aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2013-07-04 10:09:26 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2013-07-04 10:09:26 +0200
commitb73822979de23a3b7236411a7a737e2c93642a7d (patch)
tree472db6c41313c47019155356a58453e67b045b27 /id/server/idserverlib/src
parentbba86def6a69726671838ebdacb918d3ede5de16 (diff)
downloadmoa-id-spss-b73822979de23a3b7236411a7a737e2c93642a7d.tar.gz
moa-id-spss-b73822979de23a3b7236411a7a737e2c93642a7d.tar.bz2
moa-id-spss-b73822979de23a3b7236411a7a737e2c93642a7d.zip
BKU Auswahl in Kontext von MOA-ID für standardkonforme Variante
Diffstat (limited to 'id/server/idserverlib/src')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java188
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java46
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java239
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java178
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java173
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java23
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java183
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java34
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java46
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties77
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/loginForm.html304
22 files changed, 1236 insertions, 399 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 911920e83..9abbf2970 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -389,95 +389,31 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @see GetIdentityLinkFormBuilder
* @see InfoboxReadRequestBuilder
*/
- public String startAuthentication(String authURL, String target,
- String targetFriendlyName, String oaURL, String templateURL,
- String bkuURL, String useMandate, String sessionID, String scheme,
- String sourceID, String modul, String action) throws WrongParametersException,
+ public String startAuthentication(AuthenticationSession session, String scheme) throws WrongParametersException,
AuthenticationException, ConfigurationException, BuildException {
- String useMandateString = null;
- boolean useMandateBoolean = false;
- if ((useMandate != null) && (useMandate.compareTo("") != 0)) {
- useMandateString = useMandate;
- } else {
- useMandateString = "false";
- }
-
- if (useMandateString.compareToIgnoreCase("true") == 0)
- useMandateBoolean = true;
- else
- useMandateBoolean = false;
-
- if (isEmpty(sessionID)) {
- if (isEmpty(authURL))
- throw new WrongParametersException("StartAuthentication",
- "AuthURL", "auth.05");
-
- // check if HTTP Connection may be allowed (through
- // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
- String boolStr = AuthConfigurationProvider
- .getInstance()
- .getGenericConfigurationParameter(
- AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
- if ((!authURL.startsWith("https:"))
- && (false == BoolUtils.valueOf(boolStr)))
- throw new AuthenticationException("auth.07",
- new Object[] { authURL + "*" });
- if (isEmpty(oaURL))
- throw new WrongParametersException("StartAuthentication",
- PARAM_OA, "auth.05");
+ if (session == null) {
+ throw new AuthenticationException("auth.18", new Object[] { });
}
- AuthenticationSession session;
- OAAuthParameter oaParam;
- if (sessionID != null) {
- session = getSession(sessionID);
- oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
- } else {
- oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(oaURL);
- if (oaParam == null)
- throw new AuthenticationException("auth.00",
- new Object[] { oaURL });
- if (!oaParam.getBusinessService()) {
- if (isEmpty(target))
- throw new WrongParametersException("StartAuthentication",
- PARAM_TARGET, "auth.05");
- } else {
- if (useMandateBoolean) {
- Logger
- .error("Online-Mandate Mode for bussines application not supported.");
- throw new AuthenticationException("auth.17", null);
- }
- target = null;
- targetFriendlyName = null;
- }
- session = newSession();
- Logger.info("MOASession " + session.getSessionID() + " angelegt");
- session.setTarget(target);
- session.setTargetFriendlyName(targetFriendlyName);
- session.setOAURLRequested(oaURL);
- session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
- session.setAuthURL(authURL);
- session.setTemplateURL(templateURL);
- session.setBusinessService(oaParam.getBusinessService());
- session.setModul(modul);
- session.setAction(action);
- if (sourceID != null)
- session.setSourceID(sourceID);
- }
- // BKU URL has not been set yet, even if session already exists
- if (bkuURL == null) {
- if (scheme != null && scheme.equalsIgnoreCase("https")) {
- bkuURL = DEFAULT_BKU_HTTPS;
- } else {
- bkuURL = DEFAULT_BKU;
+
+ //load OnlineApplication configuration
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[] { session.getPublicOAURLPrefix() });
+
+ //load Template
+ String template = null;
+ if (session.getTemplateURL() != null) {
+ try {
+ template = new String(FileUtils.readURL(session.getTemplateURL()));
+ } catch (IOException ex) {
+ throw new AuthenticationException("auth.03", new Object[] {
+ session.getTemplateURL(), ex.toString() }, ex);
}
}
- session.setBkuURL(bkuURL);
- session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
- session.setUseMandate(useMandateString);
+
+ //build ReadInfobox request
String infoboxReadRequest = new InfoboxReadRequestBuilder().build(
oaParam.getSlVersion12(), oaParam.getBusinessService(), oaParam
.getIdentityLinkDomainIdentifier());
@@ -485,22 +421,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String dataURL = new DataURLBuilder().buildDataURL(
session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session
.getSessionID());
- String template = null;
- // override template url by url from configuration file
- if (oaParam.getTemplateURL() != null) {
- templateURL = oaParam.getTemplateURL();
- } else {
- templateURL = session.getTemplateURL();
- }
- if (templateURL != null) {
- try {
- template = new String(FileUtils.readURL(templateURL));
- } catch (IOException ex) {
- throw new AuthenticationException("auth.03", new Object[] {
- templateURL, ex.toString() }, ex);
- }
- }
-
+
String pushInfobox = "";
VerifyInfoboxParameters verifyInfoboxParameters = oaParam
.getVerifyInfoboxParameters();
@@ -509,21 +430,17 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setPushInfobox(pushInfobox);
}
- try {
- AuthenticationSessionStoreage.storeSession(session);
-
- } catch (MOADatabaseException e) {
- throw new AuthenticationException("", null);
- }
-
+ //build CertInfo request
String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder()
.build(oaParam.getSlVersion12());
String certInfoDataURL = new DataURLBuilder()
.buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION,
session.getSessionID());
+
String htmlForm = new GetIdentityLinkFormBuilder().build(template,
- bkuURL, infoboxReadRequest, dataURL, certInfoRequest,
+ session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest,
certInfoDataURL, pushInfobox);
+
return htmlForm;
}
@@ -2311,6 +2228,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throws AuthenticationException, BuildException, ParseException,
ConfigurationException, ServiceException, ValidateException {
+ //TODO: CHECK if STORK parts works correct!!!!
+
if (isEmpty(sessionID))
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID });
@@ -2784,46 +2703,21 @@ public class AuthenticationServer implements MOAIDAuthConstants {
public static void startSTORKAuthentication(
HttpServletRequest req,
HttpServletResponse resp,
- String ccc,
- String oaURL,
- String target,
- String targetFriendlyName,
- String authURL,
- String sourceID,
- String modul,
- String action) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException {
+ AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException {
- //read configuration paramters of OA
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { oaURL });
-
- if (!oaParam.getBusinessService()) {
- if (StringUtils.isEmpty(target))
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05");
- } else {
- target = null;
+ if (moasession == null) {
+ throw new AuthenticationException("auth.18", new Object[] { });
}
- //create MOA session
- AuthenticationSession moaSession = newSession();
- Logger.info("MOASession " + moaSession.getSessionID() + " angelegt");
- moaSession.setTarget(target);
- moaSession.setTargetFriendlyName(targetFriendlyName);
- moaSession.setOAURLRequested(oaURL);
- moaSession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
- moaSession.setAuthURL(authURL);
- moaSession.setBusinessService(oaParam.getBusinessService());
- moaSession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
- moaSession.setAction(action);
- moaSession.setModul(modul);
- if (sourceID != null)
- moaSession.setSourceID(sourceID);
+ //read configuration paramters of OA
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() });
//Start of STORK Processing
STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
- CPEPS cpeps = storkConfig.getCPEPS(ccc);
+ CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc());
Logger.debug("Preparing to assemble STORK AuthnRequest witht the following values:");
String destination = cpeps.getPepsURL().toExternalForm();
@@ -2838,7 +2732,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
QualityAuthenticationAssuranceLevel qaaLevel = null;//TODO UNCOMMENT AGAIN !! = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue());
- Logger.debug("QAALevel: " + qaaLevel.getValue());
+ //Logger.debug("QAALevel: " + qaaLevel.getValue());
RequestedAttributes requestedAttributes = null;
@@ -2850,7 +2744,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
//check if country specific attributes must be additionally requested
if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) {
//add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes
- Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + ccc);
+ Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + moasession.getCcc());
Logger.debug("The following attributes are requested for this specific country:");
List<RequestedAttribute> countrySpecificReqAttributeList = new ArrayList<RequestedAttribute>(cpeps.getCountrySpecificRequestedAttributes());
for (RequestedAttribute csReqAttr : countrySpecificReqAttributeList) {
@@ -2888,13 +2782,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
}
- String spSector = StringUtils.isEmpty(target) ? "Business" : target;
+ String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget();
String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName();
String spApplication = spInstitution;
String spCountry = "AT";
String textToBeSigned =
- CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moaSession);
+ CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession);
//generate AuthnRquest
STORKAuthnRequest storkAuthnRequest = STORKAuthnRequestProcessor.generateSTORKAuthnRequest(
@@ -2944,9 +2838,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
Logger.debug("STORK AuthnRequest successfully internally validated.");
//send
- moaSession.setStorkAuthnRequest(storkAuthnRequest);
+ moasession.setStorkAuthnRequest(storkAuthnRequest);
HttpSession httpSession = req.getSession();
- httpSession.setAttribute("MOA-Session-ID", moaSession.getSessionID());
+ httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID());
Logger.debug("Preparing to send STORK AuthnRequest.");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 01c875533..47bf61db4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -24,6 +24,9 @@
package at.gv.egovernment.moa.id.auth;
+import java.util.Arrays;
+import java.util.List;
+
import iaik.asn1.ObjectID;
@@ -118,5 +121,12 @@ public interface MOAIDAuthConstants {
public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3";
/** the number of the certifcate extension for party organ representatives */
public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10";
+
+ /**BKU type identifiers to use bkuURI from configuration*/
+ public static final String REQ_BKU_TYPE_LOCAL = "local";
+ public static final String REQ_BKU_TYPE_ONLINE = "online";
+ public static final String REQ_BKU_TYPE_HANDY = "handy";
+ public static final List<String> REQ_BKU_TYPES = Arrays.asList(REQ_BKU_TYPE_LOCAL, REQ_BKU_TYPE_ONLINE, REQ_BKU_TYPE_HANDY);
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index 412f1db81..897933ea0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -26,8 +26,13 @@ package at.gv.egovernment.moa.id.auth.builder;
import java.io.StringWriter;
import java.text.MessageFormat;
+import java.text.SimpleDateFormat;
+import java.util.Calendar;
+import java.util.Date;
import java.util.List;
+import java.util.Locale;
+import javax.xml.bind.DatatypeConverter;
import javax.xml.transform.Result;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
@@ -49,6 +54,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
@@ -79,6 +85,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
" <saml:AttributeValue>{6}</saml:AttributeValue>" + NL +
" </saml:Attribute>" + NL +
"{7}" +
+ "{8}" +
" </saml:AttributeStatement>" + NL +
"</saml:Assertion>";
@@ -97,6 +104,11 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
" </saml:AttributeValue>" + NL +
" </saml:Attribute>" + NL;
+ private static String SPECIAL_TEXT_ATTRIBUTE =
+ " <saml:Attribute AttributeName=''SpecialText'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL;
+
private static String PR_IDENTIFICATION_ATTRIBUTE =
" <pr:Identification xmlns:pr=\"" + PD_NS_URI + "\">" + NL +
@@ -107,7 +119,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
/**
* The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes).
