aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-05-14 14:25:48 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-05-14 14:25:48 +0200
commita58636545b497bc9ff5e2ffa6cf230dc75cc19bc (patch)
treed01251c4b6ea964fbf795cc62c286b9d2bed7344 /id/server/idserverlib
parent0422c1070bb5d19f9198e90fe225b39d0c877854 (diff)
downloadmoa-id-spss-a58636545b497bc9ff5e2ffa6cf230dc75cc19bc.tar.gz
moa-id-spss-a58636545b497bc9ff5e2ffa6cf230dc75cc19bc.tar.bz2
moa-id-spss-a58636545b497bc9ff5e2ffa6cf230dc75cc19bc.zip
add additional errorcodes to protcols
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java190
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java62
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java75
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java42
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20OANotSupportedException.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java)30
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java23
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java39
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java103
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java33
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties14
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes.properties180
22 files changed, 537 insertions, 340 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index b05c1494a..ff33c37ab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -315,12 +315,18 @@ public class AuthenticationServer implements MOAIDAuthConstants {
appletwidth = StringEscapeUtils.escapeHtml(appletwidth);
- //TODO: cleanup before MOA-ID 2.1 release
- String htmlForm = new GetIdentityLinkFormBuilder().build(template,
- session.getBkuURL(), infoboxReadRequest, dataURL, null,
- null, pushInfobox, oaParam, appletheigth, appletwidth);
-
- return htmlForm;
+ //TODO: cleanup before MOA-ID 2.1 release
+ try {
+ String htmlForm = new GetIdentityLinkFormBuilder().build(template,
+ session.getBkuURL(), infoboxReadRequest, dataURL, null,
+ null, pushInfobox, oaParam, appletheigth, appletwidth);
+
+ return htmlForm;
+
+ } catch (BuildException e) {
+ throw new BuildException("builder.07", null, e);
+
+ }
}
/**
@@ -525,16 +531,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {
} catch (SAXException e) {
- throw new AuthenticationException("auth.16",
+ throw new AuthenticationException("auth.15",
new Object[]{GET_MIS_SESSIONID}, e);
} catch (IOException e) {
- throw new AuthenticationException("auth.16",
+ throw new AuthenticationException("auth.15",
new Object[]{GET_MIS_SESSIONID}, e);
} catch (ParserConfigurationException e) {
- throw new AuthenticationException("auth.16",
+ throw new AuthenticationException("auth.15",
new Object[]{GET_MIS_SESSIONID}, e);
} catch (TransformerException e) {
- throw new AuthenticationException("auth.16",
+ throw new AuthenticationException("auth.15",
new Object[]{GET_MIS_SESSIONID}, e);
}
@@ -554,9 +560,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
OAAuthParameter oaParam) throws ConfigurationException,
BuildException, ValidateException {
- // check for intermediate processing of the infoboxes
- if (session.isValidatorInputPending())
- return "Redirect to Input Processor";
+// // check for intermediate processing of the infoboxes
+// if (session.isValidatorInputPending())
+// return "Redirect to Input Processor";
if (authConf == null)
authConf = AuthConfigurationProvider.getInstance();
@@ -612,9 +618,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
OAAuthParameter oaParam, X509Certificate cert)
throws ConfigurationException {
- // check for intermediate processing of the infoboxes
- if (session.isValidatorInputPending())
- return "Redirect to Input Processor";
+// // check for intermediate processing of the infoboxes
+// if (session.isValidatorInputPending())
+// return "Redirect to Input Processor";
if (authConf == null)
authConf = AuthConfigurationProvider.getInstance();
@@ -1239,44 +1245,44 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw e;
}
- // post processing of the infoboxes
- Iterator iter = session.getInfoboxValidatorIterator();
- boolean formpending = false;
- if (iter != null) {
- while (!formpending && iter.hasNext()) {
- Vector infoboxValidatorVector = (Vector) iter.next();
- String identifier = (String) infoboxValidatorVector.get(0);
- String friendlyName = (String) infoboxValidatorVector.get(1);
- InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
- .get(2);
- InfoboxValidationResult infoboxValidationResult = null;
- try {
- infoboxValidationResult = infoboxvalidator.validate(csresp
- .getSamlAssertion());
- } catch (ValidateException e) {
- Logger.error("Error validating " + identifier + " infobox:"
- + e.getMessage());
- throw new ValidateException("validator.44",
- new Object[]{friendlyName});
- }
