diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-02-03 15:38:24 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-02-03 15:38:24 +0100 |
commit | ef35deb727190363d17d693d10f27171787cc92c (patch) | |
tree | 92f4a4c6133147716328f93b86239d5dd8fcc629 /id/server/idserverlib/src | |
parent | 4333fd60c637f2a739e3db17d00f61c68c465a8e (diff) | |
download | moa-id-spss-ef35deb727190363d17d693d10f27171787cc92c.tar.gz moa-id-spss-ef35deb727190363d17d693d10f27171787cc92c.tar.bz2 moa-id-spss-ef35deb727190363d17d693d10f27171787cc92c.zip |
Solve some merge problems
Diffstat (limited to 'id/server/idserverlib/src')
47 files changed, 657 insertions, 1541 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index e9c8dbc75..06d5b01bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -97,6 +97,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; @@ -1269,7 +1270,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setAuthenticatedUsed(false); session.setAuthenticated(true); - + + //set QAA Level four in case of card authentifcation + session.setQAALevel(PVPConstants.STORK_QAA_1_4); + + String oldsessionID = session.getSessionID(); //Session is implicte stored in changeSessionID!!! diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 767172823..896feed9e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -231,6 +231,8 @@ public class AuthenticationSession implements Serializable { private boolean ssoRequested = false; + private String QAALevel = null; + // private OAuth20SessionObject oAuth20SessionObject; // /** @@ -1005,20 +1007,21 @@ public class AuthenticationSession implements Serializable { public IPersonalAttributeList getStorkAttributes() { return this.storkAttributes; } - + /** -// * @return the oAuth20SessionObject -// */ -// public OAuth20SessionObject getoAuth20SessionObject() { -// return oAuth20SessionObject; -// } -// -// /** -// * @param oAuth20SessionObject -// * the oAuth20SessionObject to set -// */ -// public void setoAuth20SessionObject(OAuth20SessionObject oAuth20SessionObject) { -// this.oAuth20SessionObject = oAuth20SessionObject; -// } + * @return the qAALevel + */ + public String getQAALevel() { + return QAALevel; + } + + /** + * @param qAALevel the qAALevel to set + */ + public void setQAALevel(String qAALevel) { + QAALevel = qAALevel; + } + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 7908578ef..f4212cc78 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -73,6 +73,7 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -197,6 +198,9 @@ public class GetForeignIDServlet extends AuthServlet { IdentityLink identitylink = ilParser.parseIdentityLink();
session.setIdentityLink(identitylink);
+ //set QAA Level four in case of card authentifcation
+ session.setQAALevel(PVPConstants.STORK_QAA_1_4);
+
String samlArtifactBase64 =
AuthenticationServer.getInstance().getForeignAuthenticationData(session);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index b2224e10c..8bf437cca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -72,6 +72,7 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.SSLUtils; @@ -218,6 +219,9 @@ public class GetMISSessionIDServlet extends AuthServlet { session.setAuthenticatedUsed(false); session.setAuthenticated(true); + //set QAA Level four in case of card authentifcation + session.setQAALevel(PVPConstants.STORK_QAA_1_4); + String oldsessionID = session.getSessionID(); //Session is implicite stored in changeSessionID!!! diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 23eb138d9..b356c6f35 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -54,9 +54,11 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -327,6 +329,18 @@ public class PEPSConnectorServlet extends AuthServlet { // stork did the authentication step
moaSession.setAuthenticated(true);
+ //TODO: found better solution, but QAA Level in response could be not supported yet
+ try {
+ moasession.setQAALevel(authnResponse.getAssertions().get(0).
+ getAuthnStatements().get(0).getAuthnContext().
+ getAuthnContextClassRef().getAuthnContextClassRef());
+
+ } catch (Throwable e) {
+ Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
+ moasession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
+
+ }
+
//session is implicit stored in changeSessionID!!!!
String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java deleted file mode 100644 index 80089a423..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java +++ /dev/null @@ -1,72 +0,0 @@ -/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-/**
- *
- */
-package at.gv.egovernment.moa.id.auth.stork;
-
-import org.opensaml.xml.security.credential.Credential;
-
-import eu.stork.vidp.messages.exception.SAMLException;
-
-/**
- * Interface supporting different kinds of Credentials
- *
- * @author bzwattendorfer
- *
- */
-public interface CredentialProvider {
-
- /**
- * Gets appropriate credentials
- * @return Credential object
- * @throws SAMLException
- */
- public Credential getCredential() throws SAMLException;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java deleted file mode 100644 index cf167ba84..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java +++ /dev/null @@ -1,148 +0,0 @@ -/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.stork;
-
-import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
-
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.security.x509.BasicX509Credential;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import at.gv.egovernment.moa.util.KeyStoreUtils;
-import at.gv.egovernment.moa.util.StringUtils;
-import eu.stork.vidp.messages.exception.SAMLException;
-
-/**
- * Provides credentials from a KeyStore
- * @author bzwattendorfer
- *
- */
-public class KeyStoreCredentialProvider implements CredentialProvider {
-
- private final static Logger log = LoggerFactory.getLogger(KeyStoreCredentialProvider.class);
-
- /** KeyStore Path */
- private String keyStorePath;
-
- /** KeyStore Password */
- private String keyStorePassword;
-
- /** Specific Key Name as Credential */
- private String keyName;
-
- /** Key password */
- private String keyPassword;
-
- /**
- * Creates a KeyStoreCredentialProvider object
- * @param keyStorePath KeyStore Path
- * @param keyStorePassword KeyStore Password
- * @param keyName KeyName of the key to be retrieved
- * @param keyPassword Password for the Key
- */
- public KeyStoreCredentialProvider(String keyStorePath,
- String keyStorePassword, String keyName, String keyPassword) {
- super();
- this.keyStorePath = keyStorePath;
- this.keyStorePassword = keyStorePassword;
- this.keyName = keyName;
- this.keyPassword = keyPassword;
- }
-
-
- /**
- * Gets the credential object from the KeyStore
- */
- public Credential getCredential() throws SAMLException {
- log.trace("Retrieving credentials for signing SAML Response.");
-
- if (StringUtils.isEmpty(this.keyStorePath))
- throw new SAMLException("No keyStorePath specified");
-
- //KeyStorePassword optional
- //if (StringUtils.isEmpty(this.keyStorePassword))
- // throw new SAMLException("No keyStorePassword specified");
-
- if (StringUtils.isEmpty(this.keyName))
- throw new SAMLException("No keyName specified");
-
- //KeyStorePassword optional
- //if (StringUtils.isEmpty(this.keyPassword))
- // throw new SAMLException("No keyPassword specified");
-
- KeyStore ks;
- try {
- ks = KeyStoreUtils.loadKeyStore(this.keyStorePath, this.keyStorePassword);
- } catch (Exception e) {
- log.error("Failed to load keystore information", e);
- throw new SAMLException(e);
- }
-
- //return new KeyStoreX509CredentialAdapter(ks, keyName, keyPwd.toCharArray());
- BasicX509Credential credential = null;
- try {
- java.security.cert.X509Certificate certificate = (X509Certificate) ks.getCertificate(this.keyName);
- PrivateKey privateKey = (PrivateKey) ks.getKey(this.keyName, this.keyPassword.toCharArray());
- credential = new BasicX509Credential();
- credential.setEntityCertificate(certificate);
- credential.setPrivateKey(privateKey);
-
- } catch (Exception e) {
- log.error("Error retrieving signing credentials.", e);
- throw new SAMLException(e);
- }
-
- return credential;
-
- }
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java deleted file mode 100644 index dcd1a8a1a..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java +++ /dev/null @@ -1,263 +0,0 @@ -/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-/**
- *
- */
-package at.gv.egovernment.moa.id.auth.stork;
-
-import java.util.List;
-
-import org.joda.time.DateTime;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.Audience;
-import org.opensaml.saml2.core.AudienceRestriction;
-import org.opensaml.saml2.core.Conditions;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.SubjectConfirmationData;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-
-import at.gv.egovernment.moa.logging.Logger;
-import eu.stork.vidp.messages.saml.STORKAttribute;
-import eu.stork.vidp.messages.util.SAMLUtil;
-
-/**
- * Verifies the SAML assertion according to the STORK specification
- * @author bzwattendorfer
- *
- */
-public class PEPSConnectorAssertionVerifier implements AssertionVerifier {
-
- private static final int CLOCK_SKEW_MINUTES = 5;
-
- private static final boolean IS_USERS_CLIENT_IP_ADDRESS_TO_VERIFY = false;
-
- /* (non-Javadoc)
- * @see eu.stork.mw.peps.connector.validation.AssertionVerifier#verifyAssertion(org.opensaml.saml2.core.Assertion, java.lang.String, java.lang.String, java.lang.String)
- */
- public void verify(Assertion assertion, String reqIPAddress,
- String authnRequestID, String recipient, String audience, List<RequestedAttribute> reqAttrList) throws SecurityException {
-
- //SAML assertion need not to be signed, skipping signature validation
-
- verifySubjectConfirmation(assertion, reqIPAddress, authnRequestID, recipient);
-
- Logger.debug("SubjectConfirmationData successfully verified");
-
- verifyConditions(assertion, audience);
-
- Logger.debug("Conditions successfully verified");
- }
-
-
- private void verifySubjectConfirmation(Assertion assertion, String reqAddress, String requestID, String recipient) throws SecurityException {
- for (SubjectConfirmation sc : assertion.getSubject().getSubjectConfirmations()) {
- verifySubjectConfirmationData(sc.getSubjectConfirmationData(), reqAddress, requestID, recipient);
- }
-
- }
-
- private void verifySubjectConfirmationData(SubjectConfirmationData scData, String reqAddress, String requestID, String recipient) throws SecurityException {
- //NotBefore not allowed in SSO profile
- verifyNotOnOrAfter(scData.getNotOnOrAfter());
-
- Logger.trace("NotOnOrAfter successfully verified");
-
- if(IS_USERS_CLIENT_IP_ADDRESS_TO_VERIFY) {