*/
- public static final int NUM_OF_SAML_ATTRIBUTES = 3;
+ public static final int NUM_OF_SAML_ATTRIBUTES = 4;
/**
* Constructor for AuthenticationBlockAssertionBuilder.
@@ -172,8 +184,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
Logger.error("Error on building AUTH-Block: " + e.getMessage());
throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
}
-
-
+
if (target == null) {
// OA is a business application
if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) {
@@ -252,6 +263,15 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
extendedSAMLAttributes.add(oaFriendlyNameAttribute);
+
+ //TODO: load special text from OAconfig
+ String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#.";
+ //String text = "";
+
+
+ String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
+ new Object[] { generateSpecialText(text, issuer, issueInstant) });
+
String assertion;
try {
assertion = MessageFormat.format(
@@ -263,6 +283,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
gebeORwbpk,
oaURL,
gebDat,
+ specialText,
buildExtendedSAMLAttributes(extendedSAMLAttributes)});
} catch (ParseException e) {
Logger.error("Error on building AUTH-Block: " + e.getMessage());
@@ -385,6 +406,13 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
extendedSAMLAttributes.add(oaFriendlyNameAttribute);
//..BZ
+ //TODO: load special text from OAconfig
+ //String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#.";
+ String text = "";
+
+ String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
+ new Object[] { generateSpecialText(text, issuer, issueInstant) });
+
String assertion;
try {
assertion = MessageFormat.format(
@@ -396,6 +424,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
gebeORwbpk,
oaURL,
gebDat,
+ specialText,
buildExtendedSAMLAttributes(extendedSAMLAttributes)});
} catch (ParseException e) {
Logger.error("Error on building AUTH-Block: " + e.getMessage());
@@ -406,6 +435,17 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
}
+ public static String generateSpecialText(String inputtext, String issuer, String issueInstant) {
+ Calendar datetime = DatatypeConverter.parseDateTime(issueInstant);
+ SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
+ SimpleDateFormat timeformat = new SimpleDateFormat("HH:mm:ss");
+
+ String text = inputtext.replaceAll("#NAME#", issuer);
+ text = text.replaceAll("#DATE#", dateformat.format(datetime.getTime()));
+ text = text.replaceAll("#TIME#", timeformat.format(datetime.getTime()));
+
+ return text;
+ }
public static String xmlToString(Node node) {
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
index 5191a2f81..83b7ae592 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
@@ -10,11 +10,12 @@ import at.gv.egovernment.moa.logging.Logger;
public class LoginFormBuilder {
+ private static String SERVLET = "GenerateIframeTemplate";
+
private static String AUTH_URL = "#AUTH_URL#";
- private static String OA_URL = "#OA_URL#";
- private static String RED_URL = "#RED_URL#";
private static String MODUL = "#MODUL#";
private static String ACTION = "#ACTION#";
+ private static String OANAME = "#OAName#";
private static String template;
@@ -29,7 +30,7 @@ public class LoginFormBuilder {
StringWriter writer = new StringWriter();
IOUtils.copy(input, writer);
template = writer.toString();
- template = template.replace(AUTH_URL, "StartBKUAuthentication");
+ template = template.replace(AUTH_URL, SERVLET);
} catch (Exception e) {
Logger.error("Failed to read template", e);
}
@@ -38,11 +39,10 @@ public class LoginFormBuilder {
return template;
}
- public static String buildLoginForm(String oaURL, String modul, String action) {
+ public static String buildLoginForm(String modul, String action, String oaname) {
String value = getTemplate();
if(value != null) {
- value = value.replace(OA_URL, oaURL);
if(modul == null) {
modul = SAML1Protocol.PATH;
}
@@ -51,6 +51,7 @@ public class LoginFormBuilder {
}
value = value.replace(MODUL, modul);
value = value.replace(ACTION, action);
+ value = value.replace(OANAME, oaname);
}
return value;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
new file mode 100644
index 000000000..8a9c2b4fd
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
@@ -0,0 +1,56 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
+
+public class StartAuthenticationBuilder {
+
+ private static StartAuthenticationBuilder instance = null;
+
+ public static StartAuthenticationBuilder getInstance() {
+ if (instance == null) {
+ instance = new StartAuthenticationBuilder();
+ }
+ return instance;
+ }
+
+
+ public String build(AuthenticationSession moasession, HttpServletRequest req,
+ HttpServletResponse resp) throws WrongParametersException, MOAIDException {
+
+ if (moasession == null) {
+ throw new AuthenticationException("auth.18", new Object[] { });
+ }
+
+ STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
+
+ Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc()));
+ // STORK or normal authentication
+ if (storkConfig.isSTORKAuthentication(moasession.getCcc())) {
+ //STORK authentication
+ Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
+ Logger.debug("Starting STORK authentication");
+
+ AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
+ return "";
+
+ } else {
+ //normal MOA-ID authentication
+ Logger.debug("Starting normal MOA-ID authentication");
+
+ String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme());
+
+ return getIdentityLinkForm;
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index e023acafa..22a3337e3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -113,6 +113,12 @@ public class AuthenticationSession implements Serializable {
*/
private boolean useMandate;
+
+ /**
+ * STORK
+ */
+ private String ccc;
+
/**
* Reference value for mandate
*/
@@ -1025,6 +1031,16 @@ public class AuthenticationSession implements Serializable {
public void setStorkAuthnRequest(STORKAuthnRequest storkAuthnRequest) {
this.storkAuthnRequest = storkAuthnRequest;
}
+
+ public String getCcc() {
+ return ccc;
+ }
+
+ public void setCcc(String ccc) {
+ this.ccc = ccc;
+ }
+
+
// public CreateXMLSignatureResponse getXMLCreateSignatureResponse() {
// return XMLCreateSignatureResponse;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
new file mode 100644
index 000000000..1d3c82aaf
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -0,0 +1,239 @@
+package at.gv.egovernment.moa.id.auth.parser;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+
+public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
+
+ public static void parse(AuthenticationSession moasession,
+ String target,
+ String sourceID,
+ String oaURL,
+ String bkuURL,
+ String templateURL,
+ String useMandate,
+ String ccc,
+ String module,
+ String action,
+ HttpServletRequest req) throws WrongParametersException, MOAIDException {
+
+ String targetFriendlyName = null;
+
+ // escape parameter strings
+ //TODO: use URLEncoder.encode!!
