration configuration;
@@ -231,7 +233,9 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
allowedProtcols.setSAML1Active(
configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_ENABLED, false));
allowedProtcols.setPVP21Active(
- configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_ENABLED, true));
+ configuration.getBooleanValue(
+ MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_ENABLED, true)
+ && getBasicConfigurationBoolean(PROP_MOAID_MODE, false));
return allowedProtcols;
@@ -1307,5 +1311,4 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
}
}
}
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
index af4cf6fa7..7a298220b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
@@ -4,11 +4,11 @@ import java.util.List;
import org.w3c.dom.Element;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IEidAuthData;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
-public interface IMOAAuthData extends IAuthData{
+public interface IMOAAuthData extends IEidAuthData{
@Deprecated
/**
@@ -34,7 +34,6 @@ public interface IMOAAuthData extends IAuthData{
*/
List<Pair<String, String>> getEncMandateNaturalPersonbPKList();
- byte[] getSignerCertificate();
String getAuthBlock();
boolean isPublicAuthority();
String getPublicAuthorityCode();
@@ -42,7 +41,6 @@ public interface IMOAAuthData extends IAuthData{
String getBkuURL();
String getInterfederatedIDP();
boolean isInterfederatedSSOSession();
- boolean isUseMandate();
IMISMandate getMISMandate();
Element getMandate();
String getMandateReferenceValue();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
index 897a06e62..f79e80cd2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -30,7 +30,7 @@ import org.w3c.dom.Element;
import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
@@ -45,14 +45,13 @@ import at.gv.egovernment.moa.util.MiscUtil;
* @author tlenz
*
*/
-public class MOAAuthenticationData extends AuthenticationData implements IMOAAuthData, Serializable {
+public class MOAAuthenticationData extends EidAuthenticationData implements IMOAAuthData, Serializable {
private static final long serialVersionUID = 1L;
private boolean qualifiedCertificate;
private boolean publicAuthority;
private String publicAuthorityCode;
private String bkuURL;
- private byte[] signerCertificate = null;
private String authBlock = null;
private String QAALevel = null;
@@ -63,7 +62,6 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
private List<AuthenticationRole> roles = null;
private String pvpAttribute_OU = null;
- private boolean useMandate = false;
private IMISMandate mandate = null;
private String mandateReferenceValue = null;
@@ -116,21 +114,6 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
return this.encbPKList;
}
-
- @Override
- public byte[] getSignerCertificate() {
- return signerCertificate;
- }
-
-
- /**
- * @param signerCertificate the signerCertificate to set
- */
- public void setSignerCertificate(byte[] signerCertificate) {
- this.signerCertificate = signerCertificate;
- }
-
-
@Override
public String getAuthBlock() {
return authBlock;
@@ -176,18 +159,6 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
this.mandate = mandate;
}
-
- @Override
- public boolean isUseMandate() {
- return useMandate;
- }
-
-
- public void setUseMandate(boolean useMandate) {
- this.useMandate = useMandate;
- }
-
-
@Override
public boolean isPublicAuthority() {
return publicAuthority;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 77abe07af..9beeb6cc2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -67,7 +67,7 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
- @Autowired private SingleLogOutBuilder sloBuilder;;
+ @Autowired(required=false) private SingleLogOutBuilder sloBuilder;;
@Override
@@ -118,8 +118,18 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
sloContainer.setSessionID(uniqueSessionIdentifier);
sloContainer.setSloRequest(pvpReq);
- sloBuilder.parseActiveIDPs(sloContainer, dbIDPs, pvpSLOIssuer);
- sloBuilder.parseActiveOAs(sloContainer, dbOAs, pvpSLOIssuer);
+ if (sloBuilder != null) {
+ Logger.trace("Parse active SPs into SLOContainer ... ");
+ sloBuilder.parseActiveIDPs(sloContainer, dbIDPs, pvpSLOIssuer);
+ sloBuilder.parseActiveOAs(sloContainer, dbOAs, pvpSLOIssuer);
+
+ } else {
+ Logger.warn("NO SLOBuilder in ClassPath / Single LogOut NOT possible! Mark SLO as FAILED");
+ sloContainer.putFailedOA(pvpReq.getAuthURL());
+
+ Logger.info("Only the IDP session will be closed soon ...");
+
+ }
Logger.debug("Active SSO Service-Provider: "
+ " BackChannel:" + sloContainer.getActiveBackChannelOAs().size()
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java
deleted file mode 100644
index 5daa71b1f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-
-/**
- * @author tlenz
- *
- */
-public class SimpleStringAttributeGenerator implements IAttributeGenerator<String> {
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String)
- */
- @Override
- public String buildStringAttribute(String friendlyName, String name, String value) {
- return value;
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int)
- */
- @Override
- public String buildIntegerAttribute(String friendlyName, String name, int value) {
- return String.valueOf(value);
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildLongAttribute(java.lang.String, java.lang.String, long)
- */
- @Override
- public String buildLongAttribute(String friendlyName, String name, long value) {
- return String.valueOf(value);
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildEmptyAttribute(java.lang.String, java.lang.String)
- */
- @Override
- public String buildEmptyAttribute(String friendlyName, String name) {
- return null;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index 8229fb405..19b79d165 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -223,11 +223,11 @@ public class SingleLogOutBuilder {
DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT,
null);
- config.putCustomParameterWithOutEscaption("redirectURLs", sloReqList);
- config.putCustomParameterWithOutEscaption("timeoutURL", timeOutURL);
- config.putCustomParameter("timeout", String.valueOf(SLOTIMEOUT));
+ config.putCustomParameterWithOutEscaption(null, "redirectURLs", sloReqList);
+ config.putCustomParameterWithOutEscaption(null, "timeoutURL", timeOutURL);
+ config.putCustomParameter(null, "timeout", String.valueOf(SLOTIMEOUT));
- guiBuilder.build(httpResp, config, "Single-LogOut GUI");
+ guiBuilder.build(httpReq, httpResp, config, "Single-LogOut GUI");
} else {
@@ -249,16 +249,16 @@ public class SingleLogOutBuilder {
if (sloContainer.getSloFailedOAs() == null ||
sloContainer.getSloFailedOAs().size() == 0) {
revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID);
- config.putCustomParameter("successMsg",
+ config.putCustomParameter(null, "successMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.00", null));
} else {
revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
- config.putCustomParameterWithOutEscaption("errorMsg",
+ config.putCustomParameterWithOutEscaption(null, "errorMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
}
- guiBuilder.build(httpResp, config, "Single-LogOut GUI");
+ guiBuilder.build(httpReq, httpResp, config, "Single-LogOut GUI");
}
@@ -285,11 +285,11 @@ public class SingleLogOutBuilder {
null);
revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
- config.putCustomParameterWithOutEscaption("errorMsg",
+ config.putCustomParameterWithOutEscaption(null, "errorMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
try {
- guiBuilder.build(httpResp, config, "Single-LogOut GUI");
+ guiBuilder.build(httpReq, httpResp, config, "Single-LogOut GUI");
} catch (GUIBuildException e1) {
Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 4fc37d88f..0be49a23e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -64,7 +64,7 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
@Override
protected String getMetadataURL(String entityId) throws EAAFConfigurationException {
- ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityId);
+ ISPConfiguration oaParam = moaAuthConfig.getServiceProviderConfiguration(entityId);
if (oaParam != null)
return oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
@@ -78,7 +78,7 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
@Override
protected MetadataProvider createNewMetadataProvider(String entityId) throws EAAFConfigurationException, IOException, CertificateException {
- ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityId);
+ ISPConfiguration oaParam = moaAuthConfig.getServiceProviderConfiguration(entityId);
if (oaParam != null) {
String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
@@ -117,7 +117,7 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
while (oaInterator.hasNext()) {
Entry<String, String> oaKeyPair = oaInterator.next();
- ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
+ ISPConfiguration oaParam = moaAuthConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
if (oaParam != null) {
String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
if (MiscUtil.isNotEmpty(metadataurl))
@@ -146,14 +146,14 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
PVPConstants.SSLSOCKETFACTORYNAME,
- moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+ moaAuthConfig.getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
moaAuthConfig.getTrustedCACertificates(),
null,
AuthConfiguration.DEFAULT_X509_CHAININGMODE,
moaAuthConfig.isTrustmanagerrevoationchecking(),
moaAuthConfig.getRevocationMethodOrder(),
- moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+ moaAuthConfig.getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
@@ -173,7 +173,7 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
filterChain.getFilters().add(new SchemaValidationFilter(moaAuthConfig.isPVPSchemaValidationActive()));
filterChain.getFilters().add(new MetadataSignatureFilter(metadataURL, certificate));
filterChain.getFilters().add(
- new PVPEntityCategoryFilter(authConfig.getBasicMOAIDConfigurationBoolean(
+ new PVPEntityCategoryFilter(authConfig.getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER,
false)));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
index 389d97b18..ad7328433 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
import java.util.Properties;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
@@ -32,7 +33,7 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.util.MiscUtil;
-//@Service("PVPIDPCredentialProvider")
+@Service("PVPIDPCredentialProvider")
public class IDPCredentialProvider extends AbstractCredentialProvider {
public static final String IDP_JAVAKEYSTORE = "idp.ks.file";
public static final String IDP_KS_PASS = "idp.ks.kspassword";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
index bd908f894..534f6797b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
@@ -76,14 +76,14 @@ public class MOASAMLSOAPClient {
SecureProtocolSocketFactory sslprotocolsocketfactory =
new MOAHttpProtocolSocketFactory(
PVPConstants.SSLSOCKETFACTORYNAME,
- AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean(
+ AuthConfigurationProviderFactory.getInstance().getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(),
null,
AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(),
AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(),
AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder(),
- AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean(
+ AuthConfigurationProviderFactory.getInstance().getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