- verifyClientAddress(scData, reqAddress);
- Logger.trace("User's client IP address successfully verified.");
- } else {
- Logger.warn("User's client IP address will not be verified.");
- }
-
- verifyRecipient(scData, recipient);
- Logger.trace("Recipient successfully verified");
-
- verifyInResponseTo(scData, requestID);
- Logger.trace("InResponseTo successfully verified");
-
- }
-
- private void verifyNotBefore(DateTime notBefore) throws SecurityException {
- if (notBefore.minusMinutes(CLOCK_SKEW_MINUTES).isAfterNow()) {
- String msg = "Subject/Assertion not yet valid, Timestamp: ";
- Logger.error(msg + notBefore);
- throw new SecurityException(msg);
- }
-
- Logger.trace("Subject/Assertion already valid, notBefore: " + notBefore);
-
- }
-
- private void verifyNotOnOrAfter(DateTime notOnOrAfter) throws SecurityException {
- if (notOnOrAfter.plusMinutes(CLOCK_SKEW_MINUTES).isBeforeNow()) {
- String msg = "Subject/Assertion no longer valid.";
- Logger.error(msg);
- throw new SecurityException(msg);
- }
-
- Logger.trace("Subject/Assertion still valid, notOnOrAfter: " + notOnOrAfter);
- }
-
- private void verifyClientAddress(SubjectConfirmationData scData, String reqAddress) throws SecurityException {
- if (!reqAddress.equals(scData.getAddress())) {
- String msg = "Response coming from wrong Client-Address";
- Logger.error("Response coming from wrong Client-Address " + reqAddress + ", expected " + scData.getAddress());
- throw new SecurityException(msg);
- }
-
- }
-
- private void verifyInResponseTo(SubjectConfirmationData scData, String requestID) throws SecurityException {
- if (!scData.getInResponseTo().equals(requestID)) {
- String msg = "Assertion issued for wrong request";
- Logger.error(msg);
- throw new SecurityException(msg);
- }
- }
-
- private void verifyRecipient(SubjectConfirmationData scData, String reqRecipient) throws SecurityException {
- if (!scData.getRecipient().equals(reqRecipient)) {
- String msg = "Assertion intended for another recipient";
- Logger.error("Assertion intended for recipient " + scData.getRecipient() + "but expected " + reqRecipient);
- throw new SecurityException(msg);
- }
-
- }
-
- private void verifyAudience(AudienceRestriction audienceRestriction, String reqAudience) throws SecurityException {
- for (Audience audience : audienceRestriction.getAudiences()) {
- if (audience.getAudienceURI().equals(reqAudience))
- return;
- }
- String msg = "Assertion sent to wrong audience";
- Logger.error("Assertion intended for wrong audience, expected " + reqAudience);
- throw new SecurityException(msg);
- }
-
- private void verifyOneTimeUse(String assertionID) {
- //not necessarily required to check since notBefore and notOnOrAfter are verified
- //check response Store for already existing assertion
-
- }
-
- private void verifyConditions(Assertion assertion, String reqAudience) throws SecurityException {
- Conditions conditions = assertion.getConditions();
-
- verifyNotBefore(conditions.getNotBefore());
- Logger.trace("NotBefore successfully verified");
-
- verifyNotOnOrAfter(conditions.getNotOnOrAfter());
- Logger.trace("NotOnOrAfter successfully verified");
-
- verifyAudience(conditions.getAudienceRestrictions().get(0), reqAudience);
-
- Logger.trace("Audience successfully verified");
-
- }
-
- public static void validateRequiredAttributes(
- List<RequestedAttribute> reqAttrList,
- List<Attribute> attrList)
- throws STORKException {
-
- Logger.debug("Starting required attribute validation");
-
- if (reqAttrList == null || reqAttrList.isEmpty()) {
- Logger.error("Requested Attributes list is empty.");
- throw new STORKException("No attributes have been requested");
- }
-
- if (attrList == null || attrList.isEmpty()) {
- Logger.error("STORK AttributeStatement is empty.");
- throw new STORKException("No attributes have been received");
- }
-
- Logger.trace("These attributes have been requested and received: ");
- int count = 0;
- for (RequestedAttribute reqAttr : reqAttrList) {
- Logger.trace("Requested attribute: " + reqAttr.getName() + " isRequired: " + reqAttr.isRequired());
- for(Attribute attr : attrList) {
- if (verifyRequestedAttribute(reqAttr, attr))
- count++;
- }
- }
-
- int numRequiredReqAttr = getNumberOfRequiredAttributes(reqAttrList);
- Logger.trace("Number of requested required attributes: " + numRequiredReqAttr);
- Logger.trace("Number of received required attributes: " + count);
-
- if (count != numRequiredReqAttr) {
- Logger.error("Not all required attributes have been received");
- throw new STORKException("Not all required attributes have been received");
- }
- Logger.debug("Received all required attributes!");
-
- }
-
- private static boolean verifyRequestedAttribute(RequestedAttribute reqAttr, Attribute attr) {
-
- if ((reqAttr.getName()).equals(attr.getName())) {
- if (reqAttr.isRequired() && SAMLUtil.getStatusFromAttribute(attr).equals(STORKAttribute.ALLOWED_ATTRIBUTE_STATUS_AVAIL)) {
- Logger.trace("Received required attribute " + attr.getName() + " status: " + SAMLUtil.getStatusFromAttribute(attr));
- return true;
- }
- }
- return false;
- }
-
- private static int getNumberOfRequiredAttributes(List<RequestedAttribute> reqAttrList) {
- int count = 0;
- for (RequestedAttribute reqAttr : reqAttrList)
- if (reqAttr.isRequired()) count++;
-
- return count;
- }
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java deleted file mode 100644 index f9589950f..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java +++ /dev/null @@ -1,182 +0,0 @@ -/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-/**
- *
- */
-package at.gv.egovernment.moa.id.auth.stork;
-
-import org.opensaml.xml.validation.ValidationException;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.auth.exception.ServiceException;
-import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
-import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.util.XMLUtil;
-import at.gv.egovernment.moa.logging.Logger;
-import eu.stork.mw.messages.saml.STORKResponse;
-import eu.stork.vidp.messages.exception.SAMLValidationException;
-import eu.stork.vidp.messages.util.SAMLUtil;
-
-/**
- * Verifies the SMAL response according to the STORK specification
- * @author bzwattendorfer
- *
- */
-public class PEPSConnectorResponseVerifier implements ResponseVerifier {
-
-
- /* (non-Javadoc)
- * @see eu.stork.mw.peps.connector.validation.ResponseVerifier#verify(org.opensaml.saml2.core.Response)
- */
- public void verify(STORKResponse response) throws SecurityException {
-
- verifySignature(response);
- Logger.debug("Signature of SAML response valid.");
-
- verifyStandardValidation(response);
-
- Logger.debug("SAML response format valid.");
-
- }
-
-
- private void verifySignature(STORKResponse response) throws SecurityException {
- //validate Signature
- try {
- if (response.isSigned()) {
-
- String trustProfileID = AuthConfigurationProvider.getInstance().getStorkConfig().getSignatureVerificationParameter().getTrustProfileID();
-
- Logger.trace("Starting validation of Signature references");
- try {
- SAMLUtil.validateSignatureReferences(response);
- } catch (ValidationException e) {
- Logger.error("Validation of XML Signature refrences failed: " + e.getMessage());
- throw new SecurityException(e);
- }
- Logger.debug("XML Signature references are OK.");
-
- Logger.debug("Invoking MOA-SP with TrustProfileID: " + trustProfileID);
-
- // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
- Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
- .build(XMLUtil.printXML(response.getDOM()).getBytes(), trustProfileID);
-
- Logger.trace("VerifyXMLSignatureRequest for MOA-SP succesfully built");
-
- Logger.trace("Calling MOA-SP");
- // invokes the call
- Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
- .verifyXMLSignature(domVerifyXMLSignatureRequest);
-
- // parses the <VerifyXMLSignatureResponse>
- VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
- domVerifyXMLSignatureResponse).parseData();
-
- Logger.trace("Received VerifyXMLSignatureResponse from MOA-SP");
-
- if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) {
- String msg = "Signature of SAMLResponse not valid";
- Logger.error(msg);
- throw new SecurityException(msg);
- }
-
- Logger.debug("Signature of SAML response successfully verified");
-
- if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) {
- String msg = "Certificate of SAMLResponse not valid";
- Logger.error(msg);
- throw new SecurityException(msg);
- }
-
- Logger.debug("Signing certificate of SAML response succesfully verified");
-
- } else {
- String msg = "SAML Response is not signed.";
- throw new SecurityException(msg);
- }
-
- } catch (ConfigurationException e) {
- String msg = "Unable to load STORK configuration for STORK SAML Response signature verification.";
- Logger.error(msg, e);
- throw new SecurityException(msg, e);
- } catch (ParseException e) {
- String msg = "Unable to parse VerifyXMLSignature Request or Response.";
- Logger.error(msg, e);
- throw new SecurityException(msg, e);
- } catch (BuildException e) {
- String msg = "Unable to parse VerifyXMLSignature Request or Response.";
- Logger.error(msg, e);
- throw new SecurityException(msg, e);
- } catch (ServiceException e) {
- String msg = "Unable to invoke MOA-SP.";
- Logger.error(msg, e);
- throw new SecurityException(msg, e);
- }
-
- }
-
- private void verifyStandardValidation(STORKResponse response) throws SecurityException {
- try {
- SAMLUtil.verifySAMLObjectStandardValidation(response, "saml2-core-schema-and-stork-validator");
- } catch (SAMLValidationException e) {
- String msg ="SAML Response received not valid.";
- throw new SecurityException(msg, e);
- }
-
- }
-
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java deleted file mode 100644 index ea3d4101b..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java +++ /dev/null @@ -1,66 +0,0 @@ -/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.stork;
-
-import eu.stork.mw.messages.saml.STORKResponse;
-
-/**
- * Interface to be implemented for SAML response verification
- * @author bzwattendorfer
- *
- */
-public interface ResponseVerifier {
-
- /**
- * Verifies a STORK response
- * @param response STORK response
- * @throws SecurityException
- */
- public void verify(STORKResponse response) throws SecurityException;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java deleted file mode 100644 index 5dc615b6c..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java +++ /dev/null @@ -1,187 +0,0 @@ -/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/**
- *
- */
-package at.gv.egovernment.moa.id.auth.stork;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.app.VelocityEngine;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.Endpoint;