+ target = StringEscapeUtils.escapeHtml(target);
+ sourceID = StringEscapeUtils.escapeHtml(sourceID);
+ oaURL = StringEscapeUtils.escapeHtml(oaURL);
+ bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
+ templateURL = StringEscapeUtils.escapeHtml(templateURL);
+ useMandate = StringEscapeUtils.escapeHtml(useMandate);
+ ccc = StringEscapeUtils.escapeHtml(ccc);
+
+ // check parameter
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
+ if (!ParamValidatorUtils.isValidBKUURI(bkuURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
+ if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+ if (!ParamValidatorUtils.isValidUseMandate(useMandate))
+ throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
+ if (!ParamValidatorUtils.isValidSourceID(sourceID))
+ throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
+ if (!ParamValidatorUtils.isValidCCC(ccc))
+ throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
+
+ //check UseMandate flag
+ String useMandateString = null;
+ boolean useMandateBoolean = false;
+ if ((useMandate != null) && (useMandate.compareTo("") != 0)) {
+ useMandateString = useMandate;
+ } else {
+ useMandateString = "false";
+ }
+
+ if (useMandateString.compareToIgnoreCase("true") == 0)
+ useMandateBoolean = true;
+ else
+ useMandateBoolean = false;
+
+ moasession.setUseMandate(useMandateString);
+
+ //load OnlineApplication configuration
+ OAAuthParameter oaParam;
+ if (moasession.getPublicOAURLPrefix() != null) {
+ oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(
+ moasession.getPublicOAURLPrefix());
+
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00",
+ new Object[] { moasession.getPublicOAURLPrefix() });
+
+ } else {
+ oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(oaURL);
+
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00",
+ new Object[] { oaURL });
+
+
+ // get target and target friendly name from config
+ String targetConfig = oaParam.getTarget();
+ String targetFriendlyNameConfig = oaParam.getTargetFriendlyName();
+
+ if (StringUtils.isEmpty(targetConfig)) {
+ // no target attribut is given in OA config
+ // target is used from request
+ // check parameter
+ if (!ParamValidatorUtils.isValidTarget(target))
+ throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+ } else {
+ // use target from config
+ target = targetConfig;
+ targetFriendlyName = targetFriendlyNameConfig;
+ }
+
+
+ if (!oaParam.getBusinessService()) {
+ if (isEmpty(target))
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_TARGET, "auth.05");
+
+ } else {
+ if (useMandateBoolean) {
+ Logger.error("Online-Mandate Mode for bussines application not supported.");
+ throw new AuthenticationException("auth.17", null);
+ }
+ target = null;
+ targetFriendlyName = null;
+ }
+
+ moasession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
+ moasession.setTarget(target);
+ moasession.setTargetFriendlyName(targetFriendlyName);
+ moasession.setBusinessService(oaParam.getBusinessService());
+ moasession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
+ }
+
+ //check OnlineApplicationURL
+ if (isEmpty(oaURL))
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_OA, "auth.05");
+ moasession.setOAURLRequested(oaURL);
+
+ //check AuthURL
+ String authURL = req.getScheme() + "://" + req.getServerName();
+ if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {
+ authURL = authURL.concat(":" + req.getServerPort());
+ }
+ authURL = authURL.concat(req.getContextPath() + "/");
+
+ if (isEmpty(authURL))
+ throw new WrongParametersException("StartAuthentication",
+ "AuthURL", "auth.05");
+
+ // check if HTTP Connection may be allowed (through
+ // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+ String boolStr = AuthConfigurationProvider
+ .getInstance()
+ .getGenericConfigurationParameter(
+ AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+ if ((!authURL.startsWith("https:"))
+ && (false == BoolUtils.valueOf(boolStr)))
+ throw new AuthenticationException("auth.07",
+ new Object[] { authURL + "*" });
+
+ moasession.setAuthURL(authURL);
+
+ //check and set SourceID
+ if (sourceID != null)
+ moasession.setSourceID(sourceID);
+
+ // BKU URL has not been set yet, even if session already exists
+ if (bkuURL == null) {
+ if (req.getScheme() != null && req.getScheme().equalsIgnoreCase("https")) {
+ bkuURL = DEFAULT_BKU_HTTPS;
+ } else {
+ bkuURL = DEFAULT_BKU;
+ }
+ }
+ moasession.setBkuURL(bkuURL);
+
+ // override template url by url from configuration file
+ if (oaParam.getTemplateURL() != null) {
+ templateURL = oaParam.getTemplateURL();
+ }
+ moasession.setTemplateURL(templateURL);
+ moasession.setCcc(ccc);
+
+ }
+
+ public static void parse(HttpServletRequest req, HttpServletResponse resp,
+ AuthenticationSession moasession) throws WrongParametersException, MOAIDException {
+
+ //check Module and Action
+ HttpSession httpSession = req.getSession();
+ IRequest request = RequestStorage.getPendingRequest(httpSession);
+
+ String modul = request.requestedModule();//req.getParameter(PARAM_MODUL);
+ String action = request.requestedAction();//req.getParameter(PARAM_ACTION);
+
+ modul = StringEscapeUtils.escapeHtml(modul);
+ action = StringEscapeUtils.escapeHtml(action);
+ if(modul == null) {
+ modul = SAML1Protocol.PATH;
+ }
+
+ if(action == null) {
+ action = SAML1Protocol.GETARTIFACT;
+ }
+ moasession.setModul(modul);
+ moasession.setAction(action);
+
+ //get Parameters from request
+ String target = req.getParameter(PARAM_TARGET);
+ String sourceID = req.getParameter(PARAM_SOURCEID);
+ String oaURL = req.getParameter(PARAM_OA);
+ String bkuURL = req.getParameter(PARAM_BKU);
+ String templateURL = req.getParameter(PARAM_TEMPLATE);
+ String useMandate = req.getParameter(PARAM_USEMANDATE);
+ String ccc = req.getParameter(PARAM_CCC);
+
+ oaURL = request.getOAURL();
+ target = request.getTarget();
+
+ parse(moasession, target, sourceID, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req);
+
+ }
+
+ /**
+ * Checks a parameter.
+ *
+ * @param param
+ * parameter
+ * @return true if the parameter is null or empty
+ */
+ private static boolean isEmpty(String param) {
+ return param == null || param.length() == 0;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
new file mode 100644
index 000000000..29d407dc7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -0,0 +1,178 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.bouncycastle.asn1.x509.Target;
+
+import com.trilead.ssh2.Session;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
+
+public class GenerateIFrameTemplateServlet extends AuthServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ public void init(ServletConfig servletConfig) throws ServletException {
+ try {
+ super.init(servletConfig);
+ MOAIDAuthInitializer.initialize();
+ Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding"));
+ Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
+ }
+ catch (Exception ex) {
+ Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
+ throw new ServletException(ex);
+ }
+ }
+
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ Logger.info("Receive " + GenerateIFrameTemplateServlet.class + " Request");
+
+ try {
+ String bkuid = req.getParameter(PARAM_BKU);
+ String useMandate = req.getParameter(PARAM_USEMANDATE);
+ String ccc = req.getParameter(PARAM_CCC);
+
+ String moasessionid = null;
+ AuthenticationSession moasession = null;
+
+ try {
+ moasessionid = (String) req.getSession().getAttribute(AuthenticationManager.MOA_SESSION);
+ moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+
+ } catch (MOADatabaseException e) {
+ Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database");
+ throw new MOAIDException("init.04", new Object[] {
+ moasessionid});
+
+ } catch (Throwable e) {
+ Logger.info("No HTTP Session found!");
+ throw new MOAIDException("auth.18", new Object[] {});
+ }
+
+ //load OA Config
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(moasession.getOAURLRequested());
+
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() });
+
+ else {
+
+ //load Parameters from config
+ String target = oaParam.getTarget();
+ String sourceID = ""; //TODO: load from Config
+ String bkuURL = getBKUURIFromConfig(Integer.valueOf(bkuid), oaParam);
+ String templateURL = getTemplateURIFromConfig(Integer.valueOf(bkuid), oaParam);;
+
+
+ //parse all OA parameters i
+ StartAuthentificationParameterParser.parse(moasession,
+ target,
+ sourceID,
+ moasession.getOAURLRequested(),
+ bkuURL,
+ templateURL,
+ useMandate,
+ ccc,
+ moasession.getModul(),
+ moasession.getAction(),
+ req);
+ }
+
+ StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
+ String getIdentityLinkForm = startauth.build(moasession, req, resp);
+
+ //store MOASession
+ try {
+ AuthenticationSessionStoreage.storeSession(moasession);
+ } catch (MOADatabaseException e) {
+ Logger.error("Database Error! MOASession is not stored!");
+ throw new MOAIDException("init.04", new Object[] {
+ moasession.getSessionID()});
+ }
+
+ if (!StringUtils.isEmpty(getIdentityLinkForm)) {
+ resp.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(resp.getOutputStream());
+ out.print(getIdentityLinkForm);
+ out.flush();
+ Logger.debug("Finished GET "+GenerateIFrameTemplateServlet.class);
+ }
+ }
+ catch (WrongParametersException ex) {
+ handleWrongParameters(ex, req, resp);
+ }
+
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
+
+
+ }
+
+ private String getTemplateURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException {
+ //TODO: CHANGE to real OA config
+
+ List<String> bkuURIs = Arrays.asList(
+ "http://labda.iaik.tugraz.at:8080/moa-id-auth/template_onlineBKU.html",
+ "http://labda.iaik.tugraz.at:8080/moa-id-auth/template_handyBKU.html",
+ "http://labda.iaik.tugraz.at:8080/moa-id-auth/template_localBKU.html");
+
+// List<String> bkuURIs = Arrays.asList(
+// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_onlineBKU.html",
+// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_handyBKU.html",
+// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_localBKU.html");
+
+ if (bkuID < bkuURIs.size())
+ return bkuURIs.get(bkuID);
+ else
+ throw new WrongParametersException("GenerateIFrameTemplate", PARAM_TEMPLATE,
+ "auth.12");
+ }
+
+ private String getBKUURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException {
+ //TODO: CHANGE to real OA config
+
+ List<String> bkuURIs = Arrays.asList(
+ "https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request",
+ "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx",
+ "https://127.0.0.1:3496/https-security-layer-request");
+
+// List<String> bkuURIs = Arrays.asList(
+// "https://demo.egiz.gv.at/demoportal_bkuonline/https-security-layer-request",
+// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx",
+// "https://127.0.0.1:3496/https-security-layer-request");
+
+ if (bkuID < bkuURIs.size())
+ return bkuURIs.get(bkuID);
+ else
+ throw new WrongParametersException("GenerateIFrameTemplate", PARAM_BKU,
+ "auth.12");
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index e15d8f908..16ff65477 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -43,7 +43,9 @@ import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
@@ -51,6 +53,7 @@ import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -94,130 +97,66 @@ public class StartAuthenticationServlet extends AuthServlet {
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
- Logger.debug("GET StartAuthentication");
- String authURL = req.getScheme() + "://" + req.getServerName();
- if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {
- authURL = authURL.concat(":" + req.getServerPort());
- }
- authURL = authURL.concat(req.getContextPath() + "/");
+ Logger.debug("GET StartAuthentication");
+
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ sessionID = (String) req.getAttribute(PARAM_SESSIONID);
+
+
+
+ try {
+
+ if (StringUtils.isEmpty(sessionID))
+ throw new MOAIDException("auth.18", null);
+
+ sessionID = StringEscapeUtils.escapeHtml(sessionID);
+
+ if (!ParamValidatorUtils.isValidSessionID(sessionID))
+ throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");
+
+ setNoCachingHeadersInHttpRespone(req, resp);
- HttpSession httpSession = req.getSession();
-
- String target = req.getParameter(PARAM_TARGET);
- String sourceID = req.getParameter(PARAM_SOURCEID);
- String oaURL = req.getParameter(PARAM_OA);
- String bkuURL = req.getParameter(PARAM_BKU);
- String templateURL = req.getParameter(PARAM_TEMPLATE);
- String sessionID = req.getParameter(PARAM_SESSIONID);
- String useMandate = req.getParameter(PARAM_USEMANDATE);
- String ccc = req.getParameter(PARAM_CCC);
-
- IRequest request = RequestStorage.getPendingRequest(httpSession);
-
- String modul = request.requestedModule();//req.getParameter(PARAM_MODUL);
- String action = request.requestedAction();//req.getParameter(PARAM_ACTION);
- request.getOAURL();
-
- // escape parameter strings
- //TODO: use URLEncoder.encode!!