clientBuilder.setHttpsProtocolSocketFactory(sslprotocolsocketfactory );
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
index 19f865325..5ed237948 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
@@ -13,7 +13,7 @@ import org.springframework.stereotype.Service;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
-import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor;
import at.gv.egiz.eaaf.modules.pvp2.exception.NameIDFormatNotSupportedException;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
@@ -26,9 +26,9 @@ import at.gv.egovernment.moa.logging.Logger;
*
*/
@Service("MOAAuthnRequestValidator")
-public class AuthnRequestValidator implements IAuthnRequestValidator {
+public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
- public void validate(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authnReq, SPSSODescriptor spSSODescriptor) throws AuthnRequestValidatorException{
+ public void process(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authnReq, SPSSODescriptor spSSODescriptor) throws AuthnRequestValidatorException{
//validate NameIDPolicy
NameIDPolicy nameIDPolicy = authnReq.getNameIDPolicy();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index 6bf44a527..e84bca330 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -94,7 +94,7 @@ public class SSLUtils {
ConfigurationProvider conf, String url )
throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
- boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean(
+ boolean useStandardJavaTrustStore = conf.getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE,
false);
@@ -154,7 +154,7 @@ public class SSLUtils {
ConnectionParameterInterface connParam)
throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
- boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean(
+ boolean useStandardJavaTrustStore = conf.getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE,
false);
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule
index 5116c2a08..65452db3c 100644
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule
@@ -1,2 +1 @@
-at.gv.egovernment.moa.id.auth.modules.BKUSelectionModuleImpl
at.gv.egovernment.moa.id.auth.modules.SingleSignOnConsentsModuleImpl \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
index 02c683305..598376261 100644
--- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
@@ -21,36 +21,41 @@
<context:component-scan base-package="at.gv.egovernment.moa.id.auth.servlet" />
<context:component-scan base-package="at.gv.egovernment.moa.id.protocols" />
-
+
+ <bean id="bkuSelectionProcess"
+ class="at.gv.egovernment.moa.id.auth.modules.BKUSelectionModuleImpl"/>
+
+ <bean id="eaafProtocolAuthenticationService"
+ class="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService">
+ <property name="guiBuilder" ref="guiFormBuilder" />
+ </bean>
+
<bean id="PVPIDPCredentialProvider"
class="at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider" />
<bean id="PVP2XProtocol"
class="at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol">
- <property name="pvpIDPCredentials">
- <ref bean="PVPIDPCredentialProvider" />
- </property>
+ <property name="pvpIDPCredentials" ref="PVPIDPCredentialProvider" />
</bean>
<bean id="pvpMetadataService"
class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.MetadataAction">
- <property name="pvpIDPCredentials">
- <ref bean="PVPIDPCredentialProvider" />
- </property>
+ <property name="pvpIDPCredentials" ref="PVPIDPCredentialProvider" />
</bean>
<bean id="PVPAuthenticationRequestAction"
class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AuthenticationAction">
- <property name="pvpIDPCredentials">
- <ref bean="PVPIDPCredentialProvider" />
- </property>
+ <property name="pvpIDPCredentials" ref="PVPIDPCredentialProvider" />
</bean>
-
+
<bean id="MOAAuthnRequestValidator"
class="at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator" />
<bean id="MOAID_AuthenticationManager"
class="at.gv.egovernment.moa.id.moduls.AuthenticationManager"/>
+
+ <bean id="simplePendingReqIdGenerationStrategy"
+ class="at.gv.egiz.eaaf.core.impl.utils.SimplePendingRequestIdGenerationStrategy"/>
<bean id="AuthenticationDataBuilder"
class="at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder"/>
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 3b636aaee..fa7bc659e 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -62,6 +62,8 @@ init.00=MOA-ID-Auth wurde erfolgreich gestartet
init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar
init.02=Fehler beim Starten des Service MOA-ID-Auth
init.04=Fehler beim Datenbankzugriff mit der SessionID {0}
+init.05=Allgemeiner interner Fehler! Ursache: '{0}'
+
internal.00=W\u00e4hrend des Anmeldevorgangs wurde ein nicht erlaubter Prozesszustand erreicht wodurch der Anmeldeprozess aus sicherheitsgr\u00FCnden abgebrochen wurde.
internal.01=W\u00e4hrend des Abmeldevorgangs wurde ein nicht erlaubter Prozesszustand erreicht wodurch der Abmeldeprozess abgebrochen wurde.
@@ -122,6 +124,8 @@ builder.08=Authentication process could NOT completed. Reason: {0}
builder.09=Can not build GUI component. Reason: {0}
builder.10=Can not create or update SSO session. SSO NOT POSSIBLE
builder.11=Fehler beim generieren der Anmeldedaten f\u00FCr die Online Applikation
+builder.12=Can not build attribute: {0}
+builder.13=No valid bPK received. Maybe there is a mismatch between ApplicationRegister and MOA-ID configuration
service.00=Fehler beim Aufruf des Web Service: {0}
service.01=Fehler beim Aufruf des Web Service: kein Endpoint
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index b878eadf3..5ecb242bd 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -93,6 +93,9 @@ builder.08=1008
builder.09=9103
builder.10=1009
builder.11=9102
+builder.12=1008
+builder.13=1008
+
service.00=4300
service.03=4300