-import org.opensaml.ws.transport.http.HTTPOutTransport;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.security.credential.Credential;
-
-import at.gv.egovernment.moa.logging.Logger;
-import eu.stork.mw.messages.saml.STORKAuthnRequest;
-import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
-import eu.stork.vidp.messages.exception.SAMLException;
-import eu.stork.vidp.messages.exception.SAMLValidationException;
-import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
-import eu.stork.vidp.messages.stork.RequestedAttributes;
-import eu.stork.vidp.messages.util.SAMLUtil;
-
-/**
- * Class handling all necessary functionality for STORK AuthnRequest processing
- *
- * @author bzwattendorfer
- *
- */
-public class STORKAuthnRequestProcessor {
-
- /**
- * Creates a STORK AuthnRequest
- * @param destination Destination URL
- * @param acsURL Assertion Consumer Service URL
- * @param providerName SP Provider Name
- * @param issuerValue Issuer Name
- * @param qaaLevel STORK QAALevel to be requested
- * @param requestedAttributes Requested Attributes to be requested
- * @param spSector Sp Sector
- * @param spInstitution SP Institution
- * @param spApplication SP Application
- * @param spCountry SP Country
- * @param textToBeSigned text to be included in signedDoc element
- * @param mimeType mimeType for the text to be signed in signedDoc
- * @return STORK AuthnRequest
- */
- public static STORKAuthnRequest generateSTORKAuthnRequest(
- String destination,
- String acsURL,
- String providerName,
- String issuerValue,
- QualityAuthenticationAssuranceLevel qaaLevel,
- RequestedAttributes requestedAttributes,
- String spSector,
- String spInstitution,
- String spApplication,
- String spCountry,
- String textToBeSigned,
- String mimeType) {
-
-
- STORKAuthnRequest storkAuthnRequest =
- STORKMessagesBuilder.buildSTORKAuthnRequest(
- destination,
- acsURL,
- providerName,
- issuerValue,
- qaaLevel,
- requestedAttributes,
- spSector,
- spInstitution,
- spApplication,
- spCountry);
-
- STORKMessagesBuilder.buildAndAddSignatureRequestToAuthnRequest(storkAuthnRequest, textToBeSigned, mimeType, true);
-
- Logger.debug("Added signedDoc attribute to STORK AuthnRequest");
-
- return storkAuthnRequest;
-
- }
-
- /**
- * Signs a STORK AuthnRequest
- * @param storkAuthnRequest STORK AuthRequest to sign
- * @param keyStorePath KeyStorePath to the signing key
- * @param keyStorePassword KeyStore Password
- * @param keyName Signing key name
- * @param keyPassword Signing key password
- * @return Signed STORK AuthnRequest
- * @throws SAMLException
- */
- public static STORKAuthnRequest signSTORKAuthnRequest(
- STORKAuthnRequest storkAuthnRequest,
- String keyStorePath,
- String keyStorePassword,
- String keyName,
- String keyPassword) throws SAMLException {
-
- Logger.trace("Building Credential Provider for signing process");
-
- CredentialProvider credentialProvider = new KeyStoreCredentialProvider(keyStorePath, keyStorePassword, keyName, keyPassword);
-
- Credential credential = credentialProvider.getCredential();
-
- Logger.trace("Credentials found");
-
- SAMLUtil.signSAMLObject(storkAuthnRequest, credential);
-
- return storkAuthnRequest;
- }
-
- /**
- * Validates a STORK AuthnRequest
- * @param storkAuthnRequest STORK AuthnRequest to validate
- * @throws SAMLValidationException
- */
- public static void validateSTORKAuthnRequest(STORKAuthnRequest storkAuthnRequest) throws SAMLValidationException {
-
- SAMLUtil.verifySAMLObjectStandardValidation(storkAuthnRequest, "saml2-core-schema-and-stork-validator");
-
- }
-
- /**
- * Sends a STORK AuthnRequest (Endpoint taken out of AuthnRequest)
- * @param request HttpServletRequest
- * @param response HttpServletResponse
- * @param storkAuthnRequest STORK AuthnRequest to send
- * @throws Exception
- */
- public static void sendSTORKAuthnRequest(HttpServletRequest request, HttpServletResponse response, STORKAuthnRequest storkAuthnRequest) throws Exception {
-
- Logger.trace("Create endpoint...");
- Endpoint endpoint = STORKMessagesBuilder.buildSAMLObject(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
- endpoint.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
- endpoint.setLocation(storkAuthnRequest.getDestination());
-
-
- Logger.trace("Prepare SAMLMessageContext...");
- HTTPOutTransport outTransport = new HttpServletResponseAdapter(response, request.isSecure());
- BasicSAMLMessageContext<?, STORKAuthnRequest, ?> samlMessageContext = new BasicSAMLMessageContext();
- samlMessageContext.setOutboundMessageTransport(outTransport);
- samlMessageContext.setPeerEntityEndpoint(endpoint);
-
- Logger.trace("Set STORK SAML AuthnRequest to SAMLMessageContext...");
- samlMessageContext.setOutboundSAMLMessage(storkAuthnRequest);
-
- Logger.trace("Initialize VelocityEngine...");
-
- VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
-
-// HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/templates/saml2-post-binding.vm");
- HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/saml2-post-binding-moa.vm");
-
- Logger.trace("HTTP-Post encode SAMLMessageContext...");
- encoder.encode(samlMessageContext);
- }
-
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 1fa7e5eb2..1804b5fd5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -63,6 +63,7 @@ import javax.xml.bind.JAXBContext; import javax.xml.bind.Unmarshaller; import org.hibernate.cfg.Configuration; +import org.opensaml.DefaultBootstrap; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; @@ -363,9 +364,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider { //Initialize OpenSAML for STORK -// Logger.info("Starting initialization of OpenSAML..."); -// STORKBootstrap.bootstrap(); -// Logger.debug("OpenSAML successfully initialized"); + Logger.info("Starting initialization of OpenSAML..."); + DefaultBootstrap.bootstrap(); + Logger.debug("OpenSAML successfully initialized"); String legacyconfig = props.getProperty("configuration.xml.legacy"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 998e28f6a..7a38e2afd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -273,7 +273,12 @@ public boolean isOnlyMandateAllowed() { * @return true, if is we should show stork login */ public boolean isShowStorkLogin() { - return oa_auth.getOASTORK().isStorkLogonEnabled(); + try { + return oa_auth.getOASTORK().isStorkLogonEnabled(); + + } catch (NullPointerException e) { + return false; + } } public Map<String, String> getFormCustomizaten() { @@ -322,7 +327,12 @@ public Map<String, String> getFormCustomizaten() { } public Integer getQaaLevel() { - return oa_auth.getOASTORK().getQaa(); + + if (oa_auth.getOASTORK() != null && oa_auth.getOASTORK().getQaa() != null) + return oa_auth.getOASTORK().getQaa(); + + else + return 4; } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java index 5b4843752..0172cce2d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x; public interface PVPConstants { + public static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/citizenQAALevel/"; public static final String STORK_QAA_1_1 = "http://www.stork.gov.eu/1.0/citizenQAALevel/1"; public static final String STORK_QAA_1_2 = "http://www.stork.gov.eu/1.0/citizenQAALevel/2"; public static final String STORK_QAA_1_3 = "http://www.stork.gov.eu/1.0/citizenQAALevel/3"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index 28299871c..7c9cc6259 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.jcp.xml.dsig.internal.dom.DOMURIDereferencer; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.common.xml.SAMLConstants; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 17f76d35a..bc90da8df 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -74,6 +74,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedExcept import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.id.util.QAALevelVerifier; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -89,45 +90,59 @@ public class PVP2AssertionBuilder implements PVPConstants { AuthnContextClassRef authnContextClassRef = SAML2Utils .createSAMLObject(AuthnContextClassRef.class); + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter( + peerEntity.getEntityID()); + if (reqAuthnContext == null) { authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); - } else { + } - boolean stork_qaa_1_4_found = false; + boolean stork_qaa_1_4_found = false; + + List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext + .getAuthnContextClassRefs(); - List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext - .getAuthnContextClassRefs(); + if (reqAuthnContextClassRefIt.size() == 0) { + + QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(), + STORK_QAA_1_4); - if (reqAuthnContextClassRefIt.size() == 0) { - stork_qaa_1_4_found = true; - authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); - - } else { - for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) { - String qaa_uri = authnClassRef.getAuthnContextClassRef(); - if (qaa_uri.trim().equals(STORK_QAA_1_4) - || qaa_uri.trim().equals(STORK_QAA_1_3) - || qaa_uri.trim().equals(STORK_QAA_1_2) - || qaa_uri.trim().equals(STORK_QAA_1_1)) { - - if (authSession.isForeigner()) { - //TODO: insert QAA check - - stork_qaa_1_4_found = false; - - } else { - stork_qaa_1_4_found = true; - authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); - } - break; + stork_qaa_1_4_found = true; + authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); + + } else { + for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) { + String qaa_uri = authnClassRef.getAuthnContextClassRef(); + if (qaa_uri.trim().equals(STORK_QAA_1_4) + || qaa_uri.trim().equals(STORK_QAA_1_3) + || qaa_uri.trim().equals(STORK_QAA_1_2) + || qaa_uri.trim().equals(STORK_QAA_1_1)) { + + if (authSession.isForeigner()) { + QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(), + STORK_QAA_PREFIX + oaParam.getQaaLevel()); + + stork_qaa_1_4_found = true; + authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); + + } else { + + QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(), + qaa_uri.trim()); + + stork_qaa_1_4_found = true; + authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); + } + break; } } - - if (!stork_qaa_1_4_found) { - throw new QAANotSupportedException(STORK_QAA_1_4); - } + } + + if (!stork_qaa_1_4_found) { + throw new QAANotSupportedException(STORK_QAA_1_4); } // reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs() @@ -209,12 +224,6 @@ public class PVP2AssertionBuilder implements PVPConstants { * null, true); } } */ - // TODO: LOAD oaParam from request and not from MOASession in case of - // SSO - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - peerEntity.getEntityID()); - AuthenticationData authData = AuthenticationServer .buildAuthenticationData(authSession, oaParam, oaParam.getTarget()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java index 523063c6e..f3d815e7d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java @@ -31,6 +31,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.util.MiscUtil; public class BirthdateAttributeBuilder implements IPVPAttributeBuilder { @@ -44,11 +45,19 @@ public class BirthdateAttributeBuilder implements IPVPAttributeBuilder { IAttributeGenerator<ATT> g) throws AttributeException { try { DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); - Date date = identityLinkFormat.parse(authSession.getIdentityLink().getDateOfBirth()); - DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN); - String dateString = pvpDateFormat.format(date); - return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString); + if (MiscUtil.isNotEmpty(authSession.getIdentityLink().getDateOfBirth())) { + Date date = identityLinkFormat.parse(authSession.getIdentityLink().getDateOfBirth()); + DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN); + String dateString = pvpDateFormat.format(date); + + return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString); + + } else { + //build empty attribute if no Birthday date is found (STORK2) + return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME); + + } //return buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index d318792f1..f4b48ece3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -22,14 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; -import java.io.IOException; import java.util.ArrayList; -import java.util.Date; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.xml.transform.TransformerException; import org.joda.time.DateTime; import org.opensaml.Configuration; @@ -40,12 +37,10 @@ import org.opensaml.saml2.core.EncryptedAssertion; import org.opensaml.saml2.core.Issuer; import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.core.Response; -import org.opensaml.saml2.core.impl.EncryptedAssertionBuilder; import org.opensaml.saml2.encryption.Encrypter; import org.opensaml.saml2.encryption.Encrypter.KeyPlacement; import org.opensaml.saml2.metadata.AssertionConsumerService; import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.saml2.metadata.KeyDescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.security.MetadataCredentialResolver; import org.opensaml.security.MetadataCriteria; @@ -54,17 +49,13 @@ import org.opensaml.xml.encryption.EncryptionConstants; import org.opensaml.xml.encryption.EncryptionException; import org.opensaml.xml.encryption.EncryptionParameters; import org.opensaml.xml.encryption.KeyEncryptionParameters; -import org.opensaml.xml.io.MarshallingException; import org.opensaml.xml.security.CriteriaSet; import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.credential.UsageType; import org.opensaml.xml.security.criteria.EntityIDCriteria; import org.opensaml.xml.security.criteria.UsageCriteria; import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory; -import org.opensaml.xml.security.x509.BasicX509Credential; import org.opensaml.xml.security.x509.X509Credential; -import org.opensaml.xml.signature.KeyInfo; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -80,7 +71,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedEx import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.PrettyPrinter; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java index 1963115da..e3e25b1a9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java @@ -37,7 +37,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.KeyStoreUtils; -import at.gv.egovernment.moa.util.MiscUtil; public class CredentialProvider { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java index d398ca533..f0ae6f446 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java @@ -113,10 +113,12 @@ public class MetadataSignatureFilter implements MetadataFilter { throw new MOAIDException("Root element of metadata file has to be signed", null); } processEntitiesDescriptor(entitiesDescriptor); - } /*else if (metadata instanceof EntityDescriptor) { + + } else if (metadata instanceof EntityDescriptor) { EntityDescriptor entityDescriptor = (EntityDescriptor) metadata; processEntityDescriptorr(entityDescriptor); - } */else { + + } else { throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java index e48c7bb98..67a91f6e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java @@ -34,36 +34,36 @@ import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider; import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider; import org.opensaml.xml.signature.SignatureTrustEngine; import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine; -import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine; +//import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver; +//import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver; public class TrustEngineFactory { - public static SignatureTrustEngine getSignatureTrustEngine() { - try { - MetadataPKIXValidationInformationResolver mdResolver = new MetadataPKIXValidationInformationResolver( - MOAMetadataProvider.getInstance()); - - List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>(); - keyInfoProvider.add(new DSAKeyValueProvider()); - keyInfoProvider.add(new RSAKeyValueProvider()); - keyInfoProvider.add(new InlineX509DataProvider()); - - KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( - keyInfoProvider); - - PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine( - mdResolver, keyInfoResolver); - - return engine; - - } catch (Exception e) { - e.printStackTrace(); - return null; - } - } +// public static SignatureTrustEngine getSignatureTrustEngine() { +// try { +// MetadataPKIXValidationInformationResolver mdResolver = new MetadataPKIXValidationInformationResolver( +// MOAMetadataProvider.getInstance()); +// +// List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>(); +// keyInfoProvider.add(new DSAKeyValueProvider()); +// keyInfoProvider.add(new RSAKeyValueProvider()); +// keyInfoProvider.add(new InlineX509DataProvider()); +// +// KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( +// keyInfoProvider); +// +// PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine( +// mdResolver, keyInfoResolver); +// +// return engine; +// +// } catch (Exception e) { +// e.printStackTrace(); +// return null; +// } +// } public static SignatureTrustEngine getSignatureKnownKeysTrustEngine() { MetadataCredentialResolver resolver; diff --git a/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWService.java b/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWService.java index 77969010f..9562d1c42 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWService.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWService.java @@ -14,7 +14,7 @@ import javax.xml.ws.WebServiceFeature; /** * This class was generated by the JAX-WS RI. * JAX-WS RI 2.2.4-b01 - * Generated source version: 2.2 + * Generated source version: 2.1 * */ @WebServiceClient(name = "SZRGWService", targetNamespace = "http://reference.e-government.gv.at/namespace/szrgw/20070807/wsdl", wsdlLocation = "file:/D:/Projekte/svn/online-vollmachten/egovutils/src/main/resources/wsdl/szrgw/szrgw.wsdl") @@ -42,26 +42,10 @@ public class SZRGWService super(__getWsdlLocation(), SZRGWSERVICE_QNAME); } - public SZRGWService(WebServiceFeature... features) { - super(__getWsdlLocation(), SZRGWSERVICE_QNAME, features); - } - - public SZRGWService(URL wsdlLocation) { - super(wsdlLocation, SZRGWSERVICE_QNAME); - } - - public SZRGWService(URL wsdlLocation, WebServiceFeature... features) { - super(wsdlLocation, SZRGWSERVICE_QNAME, features); - } - public SZRGWService(URL wsdlLocation, QName serviceName) { super(wsdlLocation, serviceName); } - public SZRGWService(URL wsdlLocation, QName serviceName, WebServiceFeature... features) { - super(wsdlLocation, serviceName, features); - } - /** * * @return diff --git a/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWType.java b/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWType.java index 01ca437c9..9f0a8bd6d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWType.java @@ -14,7 +14,7 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; /** * This class was generated by the JAX-WS RI. * JAX-WS RI 2.2.4-b01 - * Generated source version: 2.2 + * Generated source version: 2.1 * */ @WebService(name = "SZRGWType", targetNamespace = "http://reference.e-government.gv.at/namespace/szrgw/20070807/wsdl") diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/AbstractPersonType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/AbstractPersonType.java index eb9ff0739..ebcee3d1d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/AbstractPersonType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/AbstractPersonType.java @@ -62,7 +62,7 @@ public class AbstractPersonType { @XmlElement(name = "Identification") protected List<IdentificationType> identification; - @XmlElementRef(name = "AbstractSimpleIdentification", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class, required = false) + @XmlElementRef(name = "AbstractSimpleIdentification", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class) protected List<JAXBElement<? extends AbstractSimpleIdentificationType>> abstractSimpleIdentification; @XmlAttribute(name = "Id") @XmlJavaTypeAdapter(CollapsedStringAdapter.class) @@ -120,14 +120,14 @@ public class AbstractPersonType { * <p> * Objects of the following type(s) are allowed in the list * {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >} - * {@link JAXBElement }{@code <}{@link Firmenbuchnummer }{@code >} * {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >} - * {@link JAXBElement }{@code <}{@link ZMRzahl }{@code >} * {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >} - * {@link JAXBElement }{@code <}{@link ERJPZahl }{@code >} - * {@link JAXBElement }{@code <}{@link Vereinsnummer }{@code >} * {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >} + * {@link JAXBElement }{@code <}{@link ZMRzahl }{@code >} * {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >} + * {@link JAXBElement }{@code <}{@link Vereinsnummer }{@code >} + * {@link JAXBElement }{@code <}{@link Firmenbuchnummer }{@code >} + * {@link JAXBElement }{@code <}{@link ERJPZahl }{@code >} * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactCorporateBodyType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactCorporateBodyType.java index 0a542e073..bd7d32493 