- target = StringEscapeUtils.escapeHtml(target);
- sourceID = StringEscapeUtils.escapeHtml(sourceID);
- oaURL = StringEscapeUtils.escapeHtml(oaURL);
- bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
- templateURL = StringEscapeUtils.escapeHtml(templateURL);
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
- useMandate = StringEscapeUtils.escapeHtml(useMandate);
- ccc = StringEscapeUtils.escapeHtml(ccc);
- modul = StringEscapeUtils.escapeHtml(modul);
- action = StringEscapeUtils.escapeHtml(action);
-
- oaURL = request.getOAURL();
- target = request.getTarget();
-
- setNoCachingHeadersInHttpRespone(req, resp);
-
- try {
- // check parameter
- if (!ParamValidatorUtils.isValidOA(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
- if (!ParamValidatorUtils.isValidBKUURI(bkuURL))
- throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
- if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
- throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");
- if (!ParamValidatorUtils.isValidUseMandate(useMandate))
- throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
- if (!ParamValidatorUtils.isValidSourceID(sourceID))
- throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
- if (!ParamValidatorUtils.isValidCCC(ccc))
- throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
-
- if(modul == null) {
- modul = SAML1Protocol.PATH;
- }
-
- if(action == null) {
- action = SAML1Protocol.GETARTIFACT;
- }
-
- Logger.info("Start Authentication Module: " + modul + " Action: " + action);
-
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { oaURL });
-
- // get target and target friendly name from config
- String targetConfig = oaParam.getTarget();
- String targetFriendlyNameConfig = oaParam.getTargetFriendlyName();
-
- String targetFriendlyName = null;
-
- if (StringUtils.isEmpty(targetConfig)) {
- // no target attribut is given in OA config
- // target is used from request
- // check parameter
- if (!ParamValidatorUtils.isValidTarget(target))
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
- } else {
- // use target from config
- target = targetConfig;
- targetFriendlyName = targetFriendlyNameConfig;
- }
-
- STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
-
- Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(ccc) ? "AT" : ccc));
- // STORK or normal authentication
- if (storkConfig.isSTORKAuthentication(ccc)) {
- //STORK authentication
- Logger.trace("Found C-PEPS configuration for citizen of country: " + ccc);
- Logger.debug("Starting STORK authentication");
-
- AuthenticationServer.startSTORKAuthentication(req, resp, ccc, oaURL, target, targetFriendlyName, authURL, sourceID, modul, action);
-
- } else {
- //normal MOA-ID authentication
- Logger.debug("Starting normal MOA-ID authentication");
-
- String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, targetFriendlyName, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID, modul, action);
+ //TODO: Load MOASession
+ AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(sessionID);
- resp.setContentType("text/html;charset=UTF-8");
- PrintWriter out = new PrintWriter(resp.getOutputStream());
- out.print(getIdentityLinkForm);
- out.flush();
- }
- Logger.debug("Finished GET StartAuthentication");
+ STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
+
+ Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc()));
+ // STORK or normal authentication
+ if (storkConfig.isSTORKAuthentication(moasession.getCcc())) {
+ //STORK authentication
+ Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
+ Logger.debug("Starting STORK authentication");
+
+ //TODO: insert sessionID to STORK!!
+ AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
+
+ } else {
+ //normal MOA-ID authentication
+ Logger.debug("Starting normal MOA-ID authentication");
+
+ String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme());
+
+ resp.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(resp.getOutputStream());
+ out.print(getIdentityLinkForm);
+ out.flush();
+ }
+ Logger.debug("Finished GET StartAuthentication");
- }
+ }
+
catch (WrongParametersException ex) {
handleWrongParameters(ex, req, resp);
}
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- }
+
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+
+ } catch (MOADatabaseException e) {
+ handleError(null, e, req, resp);
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 8d2f95cce..93bc0d214 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -231,7 +231,29 @@ public class CreateXMLSignatureResponseValidator {
} else {
throw new ValidateException("validator.35", null);
}
+
+ // check four attribute could be a special text
+ samlAttribute = samlAttributes[3 + offset];
+ if (!samlAttribute.getName().equals("SpecialText")) {
+ throw new ValidateException(
+ "validator.37",
+ new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(3)});
+ }
+ if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+ String samlSpecialText = (String)samlAttribute.getValue();
+
+ //TODO:load Text from OA config
+ String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#.";
+ //String text = "";
+ String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant);
+ if (!samlSpecialText.equals(specialText)) {
+ throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
+ }
+ } else {
+ throw new ValidateException("validator.35", null);
+ }
+
// now check the extended SAML attributes
int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + offset;
if (extendedSAMLAttributes != null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index d1e3d809c..0771fb86c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -43,8 +43,10 @@ import test.tlenz.simpletest;
import eu.stork.vidp.messages.common.STORKBootstrap;
import at.gv.egovernment.moa.id.commons.db.HibernateUtil;
-import at.gv.egovernment.moa.id.commons.db.dao.AssertionStore;
-import at.gv.egovernment.moa.id.commons.db.dao.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
@@ -305,6 +307,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
Configuration hibernateConfig = new Configuration();
hibernateConfig.addAnnotatedClass(AssertionStore.class);
hibernateConfig.addAnnotatedClass(AuthenticatedSessionStore.class);
+ hibernateConfig.addAnnotatedClass(OASessionStore.class);
+ hibernateConfig.addAnnotatedClass(OldSSOSessionIDStore.class);
hibernateConfig.addProperties(props);
HibernateUtil.initHibernate(hibernateConfig, props);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index c993290e9..5342cd0d3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -188,7 +188,8 @@ public class DispatcherServlet extends AuthServlet {
// check if pending request is same protocol and action
if (!protocolRequest.requestedModule().equals(module)
|| !protocolRequest.requestedAction()
- .equals(action)) {
+ .equals(action)
+ || !info.validate(req, resp, protocolRequest)) {
resp.sendError(HttpServletResponse.SC_CONFLICT);
Logger.error("Different Request is pending in this session!");
return;
@@ -210,7 +211,9 @@ public class DispatcherServlet extends AuthServlet {
}
RequestStorage.setPendingRequest(httpSession, protocolRequest);
-
+
+ AuthenticationManager authmanager = AuthenticationManager.getInstance();
+
if (moduleAction.needAuthentication(protocolRequest, req, resp)) {
if (protocolRequest.isPassiv()
&& protocolRequest.forceAuth()) {
@@ -219,30 +222,30 @@ public class DispatcherServlet extends AuthServlet {
}
if (protocolRequest.forceAuth()) {
- if (!AuthenticationManager.tryPerformAuthentication(
+ if (!authmanager.tryPerformAuthentication(
req, resp)) {
- AuthenticationManager.doAuthentication(req, resp,
+ authmanager.doAuthentication(req, resp,
protocolRequest);
return;
}
} else if (protocolRequest.isPassiv()) {
- if (AuthenticationManager.tryPerformAuthentication(req,
+ if (authmanager.tryPerformAuthentication(req,
resp)
- || AuthenticationManager.isAuthenticated(req,
+ || authmanager.isAuthenticated(req,
resp)) {
// Passive authentication ok!
} else {
throw new NoPassivAuthenticationException();
}
} else {
- if (AuthenticationManager.tryPerformAuthentication(req,
+ if (authmanager.tryPerformAuthentication(req,
resp)
- || AuthenticationManager.isAuthenticated(req,
+ || authmanager.isAuthenticated(req,
resp)) {
// Is authenticated .. proceed
} else {
// Start authentication!
- AuthenticationManager.doAuthentication(req, resp,
+ authmanager.doAuthentication(req, resp,
protocolRequest);
return;
}
@@ -253,7 +256,7 @@ public class DispatcherServlet extends AuthServlet {
RequestStorage.removePendingRequest(httpSession);
- AuthenticationManager.logout(req, resp);
+ authmanager.logout(req, resp);
} catch (Throwable e) {
e.printStackTrace();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 21e431bf8..5e792ab78 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -1,28 +1,57 @@
package at.gv.egovernment.moa.id.moduls;
import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletContext;
import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
+import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
-public class AuthenticationManager implements MOAIDAuthConstants {
+public class AuthenticationManager extends AuthServlet {
+ private static AuthenticationManager instance = null;
+
+ private static final long serialVersionUID = 1L;
+
public static final String MOA_SESSION = "MoaAuthenticationSession";
public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
- public static AuthenticationSession getAuthenticationSession(
+
+ public static AuthenticationManager getInstance() {
+ if (instance == null) {
+ instance = new AuthenticationManager();
+ }
+
+ return instance;
+ }
+
+
+ public AuthenticationSession getAuthenticationSession(
HttpSession session) {
String sessionID = HTTPSessionUtils.getHTTPSessionString(session,
MOA_SESSION, null);
@@ -44,7 +73,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
* @param response
* @return
*/
- public static boolean isAuthenticated(HttpServletRequest request,
+ public boolean isAuthenticated(HttpServletRequest request,
HttpServletResponse response) {
Logger.info("Checking authentication");
@@ -84,7 +113,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
* @param response
* @return
*/
- public static boolean tryPerformAuthentication(HttpServletRequest request,
+ public boolean tryPerformAuthentication(HttpServletRequest request,
HttpServletResponse response) {
HttpSession session = request.getSession();
@@ -116,7 +145,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
return false;
}
- public static void logout(HttpServletRequest request,
+ public void logout(HttpServletRequest request,
HttpServletResponse response) {
Logger.info("Logout");
@@ -146,8 +175,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
authSession.setAuthenticated(false);
HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
- //TODO: delete session from Database!!!
- //AuthenticationSessionStoreage.destroySession(moaSessionID);
+ AuthenticationSessionStoreage.destroySession(moaSessionID);
session.invalidate();
@@ -158,10 +186,9 @@ public class AuthenticationManager implements MOAIDAuthConstants {
}
- public static void doAuthentication(HttpServletRequest request,
+ public void doAuthentication(HttpServletRequest request,
HttpServletResponse response, IRequest target)
throws ServletException, IOException, MOAIDException {
- HttpSession session = request.getSession();
Logger.info("Starting authentication ...");
if (!ParamValidatorUtils.isValidOA(target.getOAURL()))
@@ -173,18 +200,134 @@ public class AuthenticationManager implements MOAIDAuthConstants {
"auth.12");
}
- // TODO: Build authentication form
+ setNoCachingHeadersInHttpRespone(request, response);
+
+ //TODO:move this to config!!!
+ final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x");
+
+ //is legacy allowed
+ boolean legacyallowed = PROTOCOLS_LEGACY_ALLOWED.contains(target.requestedModule());
- /*
- * String loginForm = LoginFormBuilder.buildLoginForm(target.getOAURL(),
- * modul, protocol);
- *
- * response.setContentType("text/html;charset=UTF-8"); PrintWriter out =
- * new PrintWriter(response.getOutputStream()); out.print(loginForm);
- * out.flush(); return;
- */
+ //check legacy request parameter
+ boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(request);
+
+ AuthenticationSession moasession;
+
+ if (legacyallowed && legacyparamavail) {
+
+ //check if an MOASession exists and if not create an new MOASession
+ moasession = getORCreateMOASession(request);
+
+ //parse request parameter into MOASession
+ try{
+ StartAuthentificationParameterParser.parse(request, response, moasession);
+
+ }
+ catch (WrongParametersException ex) {
+ handleWrongParameters(ex, request, response);
+ }
+
+ catch (MOAIDException ex) {
+ handleError(null, ex, request, response);
+ }
+
+ Logger.info("Start Authentication Module: " + moasession.getModul()
+ + " Action: " + moasession.getAction());
+
+ //start authentication process
+// session.getServletContext().getNamedDispatcher("StartAuthentication")
+// .forward(request, response);
+
+ StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
+
+ String getIdentityLinkForm = startauth.build(moasession, request, response);
+
+ //store MOASession
+ try {
+ AuthenticationSessionStoreage.storeSession(moasession);
+ } catch (MOADatabaseException e) {
+ Logger.error("Database Error! MOASession is not stored!");
+ throw new MOAIDException("init.04", new Object[] {
+ moasession.getSessionID()});
+ }
+
+ if (!StringUtils.isEmpty(getIdentityLinkForm)) {
+ response.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(response.getOutputStream());
+ out.print(getIdentityLinkForm);
+ out.flush();
+ Logger.debug("Finished GET StartAuthentication");
+ }
+
+ } else {
+ //load Parameters from OnlineApplicationConfiguration
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(target.getOAURL());
+
+ if (oaParam == null) {
+ //TODO: Find a better place for this!!
+ request.getSession().invalidate();
+ throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() });
+ }
+
+
+ else {
+
+ //check if an MOASession exists and if not create an new MOASession
+ moasession = getORCreateMOASession(request);
- session.getServletContext().getNamedDispatcher("StartAuthentication")
- .forward(request, response);
+ //set OnlineApplication configuration in Session
+ moasession.setOAURLRequested(target.getOAURL());
+ moasession.setAction(target.requestedAction());
+ moasession.setModul(target.requestedModule());
+ }
+
+ //Build authentication form
+ String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(),
+ target.requestedAction(), oaParam.getFriendlyName());
+
+ //store MOASession
+ try {
+ AuthenticationSessionStoreage.storeSession(moasession);
+ } catch (MOADatabaseException e) {
+ Logger.error("Database Error! MOASession is not stored!");
+ throw new MOAIDException("init.04", new Object[] {
+ moasession.getSessionID()});
+ }
+
+ //set MOAIDSession
+ request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID());
+
+ response.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(response.getOutputStream());
+ out.print(loginForm);
+ out.flush();
+ }
}
+
+ private AuthenticationSession getORCreateMOASession(HttpServletRequest request) throws MOAIDException {
+
+ //String sessionID = request.getParameter(PARAM_SESSIONID);
+ String sessionID = (String) request.getSession().getAttribute(MOA_SESSION);
+ AuthenticationSession moasession;
+
+ try {
+ moasession = AuthenticationSessionStoreage.getSession(sessionID);
+ Logger.info("Found existing MOASession with sessionID=" + sessionID
+ + ". This session is used for reauthentification.");
+
+ } catch (MOADatabaseException e) {
+ try {
+ moasession = AuthenticationSessionStoreage.createSession();
+ Logger.info("Create a new MOASession with sessionID=" + sessionID + ".");
+
+ } catch (MOADatabaseException e1) {
+ Logger.error("Database Error! MOASession are not created.");
+ throw new MOAIDException("init.04", new Object[] {
+ "0"});
+ }
+ }
+
+ return moasession;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
index 5a2bb1efc..679ccb000 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
@@ -22,4 +22,7 @@ public interface IModulInfo {
public boolean generateErrorMessage(Throwable e,
HttpServletRequest request, HttpServletResponse response,
IRequest protocolRequest) throws Throwable;
+
+ public boolean validate(HttpServletRequest request,
+ HttpServletResponse response, IRequest pending);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 5ea596eeb..11710904b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -231,4 +231,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
return null;
}
+ public boolean validate(HttpServletRequest request,
+ HttpServletResponse response, IRequest pending) {
+ // TODO implement validation!
+ return true;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 964c19208..f05866f70 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -70,8 +70,8 @@ public class AuthnRequestHandler implements IRequestHandler {
spSSODescriptor.getAttributeConsumingServices().iterator().next();
- AuthenticationSession authSession =
- AuthenticationManager.getAuthenticationSession(req.getSession());
+ AuthenticationManager authmanager = AuthenticationManager.getInstance();
+ AuthenticationSession authSession =authmanager.getAuthenticationSession(req.getSession());
AttributeStatement attributeStatement = SAML2Utils.createSAMLObject(AttributeStatement.class);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 5649e5260..de87ebc50 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -26,8 +26,8 @@ public class GetArtifactAction implements IAction {
HttpServletResponse httpResp) {
HttpSession httpSession = httpReq.getSession();
- AuthenticationSession session = AuthenticationManager
- .getAuthenticationSession(httpSession);
+ AuthenticationManager authmanager = AuthenticationManager.getInstance();
+ AuthenticationSession session = authmanager.getAuthenticationSession(httpSession);
String oaURL = (String) httpReq.getAttribute(PARAM_OA);
oaURL = StringEscapeUtils.escapeHtml(oaURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
index 47050bf28..7f7d82a20 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
@@ -39,8 +39,8 @@ public class GetArtifactServlet extends AuthServlet {
throws ServletException, IOException {
HttpSession httpSession = req.getSession();
- AuthenticationSession session = AuthenticationManager
- .getAuthenticationSession(httpSession);
+ AuthenticationManager authmanager = AuthenticationManager.getInstance();
+ AuthenticationSession session = authmanager.getAuthenticationSession(httpSession);
String oaURL = (String) req.getAttribute(PARAM_OA);
oaURL = StringEscapeUtils.escapeHtml(oaURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 678d5f961..610c61343 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -69,6 +69,14 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
oaURL = StringEscapeUtils.escapeHtml(oaURL);
String target = (String) request.getParameter(PARAM_TARGET);
target = StringEscapeUtils.escapeHtml(target);
+
+ //the target parameter is used to define the OA in SAML1 standard
+ if (target != null && target.startsWith("http")) {
+ oaURL = target;
+ target = null;
+ }
+
+
if (!ParamValidatorUtils.isValidOA(oaURL))
throw new WrongParametersException("StartAuthentication", PARAM_OA,
"auth.12");
@@ -95,4 +103,30 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
return null;
}
+ public boolean validate(HttpServletRequest request,
+ HttpServletResponse response, IRequest pending) {
+
+ //TODO: funktioniert so nicht!!!
+
+// String oaURL = (String) request.getParameter(PARAM_OA);
+// oaURL = StringEscapeUtils.escapeHtml(oaURL);
+// String target = (String) request.getParameter(PARAM_TARGET);
+// target = StringEscapeUtils.escapeHtml(target);
+//
+// //the target parameter is used to define the OA in SAML1 standard
+// if (target.startsWith("http")) {
+// oaURL = target;
+// target = null;
+// }
+//
+// if (oaURL != null) {
+// if (oaURL.equals(pending.getOAURL()))
+// return true;
+// else
+// return false;
+// }
+
+ return true;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index bd79f88b7..6c8365e67 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -41,13 +41,15 @@ import javax.xml.parsers.ParserConfigurationException;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.StringUtils;
-public class ParamValidatorUtils {
+public class ParamValidatorUtils implements MOAIDAuthConstants{
/**
* Checks if the given target is valid
@@ -212,10 +214,12 @@ public class ParamValidatorUtils {
return false;
}
}
-
-
}
- else {
+ else if (MOAIDAuthConstants.REQ_BKU_TYPES.contains(bkuURI)) {
+ Logger.debug("Parameter bkuURI from configuration is used.");
+ return true;
+
+ } else {
Logger.error("Fehler Ueberpruefung Parameter bkuURI. bkuURI beginnt nicht mit http or https");
return false;
}
@@ -467,7 +471,39 @@ public class ParamValidatorUtils {
return false;
}
- }
+ }
+
+ public static boolean areAllLegacyParametersAvailable(HttpServletRequest req) {
+
+ String oaURL = req.getParameter(PARAM_OA);
+ String bkuURL = req.getParameter(PARAM_BKU);
+ String templateURL = req.getParameter(PARAM_TEMPLATE);
+ String useMandate = req.getParameter(PARAM_USEMANDATE);
+ String ccc = req.getParameter(PARAM_CCC);
+
+
+ // check parameter
+ try {
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
+ if (!ParamValidatorUtils.isValidBKUURI(bkuURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
+ if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+ if (!ParamValidatorUtils.isValidUseMandate(useMandate))
+ throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
+ if (!ParamValidatorUtils.isValidCCC(ccc))
+ throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
+
+ } catch (WrongParametersException e) {
+ return false;
+ }
+
+ if (StringUtils.isEmpty(oaURL) || StringUtils.isEmpty(templateURL) || StringUtils.isEmpty(bkuURL))
+ return false;
+ else
+ return true;
+ }
}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 75f35cb70..d9c55c5db 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -8,16 +8,16 @@
# status messages included in <samlp:Response> of GetAuthenticationDataService
1200=Anfrage erfolgreich beantwortet
-1201=Fehlerhaftes Requestformat: mehr als 1 Request �bergeben
-1202=Fehlerhaftes Requestformat: kein SAML-Artifakt �bergeben
-1203=Fehlerhaftes Requestformat: mehr als 1 SAML-Artifakt �bergeben
+1201=Fehlerhaftes Requestformat\: mehr als 1 Request ?bergeben
+1202=Fehlerhaftes Requestformat\: kein SAML-Artifakt ?bergeben
+1203=Fehlerhaftes Requestformat\: mehr als 1 SAML-Artifakt ?bergeben
1204=Fehlerhaftes Requestformat
1205=Fehler beim Abholen der Anmeldedaten, fehlerhaftes SAML-Artifakt Format (SAML-Artifakt={0}): {1}
1206=Fehler beim Abholen der Anmeldedaten, unbekanntes SAML-Artifakt (SAML-Artifakt={0})
-1207=Zeit�berschreitung beim Abholen der Anmeldedaten (SAML-Artifakt={0})
+1207=Zeit?berschreitung beim Abholen der Anmeldedaten (SAML-Artifakt\={0})
1299=Interner Server-Fehler
-auth.00=Anmeldung an dieser Applikation wird nicht unterst�tzt (URL={0})
+auth.00=Anmeldung an dieser Applikation wird nicht unterst?tzt (URL\={0})
auth.01=Die Anmeldung ist bereits im Gange (MOASessionID={0})
auth.02=MOASessionID ist unbekannt (MOASessionID={0})
auth.03=Fehler beim Abholen einer Datei von der URL "{0}": Interne Fehlermeldung: {1}
@@ -25,20 +25,23 @@ auth.04=Fehler beim Auslesen der Resource "{0}": {1}
auth.05=Fehlender Parameter "{1}" beim Aufruf von "{0}"
auth.06=Fehler beim Speichern der Anmeldedaten, fehlerhaftes SAML-Artifact Format (SAML-Artifact={0})
auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen. <br><b>Hinweis:</b> Bitte Dokumentation zu GenericConfiguration: "FrontendServlets.EnableHTTPConnection" beachten.