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactCorporateBodyType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactCorporateBodyType.java @@ -188,8 +188,8 @@ public class CompactCorporateBodyType * * <p> * Objects of the following type(s) are allowed in the list - * {@link Element } * {@link Object } + * {@link Element } * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPersonDataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPersonDataType.java index 1aa6acbf4..aad9fa004 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPersonDataType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPersonDataType.java @@ -63,7 +63,7 @@ public class CompactPersonDataType @XmlElementRef(name = "Person", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class) protected JAXBElement<? extends AbstractPersonType> person; - @XmlElementRef(name = "Address", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class, required = false) + @XmlElementRef(name = "Address", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class) protected List<JAXBElement<? extends AbstractAddressType>> address; @XmlElement(name = "Signature", namespace = "http://www.w3.org/2000/09/xmldsig#") protected List<SignatureType> signature; @@ -75,11 +75,11 @@ public class CompactPersonDataType * * @return * possible object is - * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >} - * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >} - * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >} * {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >} + * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >} + * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >} * {@link JAXBElement }{@code <}{@link CompactCorporateBodyType }{@code >} + * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >} * */ public JAXBElement<? extends AbstractPersonType> getPerson() { @@ -91,11 +91,11 @@ public class CompactPersonDataType * * @param value * allowed object is - * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >} - * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >} - * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >} * {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >} + * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >} + * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >} * {@link JAXBElement }{@code <}{@link CompactCorporateBodyType }{@code >} + * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >} * */ public void setPerson(JAXBElement<? extends AbstractPersonType> value) { @@ -120,12 +120,12 @@ public class CompactPersonDataType * * <p> * Objects of the following type(s) are allowed in the list + * {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >} + * {@link JAXBElement }{@code <}{@link CompactPostalAddressType }{@code >} * {@link JAXBElement }{@code <}{@link InternetAddressType }{@code >} * {@link JAXBElement }{@code <}{@link TelephoneAddressType }{@code >} * {@link JAXBElement }{@code <}{@link AbstractAddressType }{@code >} * {@link JAXBElement }{@code <}{@link TypedPostalAddressType }{@code >} - * {@link JAXBElement }{@code <}{@link CompactPostalAddressType }{@code >} - * {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >} * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPhysicalPersonType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPhysicalPersonType.java index 94e97ea12..1e37799b0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPhysicalPersonType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPhysicalPersonType.java @@ -240,8 +240,8 @@ public class CompactPhysicalPersonType * * <p> * Objects of the following type(s) are allowed in the list - * {@link Element } * {@link Object } + * {@link Element } * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CorporateBodyType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CorporateBodyType.java index 19d957d80..6596ae3ac 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CorporateBodyType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CorporateBodyType.java @@ -256,8 +256,8 @@ public class CorporateBodyType * * <p> * Objects of the following type(s) are allowed in the list - * {@link Element } * {@link Object } + * {@link Element } * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/IdentificationType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/IdentificationType.java index f22d6858a..df20e777f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/IdentificationType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/IdentificationType.java @@ -172,8 +172,8 @@ public class IdentificationType { * * <p> * Objects of the following type(s) are allowed in the list - * {@link Element } * {@link Object } + * {@link Element } * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/InternetAddressType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/InternetAddressType.java index 2afa51544..90dfd4110 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/InternetAddressType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/InternetAddressType.java @@ -121,8 +121,8 @@ public class InternetAddressType * * <p> * Objects of the following type(s) are allowed in the list - * {@link Element } * {@link Object } + * {@link Element } * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/NationalityType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/NationalityType.java index 4a426fc93..ebc563acb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/NationalityType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/NationalityType.java @@ -52,10 +52,10 @@ import org.w3c.dom.Element; public class NationalityType { @XmlElementRefs({ - @XmlElementRef(name = "ISOCode3", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class), - @XmlElementRef(name = "CountryNameEN", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class), @XmlElementRef(name = "CountryNameFR", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class), - @XmlElementRef(name = "CountryNameDE", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class) + @XmlElementRef(name = "CountryNameEN", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class), + @XmlElementRef(name = "CountryNameDE", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class), + @XmlElementRef(name = "ISOCode3", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class) }) @XmlMixed @XmlAnyElement(lax = true) @@ -79,13 +79,13 @@ public class NationalityType { * * <p> * Objects of the following type(s) are allowed in the list - * {@link Element } * {@link JAXBElement }{@code <}{@link String }{@code >} * {@link JAXBElement }{@code <}{@link String }{@code >} - * {@link Object } * {@link String } * {@link JAXBElement }{@code <}{@link String }{@code >} * {@link JAXBElement }{@code <}{@link String }{@code >} + * {@link Element } + * {@link Object } * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PersonDataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PersonDataType.java index cefaa3bbd..699519798 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PersonDataType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PersonDataType.java @@ -63,7 +63,7 @@ public class PersonDataType @XmlElementRef(name = "Person", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class) protected JAXBElement<? extends AbstractPersonType> person; - @XmlElementRef(name = "Address", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class, required = false) + @XmlElementRef(name = "Address", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class) protected List<JAXBElement<? extends AbstractAddressType>> address; @XmlElement(name = "Signature", namespace = "http://www.w3.org/2000/09/xmldsig#") protected List<SignatureType> signature; @@ -75,11 +75,11 @@ public class PersonDataType * * @return * possible object is - * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >} - * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >} - * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >} * {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >} + * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >} + * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >} * {@link JAXBElement }{@code <}{@link CompactCorporateBodyType }{@code >} + * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >} * */ public JAXBElement<? extends AbstractPersonType> getPerson() { @@ -91,11 +91,11 @@ public class PersonDataType * * @param value * allowed object is - * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >} - * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >} - * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >} * {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >} + * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >} + * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >} * {@link JAXBElement }{@code <}{@link CompactCorporateBodyType }{@code >} + * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >} * */ public void setPerson(JAXBElement<? extends AbstractPersonType> value) { @@ -120,12 +120,12 @@ public class PersonDataType * * <p> * Objects of the following type(s) are allowed in the list + * {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >} + * {@link JAXBElement }{@code <}{@link CompactPostalAddressType }{@code >} * {@link JAXBElement }{@code <}{@link InternetAddressType }{@code >} * {@link JAXBElement }{@code <}{@link TelephoneAddressType }{@code >} * {@link JAXBElement }{@code <}{@link AbstractAddressType }{@code >} * {@link JAXBElement }{@code <}{@link TypedPostalAddressType }{@code >} - * {@link JAXBElement }{@code <}{@link CompactPostalAddressType }{@code >} - * {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >} * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PhysicalPersonType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PhysicalPersonType.java index f2727635e..4c5a5e34f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PhysicalPersonType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PhysicalPersonType.java @@ -484,8 +484,8 @@ public class PhysicalPersonType * * <p> * Objects of the following type(s) are allowed in the list - * {@link Element } * {@link Object } + * {@link Element } * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TelephoneAddressType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TelephoneAddressType.java index eb7640237..2e8e7e6e3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TelephoneAddressType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TelephoneAddressType.java @@ -125,8 +125,8 @@ public class TelephoneAddressType * * <p> * Objects of the following type(s) are allowed in the list - * {@link Element } * {@link Object } + * {@link Element } * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TypedPostalAddressType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TypedPostalAddressType.java index c85e2ec69..0b53e5e6a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TypedPostalAddressType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TypedPostalAddressType.java @@ -120,8 +120,8 @@ public class TypedPostalAddressType * * <p> * Objects of the following type(s) are allowed in the list - * {@link Element } * {@link Object } + * {@link Element } * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/AdviceType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/AdviceType.java index e8ec84ccf..fb556ea95 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/AdviceType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/AdviceType.java @@ -41,8 +41,8 @@ import org.w3c.dom.Element; public class AdviceType { @XmlElementRefs({ - @XmlElementRef(name = "Assertion", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class, required = false), - @XmlElementRef(name = "AssertionIDReference", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class, required = false) + @XmlElementRef(name = "Assertion", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class), + @XmlElementRef(name = "AssertionIDReference", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class) }) @XmlAnyElement(lax = true) protected List<Object> assertionIDReferenceOrAssertionOrAny; @@ -65,10 +65,10 @@ public class AdviceType { * * <p> * Objects of the following type(s) are allowed in the list + * {@link JAXBElement }{@code <}{@link String }{@code >} * {@link Element } * {@link JAXBElement }{@code <}{@link AssertionType }{@code >} * {@link Object } - * {@link JAXBElement }{@code <}{@link String }{@code >} * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/SubjectType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/SubjectType.java index 6845e807a..89b61c35c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/SubjectType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/SubjectType.java @@ -41,8 +41,8 @@ import javax.xml.bind.annotation.XmlType; public class SubjectType { @XmlElementRefs({ - @XmlElementRef(name = "NameIdentifier", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class, required = false), - @XmlElementRef(name = "SubjectConfirmation", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class, required = false) + @XmlElementRef(name = "NameIdentifier", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class), + @XmlElementRef(name = "SubjectConfirmation", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class) }) protected List<JAXBElement<?>> content; diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyInfoType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyInfoType.java index 1f980f6df..c6845af5e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyInfoType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyInfoType.java @@ -53,13 +53,13 @@ import org.w3c.dom.Element; public class KeyInfoType { @XmlElementRefs({ - @XmlElementRef(name = "MgmtData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "PGPData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "X509Data", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "RetrievalMethod", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "KeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "SPKIData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "KeyName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false) + @XmlElementRef(name = "PGPData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "X509Data", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "KeyName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "RetrievalMethod", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "SPKIData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "MgmtData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "KeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class) }) @XmlMixed @XmlAnyElement(lax = true) @@ -88,16 +88,16 @@ public class KeyInfoType { * * <p> * Objects of the following type(s) are allowed in the list - * {@link Element } - * {@link JAXBElement }{@code <}{@link String }{@code >} * {@link JAXBElement }{@code <}{@link PGPDataType }{@code >} * {@link JAXBElement }{@code <}{@link X509DataType }{@code >} + * {@link JAXBElement }{@code <}{@link String }{@code >} * {@link JAXBElement }{@code <}{@link RetrievalMethodType }{@code >} - * {@link Object } - * {@link JAXBElement }{@code <}{@link KeyValueType }{@code >} * {@link String } * {@link JAXBElement }{@code <}{@link SPKIDataType }{@code >} + * {@link Element } + * {@link JAXBElement }{@code <}{@link KeyValueType }{@code >} * {@link JAXBElement }{@code <}{@link String }{@code >} + * {@link Object } * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyValueType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyValueType.java index 55001162c..68693eace 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyValueType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyValueType.java @@ -42,8 +42,8 @@ import org.w3c.dom.Element; public class KeyValueType { @XmlElementRefs({ - @XmlElementRef(name = "RSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "DSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false) + @XmlElementRef(name = "RSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "DSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class) }) @XmlMixed @XmlAnyElement(lax = true) @@ -68,10 +68,10 @@ public class KeyValueType { * <p> * Objects of the following type(s) are allowed in the list * {@link JAXBElement }{@code <}{@link RSAKeyValueType }{@code >} - * {@link Element } + * {@link JAXBElement }{@code <}{@link DSAKeyValueType }{@code >} * {@link String } + * {@link Element } * {@link Object } - * {@link JAXBElement }{@code <}{@link DSAKeyValueType }{@code >} * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/ObjectFactory.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/ObjectFactory.java index a32d3badc..167a019bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/ObjectFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/ObjectFactory.java @@ -25,6 +25,7 @@ import javax.xml.namespace.QName; @XmlRegistry public class ObjectFactory { + private final static QName _SignatureMethodTypeHMACOutputLength_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "HMACOutputLength"); private final static QName _PGPData_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPData"); private final static QName _SPKIData_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SPKIData"); private final static QName _CanonicalizationMethod_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "CanonicalizationMethod"); @@ -49,16 +50,15 @@ public class ObjectFactory { private final static QName _Transform_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "Transform"); private final static QName _DigestValue_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "DigestValue"); private final static QName _KeyValue_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "KeyValue"); - private final static QName _TransformTypeXPath_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "XPath"); + private final static QName _PGPDataTypePGPKeyID_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyID"); + private final static QName _PGPDataTypePGPKeyPacket_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyPacket"); + private final static QName _SPKIDataTypeSPKISexp_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SPKISexp"); private final static QName _X509DataTypeX509IssuerSerial_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509IssuerSerial"); private final static QName _X509DataTypeX509Certificate_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509Certificate"); private final static QName _X509DataTypeX509SKI_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509SKI"); private final static QName _X509DataTypeX509SubjectName_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509SubjectName"); private final static QName _X509DataTypeX509CRL_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509CRL"); - private final static QName _SignatureMethodTypeHMACOutputLength_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "HMACOutputLength"); - private final static QName _SPKIDataTypeSPKISexp_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SPKISexp"); - private final static QName _PGPDataTypePGPKeyID_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyID"); - private final static QName _PGPDataTypePGPKeyPacket_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyPacket"); + private final static QName _TransformTypeXPath_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "XPath"); /** * Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: at.gv.util.xsd.xmldsig @@ -244,6 +244,15 @@ public class ObjectFactory { } /** + * Create an instance of {@link JAXBElement }{@code <}{@link BigInteger }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "HMACOutputLength", scope = SignatureMethodType.class) + public JAXBElement<BigInteger> createSignatureMethodTypeHMACOutputLength(BigInteger value) { + return new JAXBElement<BigInteger>(_SignatureMethodTypeHMACOutputLength_QNAME, BigInteger.class, SignatureMethodType.class, value); + } + + /** * Create an instance of {@link JAXBElement }{@code <}{@link PGPDataType }{@code >}} * */ @@ -463,9 +472,27 @@ public class ObjectFactory { * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} * */ - @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "XPath", scope = TransformType.class) - public JAXBElement<String> createTransformTypeXPath(String value) { - return new JAXBElement<String>(_TransformTypeXPath_QNAME, String.class, TransformType.class, value); + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyID", scope = PGPDataType.class) + public JAXBElement<String> createPGPDataTypePGPKeyID(String value) { + return new JAXBElement<String>(_PGPDataTypePGPKeyID_QNAME, String.class, PGPDataType.class, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyPacket", scope = PGPDataType.class) + public JAXBElement<String> createPGPDataTypePGPKeyPacket(String value) { + return new JAXBElement<String>(_PGPDataTypePGPKeyPacket_QNAME, String.class, PGPDataType.class, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SPKISexp", scope = SPKIDataType.class) + public JAXBElement<String> createSPKIDataTypeSPKISexp(String value) { + return new JAXBElement<String>(_SPKIDataTypeSPKISexp_QNAME, String.class, SPKIDataType.class, value); } /** @@ -514,39 +541,12 @@ public class ObjectFactory { } /** - * Create an instance of {@link JAXBElement }{@code <}{@link BigInteger }{@code >}} - * - */ - @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "HMACOutputLength", scope = SignatureMethodType.class) - public JAXBElement<BigInteger> createSignatureMethodTypeHMACOutputLength(BigInteger value) { - return new JAXBElement<BigInteger>(_SignatureMethodTypeHMACOutputLength_QNAME, BigInteger.class, SignatureMethodType.class, value); - } - - /** - * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} - * - */ - @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SPKISexp", scope = SPKIDataType.class) - public JAXBElement<String> createSPKIDataTypeSPKISexp(String value) { - return new JAXBElement<String>(_SPKIDataTypeSPKISexp_QNAME, String.class, SPKIDataType.class, value); - } - - /** * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} * */ - @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyID", scope = PGPDataType.class) - public JAXBElement<String> createPGPDataTypePGPKeyID(String value) { - return new JAXBElement<String>(_PGPDataTypePGPKeyID_QNAME, String.class, PGPDataType.class, value); - } - - /** - * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} - * - */ - @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyPacket", scope = PGPDataType.class) - public JAXBElement<String> createPGPDataTypePGPKeyPacket(String value) { - return new JAXBElement<String>(_PGPDataTypePGPKeyPacket_QNAME, String.class, PGPDataType.class, value); + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "XPath", scope = TransformType.class) + public JAXBElement<String> createTransformTypeXPath(String value) { + return new JAXBElement<String>(_TransformTypeXPath_QNAME, String.class, TransformType.class, value); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/PGPDataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/PGPDataType.java index e45501db6..add2d8886 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/PGPDataType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/PGPDataType.java @@ -47,8 +47,8 @@ import org.w3c.dom.Element; public class PGPDataType { @XmlElementRefs({ - @XmlElementRef(name = "PGPKeyPacket", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "PGPKeyID", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false) + @XmlElementRef(name = "PGPKeyPacket", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "PGPKeyID", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class) }) @XmlAnyElement(lax = true) protected List<Object> content; @@ -81,10 +81,10 @@ public class PGPDataType { * * <p> * Objects of the following type(s) are allowed in the list - * {@link Element } - * {@link Object } * {@link JAXBElement }{@code <}{@link String }{@code >} + * {@link Element } * {@link JAXBElement }{@code <}{@link String }{@code >} + * {@link Object } * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SPKIDataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SPKIDataType.java index f829d355d..e6a187e9b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SPKIDataType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SPKIDataType.java @@ -60,8 +60,8 @@ public class SPKIDataType { * * <p> * Objects of the following type(s) are allowed in the list - * {@link Element } * {@link JAXBElement }{@code <}{@link String }{@code >} + * {@link Element } * {@link Object } * * diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SignatureMethodType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SignatureMethodType.java index 70695afdf..1a463591b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SignatureMethodType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SignatureMethodType.java @@ -42,7 +42,7 @@ import javax.xml.bind.annotation.XmlType; }) public class SignatureMethodType { - @XmlElementRef(name = "HMACOutputLength", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false) + @XmlElementRef(name = "HMACOutputLength", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class) @XmlMixed @XmlAnyElement(lax = true) protected List<Object> content; @@ -68,9 +68,9 @@ public class SignatureMethodType { * * <p> * Objects of the following type(s) are allowed in the list + * {@link JAXBElement }{@code <}{@link BigInteger }{@code >} * {@link String } * {@link Object } - * {@link JAXBElement }{@code <}{@link BigInteger }{@code >} * * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/TransformType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/TransformType.java index 2b96c553e..e92465a4c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/TransformType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/TransformType.java @@ -42,7 +42,7 @@ import org.w3c.dom.Element; }) public class TransformType { - @XmlElementRef(name = "XPath", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false) + @XmlElementRef(name = "XPath", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class) @XmlMixed @XmlAnyElement(lax = true) protected List<Object> content; @@ -68,9 +68,9 @@ public class TransformType { * * <p> * Objects of the following type(s) are allowed in the list + * {@link String } * {@link JAXBElement }{@code <}{@link String }{@code >} * {@link Element } - * {@link String } * {@link Object } * * diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/X509DataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/X509DataType.java index e3148b2d0..c70b72293 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/X509DataType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/X509DataType.java @@ -46,11 +46,11 @@ import org.w3c.dom.Element; public class X509DataType { @XmlElementRefs({ - @XmlElementRef(name = "X509CRL", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "X509Certificate", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "X509SKI", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "X509IssuerSerial", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), - @XmlElementRef(name = "X509SubjectName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false) + @XmlElementRef(name = "X509SKI", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "X509CRL", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "X509Certificate", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "X509IssuerSerial", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "X509SubjectName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class) }) @XmlAnyElement(lax = true) protected List<Object> x509IssuerSerialOrX509SKIOrX509SubjectName; @@ -73,13 +73,13 @@ public class X509DataType { * * <p> * Objects of the following type(s) are allowed in the list - * {@link Element } - * {@link JAXBElement }{@code <}{@link X509IssuerSerialType }{@code >} * {@link JAXBElement }{@code <}{@link String }{@code >} + * {@link JAXBElement }{@code <}{@link X509IssuerSerialType }{@code >} * {@link JAXBElement }{@code <}{@link String }{@code >} - * {@link Object } + * {@link Element } * {@link JAXBElement }{@code <}{@link String }{@code >} * {@link JAXBElement }{@code <}{@link String }{@code >} + * {@link Object } * * */ diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index dc698782a..a6c0601e4 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -220,6 +220,7 @@ pvp2.13=Interner Server Fehler pvp2.14=SAML Anfrage verweigert
pvp2.15=Keine Metadateninformation gefunden
pvp2.16=Fehler beim verschl\u00FCsseln der PVP2 Assertion
+pvp2.17=Der QAA Level {0} entspricht nicht dem angeforderten QAA Level {1}
oauth20.01=Fehlerhafte redirect url
oauth20.02=Fehlender Parameter "{0}"
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html index 3eff06daf..9d6ad4085 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html @@ -3,333 +3,318 @@ <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> -<!-- MOA-ID 2.x BKUSelection Layout CSS --> -<style type="text/css"> -@media screen and (min-width: 650px) { - body { - margin: 0; - padding: 0; - color: #000; - background-color: #fff; - text-align: center; - background-color: #6B7B8B; - } - #localBKU p { - font-size: 0.7em; - } - #localBKU input { - font-size: 0.7em; - /*border-radius: 5px;*/ - } - #bkuselectionarea input[type=button] { - font-size: 0.85em; - /*border-radius: 7px;*/ - margin-bottom: 25px; - min-width: 80px; - } - #mandateLogin { - font-size: 0.85em; - } - #bku_header h2 { - font-size: 0.8em; - } - #page { - display: block; - border: 2px solid rgb(0, 0, 0); - width: 650px; - height: 440px; - margin: 0 auto; - margin-top: 5%; - position: relative; - border-radius: 25px; - background: rgb(255, 255, 255); - } - #page1 { - text-align: center; - } - #main { - /* clear:both; */ - position: relative; - margin: 0 auto; - width: 250px; - text-align: center; - } - .OA_header { - /* background-color: white;*/ - font-size: 20pt; - margin-bottom: 25px; - margin-top: 25px; - } - #leftcontent { - /*float:left; */ - width: 250px; - margin-bottom: 25px; - text-align: left; - border: 1px solid rgb(0, 0, 0); - } - #selectArea { - font-size: 15px; - padding-bottom: 65px; - } - #leftcontent { - width: 300px; - margin-top: 30px; - } - #bku_header { - height: 5%; - padding-bottom: 3px; - padding-top: 3px; - } - #bkulogin { - overflow: hidden; - min-width: 190px; - min-height: 180px; - /*height: 260px;*/ - } - h2#tabheader { - font-size: 1.1em; - padding-left: 2%; - padding-right: 2%; - position: relative; - } - .setAssertionButton_full { - background: #efefef; - cursor: pointer; - margin-top: 15px; - width: 100px; - height: 30px - } - #leftbutton { - width: 30%; - float: left; - margin-left: 40px; - } - #rightbutton { - width: 30%; - float: right; - margin-right: 45px; - text-align: right; - } - button { - height: 25px; - width: 75px; - margin-bottom: 10px; - } - #validation { - position: absolute; - bottom: 0px; - margin-left: 270px; - padding-bottom: 10px; - } -} + <!