-auth.08=In der B�rgerkartenumgebung ist ein Fehler aufgetreten: <br>Fehlercode <i>{0}</i>: {1}
-auth.09=Zur Auswahlseite der B�rgertenumgebung (URL={0}) konnte keine Verbindung hergestellt werden. : <br>HTTP-Statuscode <i>{1}</i>
+auth.08=In der B?rgerkartenumgebung ist ein Fehler aufgetreten\: <br>Fehlercode <i>{0}</i>\: {1}
+auth.09=Zur Auswahlseite der B?rgertenumgebung (URL\={0}) konnte keine Verbindung hergestellt werden. \: <br>HTTP-Statuscode <i>{1}</i>
auth.10=Fehler beim Aufruf von "{0}": Parameter "{1}" fehlt
-auth.11=Die zentral gespeicherte Auswahlseite f�r B�rgerkartenumgebungen konnte nicht geladen werden. Bitte informieren Sie den Adminstrator des Servers und versuchen Sie die Anmeldung in einiger Zeit abermals. <br>URL "{0}" Interne Fehlermeldung: {1}
+auth.11=Die zentral gespeicherte Auswahlseite f?r B?rgerkartenumgebungen konnte nicht geladen werden. Bitte informieren Sie den Adminstrator des Servers und versuchen Sie die Anmeldung in einiger Zeit abermals. <br>URL "{0}" Interne Fehlermeldung\: {1}
auth.12=Fehlerhafter Parameter "{1}" beim Aufruf von "{0}"
auth.13=Vollmachtenmodus f�r ausl�ndische B�rger wird nicht unterst�tzt.
auth.14=Zertifikat konnte nicht ausgelesen werden.
auth.15=Fehler bei Anfrage an Vollmachten Service.
auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}"
auth.17=Vollmachtenmodus f�r nicht-�ffentlichen Bereich wird nicht unterst�tzt.
+auth.18=Keine MOASessionID vorhanden
init.00=MOA ID Authentisierung wurde erfolgreich gestartet
-init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround: SSL ist m�glicherweise nicht verf�gbar
+init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m?glicherweise nicht verf?gbar
init.02=Fehler beim Starten des Service MOA ID Authentisierung
+init.04=Fehler beim Datenbankzugriff mit der SessionID {0}
+
config.00=MOA ID Konfiguration erfolgreich geladen: {0}
config.01=Umgebungsvariable "moa.id.configuration" nicht gesetzt
@@ -62,11 +65,11 @@ config.17=Fehler beim initialisieren von Hibernate
parser.00=Leichter Fehler beim Parsen: {0}
parser.01=Fehler beim Parsen: {0}
parser.02=Schwerer Fehler beim Parsen: {0}
-parser.03=Fehler beim Parsen oder Konvertieren eines ECDSA-Schl�ssels: {0}
+parser.03=Fehler beim Parsen oder Konvertieren eines ECDSA-Schl?ssels\: {0}
parser.04=Fehler beim Serialisieren: {0}
parser.05=Fehler beim Serialisieren: SAML-Attribute {0} (Namespace: {1}) konnte nicht serialsiert werden.
-parser.06=Fehler beim Parsen: {0}-InfoboxResponse nicht vollst�ndig ({1} im {2} fehlt)
-parser.07=Fehler beim Parsen: Assoziatives Array im {0}-InfoboxResponse enth�lt einen Schl�ssel ohne zugeh�rigen Wert ("Key"-Element statt "Pair"-Element).
+parser.06=Fehler beim Parsen\: {0}-InfoboxResponse nicht vollst?ndig ({1} im {2} fehlt)
+parser.07=Fehler beim Parsen\: Assoziatives Array im {0}-InfoboxResponse enth?lt einen Schl?ssel ohne zugeh?rigen Wert ("Key"-Element statt "Pair"-Element).
builder.00=Fehler beim Aufbau der Struktur "{0}": {1}
builder.01=Fehlerhaftes Template: Kennung "{0}" fehlt
@@ -87,7 +90,7 @@ proxy.00=MOA ID Proxy wurde erfolgreich gestartet
proxy.01=Unbekannter URL {0}, erwarteter URL auf {1}
proxy.02=Unbekannter URL {0}. <br>Es wurde keine �bereinstimmung zum Attribut publicURLPrefix im Element 'OnlineApplication' der verwendeten MOA-ID Konfigurationsdatei gefunden.
proxy.04=URL {0} : {1}
-proxy.05=Fehler beim Aufbauen der SSLSocketFactory f�r {0} : {1}
+proxy.05=Fehler beim Aufbauen der SSLSocketFactory f?r {0} \: {1}
proxy.06=Fehler beim Starten des Service MOA ID Proxy
proxy.07=Sie sind nicht bzw. nicht mehr angemeldet. Melden Sie sich bitte erneut an.
proxy.08=Kein URL-Mapping in der HttpSession verf�gbar (URL {0})
@@ -95,8 +98,8 @@ proxy.09=Fehler beim Aufruf des MOA-ID Auth API: {0}
proxy.10=Fehler beim Weiterleiten (MOA-ID Proxy)
proxy.11=Beim Weiterleiten der Verbindung zur Anwendung ist ein Fehler aufgetreten.
proxy.12=Fehler bei der Anmeldung. <br>Eine Anmeldung an der Anwendung <b>{0}</b> war nicht m&ouml;glich. <br>Pr&uuml;fen Sie bitte ihre Berechtigung.
-proxy.13=Fehler beim Aufruf des LoginParameterResolvers zu URL-Pr�fix: {0}
-proxy.14=<p> Folgende Ursachen k�nnen zu dem Fehler gef�hrt haben:</p><ol><li>Sie sind nicht mehr angemeldet (Verbindungen werden aus Sicherheitsgr�nden bei l�ngerer Inaktivit�t beendet.)<br>Melden Sie sich bitte erneut an.</li><li> Die Kommunikation mit dem Server schlug fehl.<br> </li></ol>
+proxy.13=Fehler beim Aufruf des LoginParameterResolvers zu URL-Pr?fix\: {0}
+proxy.14=<p> Folgende Ursachen k?nnen zu dem Fehler gef?hrt haben\:</p><ol><li>Sie sind nicht mehr angemeldet (Verbindungen werden aus Sicherheitsgr?nden bei l?ngerer Inaktivit?t beendet.)<br>Melden Sie sich bitte erneut an.</li><li> Die Kommunikation mit dem Server schlug fehl.<br> </li></ol>
proxy.15=Auf die gew�nschte Seite kann nicht zugegriffen werden, Sie besitzen nicht die ben�tigte Berechtigung.
proxy.16=Fehler bei der Anmeldung. <br>Eine Anmeldung an der Anwendung <b>{0}</b> war nicht m&ouml;glich. Die maximale Anzahl von {1} ung&uuml;ltigen Loginversuchen wurde &uuml;berschritten.<br>Pr&uuml;fen Sie bitte ihre Berechtigung.
@@ -104,7 +107,7 @@ validator.00=Kein SAML:Assertion Objekt gefunden {0}
validator.01=Im Subject kommt mehr als ein Element des Typs PhysicalPersonType vor {0}
validator.02=Das verwendete Schl�sselformat eines �ffentlichen Schl�ssels ist unbekannt {0}
validator.03=Der Namespace eines �ffentlichen Schl�ssels ist ung�ltig {0}
-validator.04=Es wurde ein SAML:Attribut ohne �ffentlichen Schl�ssel gefunden {0}
+validator.04=Es wurde ein SAML\:Attribut ohne ?ffentlichen Schl?ssel gefunden {0}
validator.05=Es wurde {0} keine DSIG:Signature gefunden
validator.06=Die Signatur ist ung�ltig
@@ -144,33 +147,35 @@ validator.32="Issuer" im AUTH-Block nicht vorhanden.
validator.33="Issuer"-Attribut im AUTH-Block ("{0}") stimmt nicht mit dem Namen in der Personenbindung ("{1}") �berein.
validator.34=Das Geburtsdatum ({0}) stimmt nicht mit dem in der Personenbindung ({1}) �berein.
validator.35=Der Namespace des SAML-Attributs "Geburtsdatum" ist ung�ltig.
-validator.36=Die Anzahl der SAML-Attribute im AUTH-Block wurde ver�ndert: {0} statt der erwarteten {1}
-validator.37=Die Reihenfolge der SAML-Attribute im AUTH-Block wurde ver�ndert: Attribut "{0}" anstelle von Attribut "{1}" an der {2}. Position
-validator.38=Der {0} des SAML-Attributs Nummer {1} ({2}) im AUTH-Block ist ung�ltig: "{3}" anstelle von "{4}"
-validator.39=Der Austellungszeitpunkt (IssueInstant) im AUTH-Block wurde ver�ndert: {0} anstelle von {1}. M�glicherweise wurde Ihre B�rgerkartenumgebung kompromittiert. Verwenden Sie Ihre B�rgerkarte bis auf weiteres nicht mehr, und setzen Sie sich umgehend mit dem Betreiber des Online-Dienstes, an dem Sie sich anmelden wollten, in Verbindung.
-
-
-validator.40=�berpr�fung der {0}-Infobox fehlgeschlagen: {1}
-validator.41=�berpr�fung der {0}-Infobox fehlgeschlagen: Keine Konfigurationsparameter zur �berpr�fung der {0}-Infobox vorhanden.
-validator.42=�berpr�fung der {0}-Infobox fehlgeschlagen: Es konnte keine geeignete Applikation zur Verifikation der {0}-Infobox geladen werden.
-validator.43=�berpr�fung der {0}-Infobox fehlgeschlagen: Der InfoboxReadResponse f�r die {0}-Infobox konnte nicht erfolgreich geparst werden.
-validator.44=�berpr�fung der {0}-Infobox fehlgeschlagen: In der {0}-Infobox Pr�fapplikation ist ein Fehler aufgetreten.
-validator.45=�berpr�fung der {0}-Infobox fehlgeschlagen: Der {1} des von der {0}-Infobox Pr�fapplikation zur�ckgegebenen SAML-Attributes Nummer {2} ist {3}.
-validator.46=�berpr�fung der {0}-Infobox fehlgeschlagen: Der Wert des von der Pr�fapplikation zur�ckgegebenen SAML-Attributes Nummer {1} ist ung�ltig.
-validator.47=�berpr�fung der {0}-Infobox fehlgeschlagen: Das von der Pr�fapplikation zur�ckgegebene SAML-Attribut Nummer {1} kann nicht eindeutig zugeordnet werden.
-validator.48={0}-Infobox wurde nicht von der BKU �bermittelt: F�r die Anmeldung an dieser Online-Applikation ist die {0}-Infobox erforderlich. Bitte melden Sie sich erneut an, und selektieren Sie in Ihrer BKU die {0}-Infobox.
+validator.36=Die Anzahl der SAML-Attribute im AUTH-Block wurde ver?ndert\: {0} statt der erwarteten {1}
+validator.37=Die Reihenfolge der SAML-Attribute im AUTH-Block wurde ver?ndert\: Attribut "{0}" anstelle von Attribut "{1}" an der {2}. Position
+validator.38=Der {0} des SAML-Attributs Nummer {1} ({2}) im AUTH-Block ist ung?ltig\: "{3}" anstelle von "{4}"
+validator.39=Der Austellungszeitpunkt (IssueInstant) im AUTH-Block wurde ver?ndert\: {0} anstelle von {1}. M?glicherweise wurde Ihre B?rgerkartenumgebung kompromittiert. Verwenden Sie Ihre B?rgerkarte bis auf weiteres nicht mehr, und setzen Sie sich umgehend mit dem Betreiber des Online-Dienstes, an dem Sie sich anmelden wollten, in Verbindung.
+
+
+validator.40=?berpr?fung der {0}-Infobox fehlgeschlagen\: {1}
+validator.41=?berpr?fung der {0}-Infobox fehlgeschlagen\: Keine Konfigurationsparameter zur ?berpr?fung der {0}-Infobox vorhanden.
+validator.42=?berpr?fung der {0}-Infobox fehlgeschlagen\: Es konnte keine geeignete Applikation zur Verifikation der {0}-Infobox geladen werden.
+validator.43=?berpr?fung der {0}-Infobox fehlgeschlagen\: Der InfoboxReadResponse f?r die {0}-Infobox konnte nicht erfolgreich geparst werden.
+validator.44=?berpr?fung der {0}-Infobox fehlgeschlagen\: In der {0}-Infobox Pr?fapplikation ist ein Fehler aufgetreten.
+validator.45=?berpr?fung der {0}-Infobox fehlgeschlagen\: Der {1} des von der {0}-Infobox Pr?fapplikation zur?ckgegebenen SAML-Attributes Nummer {2} ist {3}.
+validator.46=?berpr?fung der {0}-Infobox fehlgeschlagen\: Der Wert des von der Pr?fapplikation zur?ckgegebenen SAML-Attributes Nummer {1} ist ung?ltig.
+validator.47=?berpr?fung der {0}-Infobox fehlgeschlagen\: Das von der Pr?fapplikation zur?ckgegebene SAML-Attribut Nummer {1} kann nicht eindeutig zugeordnet werden.
+validator.48={0}-Infobox wurde nicht von der BKU ?bermittelt\: F?r die Anmeldung an dieser Online-Applikation ist die {0}-Infobox erforderlich. Bitte melden Sie sich erneut an, und selektieren Sie in Ihrer BKU die {0}-Infobox.
validator.49=Beim Ermitteln der Personenbindungs-OID im Zertifikat, mit dem die Personenbindung signiert wurde, ist ein Fehler aufgetreten.
validator.50=Transformationskette in der Signatur stimmt mit keiner Transformationskette aus dem Pr�fprofil �berein.
-validator.60=�berpr�fung der {0}-Infobox fehlgeschlagen: Vollmachtenpr�fung ist f�r diesen Typ von Vollmachten nicht aktiviert. Die �bermittelte Vollmacht kann nicht f�r eine Anmeldung verwendet werden.
-validator.61=�berpr�fung der {0}-Infobox fehlgeschlagen: Vollmachtenpr�fung ist f�r diesen Typ von Vollmachten f�r berufliche Parteienvertreter nicht aktiviert. Die �bermittelte Vollmacht kann nicht f�r eine Anmeldung verwendet werden.
-validator.62=Fehler in der �bermittlung: keine prim�re Vollmacht �bergeben.
+validator.60=?berpr?fung der {0}-Infobox fehlgeschlagen\: Vollmachtenpr?fung ist f?r diesen Typ von Vollmachten nicht aktiviert. Die ?bermittelte Vollmacht kann nicht f?r eine Anmeldung verwendet werden.
+validator.61=?berpr?fung der {0}-Infobox fehlgeschlagen\: Vollmachtenpr?fung ist f?r diesen Typ von Vollmachten f?r berufliche Parteienvertreter nicht aktiviert. Die ?bermittelte Vollmacht kann nicht f?r eine Anmeldung verwendet werden.
+validator.62=Fehler in der ?bermittlung\: keine prim?re Vollmacht ?bergeben.
validator.63=Es ist ein Fehler bei der Formulargenerierung f�r berufliche Parteienvetretung aufgetreten.
validator.64=Fehler beim Austausch von Vollmachtsdaten
validator.65=Es ist ein Fehler bei der Formulargenerierung f�r berufliche Parteienvetretung aufgetreten - kein Formular zur Anzeige vorhanden.
-validator.66=�berpr�fung der {0}-Infobox fehlgeschlagen: berufliche Parteienvetretung ist nicht konfiguriert.
+validator.66=?berpr?fung der {0}-Infobox fehlgeschlagen\: berufliche Parteienvetretung ist nicht konfiguriert.
+
+validator.67=Der Specialtext ({0}) stimmt nicht mit dem für diese Applikation hinterlegten Text ({1}) überein.
ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen
@@ -179,7 +184,7 @@ stork.01=STORK SAML AuthnRequest nicht g�ltig
stork.02=STORK SAML AuthnRequest kann nicht an folgende URL geschickt werden: {0}
stork.04=STORK SAML Response konnte nicht decodiert werden
stork.05=STORK SAML Response Validierung fehlgeschlagen
-stork.06=STORK SAML Response enth�lt eine Fehlermeldung: {0}
+stork.06=STORK SAML Response enth?lt eine Fehlermeldung\: {0}
stork.07=Es existiert kein STORK AuthnRequest f�r diese STORK Response
stork.08=STORK SAML Assertion Validierung fehlgeschlagen
stork.09=Fehler beim �berpr�fen der STORK B�rgerInnen Signatur
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html b/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html
index 576683dc7..688732c15 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html
@@ -1,59 +1,267 @@
<html>
<head>
+ <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+ <meta content="text/css" http-equiv="Content-Style-Type">
+ <link rel="stylesheet" type="text/css" href="css/index.css">
+ <link type="text/css" rel="stylesheet" href="css/2.0/stammzahl.css">
+ <link type="text/css" rel="stylesheet" href="css/2.0/stylesnew.css">
+ <link type="text/css" rel="stylesheet" href="css/2.0/stylesinput.css">
+ <script type="text/javascript">
+ function isIE() {
+ return (/MSIE (\d+\.\d+);/.test(navigator.userAgent));
+ }
+
+ function isFullscreen() {
+ try {
+ return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height));
+ } catch (e) {
+ return false;
+ }
+ }
+
+ function isActivexEnabled() {
+ var supported = null;
+ try {
+ supported = !!new ActiveXObject("htmlfile");
+ } catch (e) {
+ supported = false;
+ }
+ return supported;
+ }
+
+ function isMetro() {
+ if (!isIE())
+ return false;
+ return !isActivexEnabled() && isFullscreen();
+ }
+
+ window.onload=function() {
+ document.getElementById("localBKU").style.display="none";
+ return;
+ }
+
+ function bkuOnlineClicked() {
+ if (isMetro())
+ document.getElementById("metroDetected").style.display="block";
+ document.getElementById("localBKU").style.display="block";
+
+ setMandateSelection();
+
+ var iFrameURL = "#AUTH_URL#" + "?";
+ iFrameURL += "bkuURI=" + "0";
+ iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
+ iFrameURL += "&MODUL=" + "#MODUL#";
+ iFrameURL += "&ACTION=" + "#ACTION#";
+
+ generateIFrame(iFrameURL);
+ }
+
+ function bkuHandyClicked() {
+ document.getElementById("localBKU").style.display="none";
+
+ setMandateSelection();
+
+ var iFrameURL = "#AUTH_URL#" + "?";
+ iFrameURL += "bkuURI=" + "1";
+ iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
+ iFrameURL += "&MODUL=" + "#MODUL#";
+ iFrameURL += "&ACTION=" + "#ACTION#";
+
+ generateIFrame(iFrameURL);
+ }
+
+ function storkClicked() {
+ document.getElementById("localBKU").style.display="none";
+
+ setMandateSelection();
+
+ var ccc = "AT";
+ var countrySelection = document.getElementById("cccSelection");
+
+ if (countrySelection != null) {
+ ccc = document.getElementById("cccSelection").value;
+ }
+
+ var iFrameURL = "#AUTH_URL#" + "?";
+ iFrameURL += "bkuURI=" + "0";
+ iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
+ iFrameURL += "&ccc=" + ccc;
+ iFrameURL += "&MODUL=" + "#MODUL#";