-- MOA-ID 2.x BKUSelection Layout CSS --> + <style type="text/css"> + @media screen and (min-width: 650px) { + + body { + margin:0; + padding:0; + color : #000; + background-color : #fff; + text-align: center; + background-color: #6B7B8B; + } + + #localBKU p { + font-size: 0.7em; + } + + #localBKU input{ + font-size: 0.7em; + /*border-radius: 5px;*/ + } + + #bkuselectionarea input[type=button] { + font-size: 0.85em; + /*border-radius: 7px;*/ + margin-bottom: 25px; + min-width: 80px; + } + + #mandateLogin { + font-size: 0.85em; + } + + #bku_header h2 { + font-size: 0.8em; + } + + + #page { + display: block; + border: 2px solid rgb(0,0,0); + width: 650px; + height: 460px; + margin: 0 auto; + margin-top: 5%; + position: relative; + border-radius: 25px; + background: rgb(255,255,255); + } + + #page1 { + text-align: center; + } + + #main { + /* clear:both; */ + position:relative; + margin: 0 auto; + width: 250px; + text-align: center; + } + + .OA_header { + /* background-color: white;*/ + font-size: 20pt; + margin-bottom: 25px; + margin-top: 25px; + } + + #leftcontent { + /*float:left; */ + width:250px; + margin-bottom: 25px; + text-align: left; + border: 1px solid rgb(0,0,0); + } + + #selectArea { + font-size: 15px; + padding-bottom: 65px; + } + + #leftcontent { + width: 300px; + margin-top: 30px; + } + + #bku_header { + height: 5%; + padding-bottom: 3px; + padding-top: 3px; + } + + #bkulogin { + overflow:hidden; + min-width: 190px; + min-height: 180px; + /*height: 260px;*/ + } + + h2#tabheader{ + font-size: 1.1em; + padding-left: 2%; + padding-right: 2%; + position: relative; + } + + #stork h2 { + font-size: 1.0em; + margin-bottom: 2%; + } + + .setAssertionButton_full { + background: #efefef; + cursor: pointer; + margin-top: 15px; + width: 100px; + height: 30px + } + + #leftbutton { + width: 30%; + float:left; + margin-left: 40px; + } + + #rightbutton { + width: 30%; + float:right; + margin-right: 45px; + text-align: right; + } + + button { + height: 25px; + width: 75px; + margin-bottom: 10px; + } + + #validation { + position: absolute; + bottom: 0px; + margin-left: 270px; + padding-bottom: 10px; + } + + } -@media screen and (max-width: 205px) { - #localBKU p { - font-size: 0.6em; - } - #localBKU input { - font-size: 0.6em; - min-width: 60px; - /* max-width: 65px; */ - min-height: 1.0em; - /* border-radius: 5px; */ - } - #bkuselectionarea input[type=button] { - font-size: 0.7em; - min-width: 55px; - /*min-height: 1.1em; + @media screen and (max-width: 205px) { + #localBKU p { + font-size: 0.6em; + } + + #localBKU input { + font-size: 0.6em; + min-width: 60px; + /* max-width: 65px; */ + min-height: 1.0em; + /* border-radius: 5px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 0.7em; + min-width: 55px; + /*min-height: 1.1em; border-radius: 5px;*/ - margin-bottom: 2% - } - #mandateLogin { - font-size: 0.65em; - } - #bku_header h2 { - font-size: 0.8em; - margin-top: -0.4em; - padding-top: 0.4em; - } - #bkulogin { - min-height: 150px; - } -} + margin-bottom: 2% + } + + #mandateLogin { + font-size: 0.65em; + } + + #bku_header h2 { + font-size: 0.8em; + margin-top: -0.4em; + padding-top: 0.4em; + } + + #bkulogin { + min-height: 150px; + } + } -@media screen and (max-width: 249px) and (min-width: 206px) { - #localBKU p { - font-size: 0.7em; - } - #localBKU input { - font-size: 0.7em; - min-width: 70px; - /* max-width: 75px; */ - min-height: 0.95em; - /* border-radius: 6px; */ - } - #bkuselectionarea input[type=button] { - font-size: 0.75em; - min-width: 60px; - /* min-height: 0.95em; + @media screen and (max-width: 249px) and (min-width: 206px) { + #localBKU p { + font-size: 0.7em; + } + + #localBKU input { + font-size: 0.7em; + min-width: 70px; + /* max-width: 75px; */ + min-height: 0.95em; + /* border-radius: 6px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 0.75em; + min-width: 60px; + /* min-height: 0.95em; border-radius: 6px; */ - margin-bottom: 5% - } - #mandateLogin { - font-size: 0.75em; - } - #bku_header h2 { - font-size: 0.9em; - margin-top: -0.45em; - padding-top: 0.45em; - } - #bkulogin { - min-height: 180px; - } -} + margin-bottom: 5% + } + + #mandateLogin { + font-size: 0.75em; + } + + #bku_header h2 { + font-size: 0.9em; + margin-top: -0.45em; + padding-top: 0.45em; + } + + #bkulogin { + min-height: 180px; + } + } -@media screen and (max-width: 299px) and (min-width: 250px) { - #localBKU p { - font-size: 0.9em; - } - #localBKU input { - font-size: 0.8em; - min-width: 70px; - /* max-width: 75px; */ - /* border-radius: 6px; */ - } - #bkuselectionarea input[type=button] { - font-size: 0.85em; - /* min-height: 1.05em; + @media screen and (max-width: 299px) and (min-width: 250px) { + #localBKU p { + font-size: 0.9em; + } + + #localBKU input { + font-size: 0.8em; + min-width: 70px; + /* max-width: 75px; */ + /* border-radius: 6px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 0.85em; + /* min-height: 1.05em; border-radius: 7px; */ - margin-bottom: 10%; - } - #mandateLogin { - font-size: 1em; - } - #bku_header h2 { - font-size: 1.0em; - margin-top: -0.50em; - padding-top: 0.50em; - } -} + margin-bottom: 10%; + } + + #mandateLogin { + font-size: 1em; + } + + #bku_header h2 { + font-size: 1.0em; + margin-top: -0.50em; + padding-top: 0.50em; + } + } -@media screen and (max-width: 399px) and (min-width: 300px) { - #localBKU p { - font-size: 0.9em; - } - #localBKU input { - font-size: 0.8em; - min-width: 70px; - /* max-width: 75px; */ - /* border-radius: 6px; */ - } - #bkuselectionarea input[type=button] { - font-size: 0.9em; - /* min-height: 1.2em; + @media screen and (max-width: 399px) and (min-width: 300px) { + #localBKU p { + font-size: 0.9em; + } + + #localBKU input { + font-size: 0.8em; + min-width: 70px; + /* max-width: 75px; */ + /* border-radius: 6px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 0.9em; + /* min-height: 1.2em; border-radius: 8px; */ - margin-bottom: 10%; - max-width: 80px; - } - #mandateLogin { - font-size: 1em; - } - #bku_header h2 { - font-size: 1.1em; - margin-top: -0.55em; - padding-top: 0.55em; - } -} - -@media screen and (max-width: 649px) and (min-width: 400px) { - #localBKU p { - font-size: 0.9em; - } - #localBKU input { - font-size: 0.8em; - min-width: 70px; - /* max-width: 80px; */ - /* border-radius: 6px; */ - } - #bkuselectionarea input[type=button] { - font-size: 1.0em; - /* min-height: 1.3em; + margin-bottom: 10%; + max-width: 80px; + } + + #mandateLogin { + font-size: 1em; + } + + #bku_header h2 { + font-size: 1.1em; + margin-top: -0.55em; + padding-top: 0.55em; + } + } + + @media screen and (max-width: 649px) and (min-width: 400px) { + #localBKU p { + font-size: 0.9em; + } + + #localBKU input { + font-size: 0.8em; + min-width: 70px; + /* max-width: 80px; */ + /* border-radius: 6px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 1.0em; + /* min-height: 1.3em; border-radius: 10px; */ - margin-bottom: 10%; - max-width: 85px; - } - #mandateLogin { - font-size: 1.2em; - } - #bku_header h2 { - font-size: 1.3em; - margin-top: -0.65em; - padding-top: 0.65em; - } -} + margin-bottom: 10%; + max-width: 85px; + } + + #mandateLogin { + font-size: 1.2em; + } + + #bku_header h2 { + font-size: 1.3em; + margin-top: -0.65em; + padding-top: 0.65em; + } + } -@media screen and (max-width: 649px) { - body { - margin: 0; - padding: 0; - color: #000; - text-align: center; - font-size: 100%; - background-color: #MAIN_BACKGOUNDCOLOR#; - } - #page { - visibility: hidden; - margin-top: 0%; - } - #page1 { - visibility: hidden; - } - #main { - visibility: hidden; - } - #validation { - visibility: hidden; - display: none; - } - .OA_header { - margin-bottom: 0px; - margin-top: 0px; - font-size: 0pt; - visibility: hidden; - } - #leftcontent { - visibility: visible; - margin-bottom: 0px; - text-align: left; - border: none; - vertical-align: middle; - min-height: 173px; - min-width: 204px; - } - #bku_header { - height: 10%; - min-height: 1.2em; - margin-top: 1%; - } - h2#tabheader { - padding-left: 2%; - padding-right: 2%; - position: relative; - top: 50%; - } - #bkulogin { - min-width: 190px; - min-height: 155px; - } - .setAssertionButton_full { - background: #efefef; - cursor: pointer; - margin-top: 15px; - width: 70px; - height: 25px; - } - input[type=button] { - /* height: 11%; */ - width: 70%; - } -} @media screen and (max-width: 649px) { @@ -392,6 +377,11 @@ top: 50%; } + #stork h2 { + font-size: 0.9em; + margin-bottom: 2%; + } + #bkulogin { min-width: 190px; min-height: 155px; @@ -444,6 +434,11 @@ text-align: right; } + #stork { + /*margin-bottom: 10px;*/ + /* margin-top: 5px; */ + } + #mandateLogin { padding-bottom: 4%; padding-top: 4%; @@ -472,7 +467,7 @@ padding-left: 5%; padding-right: 2%; padding-bottom: 4%; - padding-top: 4%; + /*padding-top: 4%;*/ position: relative; clear: both; } @@ -523,83 +518,86 @@ /* box-shadow: -1px -1px 3px #222222; */ /* } -*/ -input { - /*border:1px solid #000;*/ - cursor: pointer; -} - -#localBKU input { - /* color: #BUTTON_COLOR#; */ - border: 0px; - display: inline-block; -} - -#localBKU input:hover,#localBKU input:focus,#localBKU input:active { - text-decoration: underline; -} - -#installJava,#BrowserNOK { - clear: both; - font-size: 0.8em; - padding: 4px; -} - -.selectText { - -} - -.selectTextHeader { - -} - -.sendButton { - width: 30%; - margin-bottom: 1%; -} - -#leftcontent a { - text-decoration: none; - color: #000; - /* display:block;*/ - padding: 4px; -} - -#leftcontent a:hover,#leftcontent a:focus,#leftcontent a:active { - text-decoration: underline; - color: #000; -} - -.infobutton { - background-color: #005a00; - color: white; - font-family: serif; - text-decoration: none; - padding-top: 2px; - padding-right: 4px; - padding-bottom: 2px; - padding-left: 4px; - font-weight: bold; -} - -.hell { - background-color: #MAIN_BACKGOUNDCOLOR#; - color: #MAIN_COLOR#; -} - -.dunkel { - background-color: #HEADER_BACKGROUNDCOLOR#; - color: #HEADER_COLOR#; -} - -.main_header { - color: black; - font-size: 32pt; - position: absolute; - right: 10%; - top: 40px; -} -</style> +*/ + input { + /*border:1px solid #000;*/ + cursor: pointer; + } + + #localBKU input { +/* color: #BUTTON_COLOR#; */ + border: 0px; + display: inline-block; + + } + + #localBKU input:hover, #localBKU input:focus, #localBKU input:active { + text-decoration: underline; + } + + #installJava, #BrowserNOK { + clear:both; + font-size:0.8em; + padding:4px; + } + + .selectText{ + + } + + .selectTextHeader{ + + } + + .sendButton { + width: 30%; + margin-bottom: 1%; + } + + #leftcontent a { + text-decoration:none; + color: #000; + /* display:block;*/ + padding:4px; + } + + #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active { + text-decoration:underline; + color: #000; + } + + .infobutton { + background-color: #005a00; + color: white; + font-family: serif; + text-decoration: none; + padding-top: 2px; + padding-right: 4px; + padding-bottom: 2px; + padding-left: 4px; + font-weight: bold; + } + + .hell { + background-color : #MAIN_BACKGOUNDCOLOR#; + color: #MAIN_COLOR#; + } + + .dunkel { + background-color: #HEADER_BACKGROUNDCOLOR#; + color: #HEADER_COLOR#; + } + + .main_header { + color: black; + font-size: 32pt; + position: absolute; + right: 10%; + top: 40px; + + } + + </style> <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions--> <script type="text/javascript"> function isIE() { @@ -806,6 +804,7 @@ input { </p--> </form> </div> + <div id="stork" align="center" style="#STORKVISIBLE#"> <h2 id="tabheader" class="dunkel">Home Country Selection</h2> <p> |