+ iFrameURL += "&ACTION=" + "#ACTION#";
+
+ generateIFrame(iFrameURL);
+ }
+
+ function generateIFrame(iFrameURL) {
+ var el = document.getElementById("bkulogin");
+ var parent = el.parentNode;
+
+ var iframe = document.createElement("iframe");
+ iframe.setAttribute("src", iFrameURL);
+ iframe.setAttribute("width", "220");
+ iframe.setAttribute("height", "165");
+ iframe.setAttribute("frameborder", "0");
+ iframe.setAttribute("scrolling", "no");
+ iframe.setAttribute("title", "Login");
+
+ parent.replaceChild(iframe, el);
+ }
+
+ function setMandateSelection() {
+ document.getElementById("moaidform").action = "#AUTH_URL#";
+
+ document.getElementById("useMandate").value = "false";
+ var checkbox = document.getElementById("mandateCheckBox");
+ if (checkbox != null) {
+ if (document.getElementById("mandateCheckBox").checked) {
+ document.getElementById("useMandate").value = "true";
+ }
+ }
+ }
+ </script>
</head>
+
+
<body>
- <div style="width: 250px">
- <div id="bku_area">
- <form action="#AUTH_URL#" method="get" id="fcard">
- <input type="hidden" name="bkuURI" value="https://127.0.0.1:3496/https-security-layer-request">
- <input type="hidden" name="OA" value="#OA_URL#">
- <input type="hidden" name="MODUL" value="#MODUL#">
- <input type="hidden" name="ACTION" value="#ACTION#">
- <input type="checkbox" id="mandateCheckBox" name="useMandate" value="true">
- <label for="mandateCheckBox">in Vertretung anmelden</label>
- <div
- style="float: left; width: 48%; text-align: center; position: relative;">
- <div class="image">
- <img src="img/karte.gif" alt="Login mit Karte" width="76"
- height="50" style="margin-top: 1.5em;">
+ <div class="pageWidth">
+
+ <div id="pagebase">
+ <div id="page">
+
+ <div id="header" class="header clearfix">
+ <h1 class="main_header">MOA-ID 2.0 - Login Preview</h1>
+
+<!-- <ul id="servicenav">
+ <li><a href="http://www.dsk.gv.at">Datenschutzkommission<span class="hidden">.</span></a></li>
+ <li><a href="http://www.stammzahlenregister.gv.at/site/5109/default.aspx">Stammzahlenregister<span class="hidden">.</span></a></li>
+ <li><a href="http://www.dsk.gv.at/DesktopDefault.aspx?alias=dvr">Datenverarbeitungsregister<span class="hidden">.</span></a></li>
+ <li><a href="http://www.dsk.gv.at/DesktopDefault.aspx?alias=dsken" lang="en" class="last-item">English<span class="hidden">.</span></a></li>
+ </ul> -->
+
+ <div id="mainnavjump"></div>
+ <p id="homelink"><img src="img/2.0/logo.png" style="width: 250px" alt="EGIZ"></p>
+ <ul id="mainnav" class="clearfix">
+<!-- <li><a href="http://www2.egiz.gv.at">Home<span class="hidden">.</span></a></li> -->
+<!-- <li><a href="http://www.stammzahlenregister.gv.at/site/5970/default.aspx">bPK<span class="hidden">.</span></a></li>
+ <li><a href="http://www.stammzahlenregister.gv.at/site/5981/default.aspx">Ergänzungsregister<span class="hidden">.</span></a></li>
+ <li class="selected"><a href="http://www.stammzahlenregister.gv.at/site/5983/default.aspx" class="current">Vollmachten<span class="hidden"> (gew&auml;hlt)</span><span class="hidden">.</span></a></li>
+ <li><a href="http://www.stammzahlenregister.gv.at/site/6001/default.aspx">Veröffentlichungen<span class="hidden">.</span></a></li> -->
+ </ul>
+
+ </div>
+
+
+ <br class="clearAll">
+
+ <div id="viewcontrol" class="switch">
+ <div id="page1" class="case selected-case">
+ <div style="margin-left: 0px;">
+
+ <h2 class="OA_header">Anmeldung an: #OAName#</h2>
+
+ <div id="main">
+ <div id="leftcontent">
+ <h2 id="tabheader" class="dunkel">
+ Login mit Bürgerkarte
+ </h2>
+ <div id="bkulogin" class="hell">
+
+ <div id="mandateLogin" style="margin-top: 10px; margin-bottom: 10px">
+ <table style="margin-left: auto; margin-right: auto;">
+ <tr>
+ <td><input tabindex="1" type="checkbox" name="Mandate"
+ style="vertical-align: middle; margin-right: 5px"
+ id="mandateCheckBox"></td>
+ <td><label for="mandateCheckBox">in Vertretung anmelden</label></td>
+ <td><a href="info_mandates.html" target="_blank"
+ class="infobutton" style="margin-left: 5px" tabindex="5">i</a></td>
+ </tr>
+ </table>
+ </div>
+
+ <div id="bkukarte" class="hell">
+ <button name="bkuButton" type="button" onClick="bkuOnlineClicked();">KARTE</button>
+ </div>
+
+ <div id="bkuhandy" class="hell">
+ <button name="bkuButton" type="button" onClick="bkuHandyClicked();">HANDY</button>
+ </div>
+
+ <!-- <div id="mandate">
+ <input type="checkbox" name="Mandate" style="vertical-align: middle; margin-right: 5px;" id="mandateCheckBox">
+ <label>in Vertretung anmelden</label>
+ <a href="info_mandates.html" target="_blank" class="infobutton" style="color:#FFF">i</a>
+ </div> -->
+
+ <div id="stork" class="hell" align="center">
+ <div id="leftcontent" style="margin-bottom:10px">
+ <h2 id="tabheader" class="dunkel">
+ Home Country Selection
+ </h2>
+ </div>
+ <p>
+ <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" >
+ <option value="BE">Belgi&euml;/Belgique</option>
+ <option value="EE">Eesti</option>
+ <option value="ES">Espa&ntilde;a</option>
+ <option value="IS">&Iacute;sland</option>
+ <option value="IT">Italia</option>
+ <option value="LI">Liechtenstein</option>
+ <option value="LT">Lithuania</option>
+ <option value="PT">Portugal</option>
+ <option value="SI">Slovenija</option>
+ <option value="FI">Suomi</option>
+ <option value="SE">Sverige</option>
+ </select>
+ <button name="bkuButton" type="button" onClick="storkClicked();">Send</button>
+ <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a>
+ </p>
+ </div>
+ </div>
+
+ <div id="metroDetected" style="display:none" class="hell">
+ <p>
+ Anscheinend verwenden Sie Internet Explorer im Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den Optionen um die Karten-Anmeldung starten zu können.
+ </p>
+ </div>
+
+ <div id="localBKU" style="display:none" class="hell">
+ <hr>
+ <form method="get" id="moaidform">
+ <input type="hidden" name="bkuURI" value="2">
+ <input type="hidden" name="useMandate" id="useMandate">
+ <input type="hidden" name="CCC" id="ccc">
+ <input type="hidden" name="MODUL" value="#MODUL#">
+ <input type="hidden" name="ACTION" value="#ACTION#">
+ <input type="submit" size="400" value="lokale BKU" class="sendButton">
+ </form>
+ <p>
+ <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small>
+ </p>
+ </div>
</div>
- <input type="submit" id="startOnlineBku" name="startOnlineBku"
- value="Karte" class="button">
- </div>
- <div
- style="float: left; width: 48%; text-align: center; position: relative;">
- <div class="image">
- <img src="img/handy.gif" alt="Login mit Handy" width="34"
- height="57" style="margin-top: 1em;">
</div>
- <input type="submit" id="startMobileBku" name="startMobileBku"
- value="Handy" class="button">
</div>
- </form>
+ </div>
+ </div>
+
+ <br style="clear: both">
+ <div id="footer" class="clearfix">
+
+<!-- <h2 class="hidden">&Uuml;ber die Website der Stammzahlenregisterbeh&ouml;rde</h2>
+ <ul>
+ <li><a href="http://www.stammzahlenregister.gv.at/site/5115/Default.aspx" class="first-item">Impressum<span class="hidden">.</span></a></li>
+ <li><a href="http://www.stammzahlenregister.gv.at/site/6004/Default.aspx" lang="en">Sitemap<span class="hidden">.</span></a></li>
+
+ <li><a href="http://www.stammzahlenregister.gv.at/site/5122/Default.aspx">Kontakt<span class="hidden">.</span></a></li>
+ <li><a href="http://www.stammzahlenregister.gv.at/site/6005/Default.aspx">Hilfe<span class="hidden">.</span></a></li>
+ </ul> -->
+ </div>
+
+
+ </div>
</div>
- <form name="storkForm" method="POST"
- action="#AUTH_URL#">
- <input type="hidden" name="bkuURI" value="https://127.0.0.1:3496/https-security-layer-request">
- <input type="hidden" name="OA" value="#OA_URL#">
- <input type="hidden" name="MODULE" value="#MODULE#">
- <input type="hidden" name="ACTION" value="#ACTION#">
- <select name="CCC" size="1" style="width: 120px">
- <option value="BE">België/Belgique</option>
- <option value="EE">Eesti</option>
- <option value="ES">España</option>
- <option value="IS">Ísland</option>
- <option value="IT">Italia</option>
- <option value="LI">Liechtenstein</option>
- <option value="LT">Lithuania</option>
- <option value="PT">Portugal</option>
- <option value="SI">Slovenija</option>
- <option value="FI">Suomi</option>
- <option value="SE">Sverige</option>
- </select> <input type="submit" name="storkButton" value="Send" alt="Send"
- class="button" /> <a href="info_stork.html" target="_blank"
- class="infobutton" style="color: #FFF">i</a>
- </form>
</div>
</body>
-</html> \ No newline at end of file
+</html>