- if (!infoboxValidationResult.isValid()) {
- Logger.info("Validation of " + identifier
- + " infobox failed.");
- throw new ValidateException("validator.40", new Object[]{
- friendlyName,
- infoboxValidationResult.getErrorMessage()});
- }
- String form = infoboxvalidator.getForm();
- if (ParepUtils.isEmpty(form)) {
- AddAdditionalSAMLAttributes(
- session,
- infoboxValidationResult.getExtendedSamlAttributes(),
- identifier, friendlyName);
- } else {
- return "Redirect to Input Processor";
- }
- }
- }
+// // post processing of the infoboxes
+// Iterator iter = session.getInfoboxValidatorIterator();
+// boolean formpending = false;
+// if (iter != null) {
+// while (!formpending && iter.hasNext()) {
+// Vector infoboxValidatorVector = (Vector) iter.next();
+// String identifier = (String) infoboxValidatorVector.get(0);
+// String friendlyName = (String) infoboxValidatorVector.get(1);
+// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
+// .get(2);
+// InfoboxValidationResult infoboxValidationResult = null;
+// try {
+// infoboxValidationResult = infoboxvalidator.validate(csresp
+// .getSamlAssertion());
+// } catch (ValidateException e) {
+// Logger.error("Error validating " + identifier + " infobox:"
+// + e.getMessage());
+// throw new ValidateException("validator.44",
+// new Object[]{friendlyName});
+// }
+// if (!infoboxValidationResult.isValid()) {
+// Logger.info("Validation of " + identifier
+// + " infobox failed.");
+// throw new ValidateException("validator.40", new Object[]{
+// friendlyName,
+// infoboxValidationResult.getErrorMessage()});
+// }
+// String form = infoboxvalidator.getForm();
+// if (ParepUtils.isEmpty(form)) {
+// AddAdditionalSAMLAttributes(
+// session,
+// infoboxValidationResult.getExtendedSamlAttributes(),
+// identifier, friendlyName);
+// } else {
+// return "Redirect to Input Processor";
+// }
+// }
+// }
session.setXMLVerifySignatureResponse(vsresp);
session.setSignerCertificate(vsresp.getX509certificate());
@@ -1397,44 +1403,44 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.10", new Object[]{
REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
- // post processing of the infoboxes
- Iterator iter = session.getInfoboxValidatorIterator();
- boolean formpending = false;
- if (iter != null) {
- while (!formpending && iter.hasNext()) {
- Vector infoboxValidatorVector = (Vector) iter.next();
- String identifier = (String) infoboxValidatorVector.get(0);
- String friendlyName = (String) infoboxValidatorVector.get(1);
- InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
- .get(2);
- InfoboxValidationResult infoboxValidationResult = null;
- try {
- infoboxValidationResult = infoboxvalidator.validate(session
- .getIdentityLink().getSamlAssertion());
- } catch (ValidateException e) {
- Logger.error("Error validating " + identifier + " infobox:"
- + e.getMessage());
- throw new ValidateException("validator.44",
- new Object[]{friendlyName});
- }
- if (!infoboxValidationResult.isValid()) {
- Logger.info("Validation of " + identifier
- + " infobox failed.");
- throw new ValidateException("validator.40", new Object[]{
- friendlyName,
- infoboxValidationResult.getErrorMessage()});
- }
- String form = infoboxvalidator.getForm();
- if (ParepUtils.isEmpty(form)) {
- AddAdditionalSAMLAttributes(
- session,
- infoboxValidationResult.getExtendedSamlAttributes(),
- identifier, friendlyName);
- } else {
- return "Redirect to Input Processor";
- }
- }
- }
+// // post processing of the infoboxes
+// Iterator iter = session.getInfoboxValidatorIterator();
+// boolean formpending = false;
+// if (iter != null) {
+// while (!formpending && iter.hasNext()) {
+// Vector infoboxValidatorVector = (Vector) iter.next();
+// String identifier = (String) infoboxValidatorVector.get(0);
+// String friendlyName = (String) infoboxValidatorVector.get(1);
+// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
+// .get(2);
+// InfoboxValidationResult infoboxValidationResult = null;
+// try {
+// infoboxValidationResult = infoboxvalidator.validate(session
+// .getIdentityLink().getSamlAssertion());
+// } catch (ValidateException e) {
+// Logger.error("Error validating " + identifier + " infobox:"
+// + e.getMessage());
+// throw new ValidateException("validator.44",
+// new Object[]{friendlyName});
+// }
+// if (!infoboxValidationResult.isValid()) {
+// Logger.info("Validation of " + identifier
+// + " infobox failed.");
+// throw new ValidateException("validator.40", new Object[]{
+// friendlyName,
+// infoboxValidationResult.getErrorMessage()});
+// }
+// String form = infoboxvalidator.getForm();
+// if (ParepUtils.isEmpty(form)) {
+// AddAdditionalSAMLAttributes(
+// session,
+// infoboxValidationResult.getExtendedSamlAttributes(),
+// identifier, friendlyName);
+// } else {
+// return "Redirect to Input Processor";
+// }
+// }
+// }
VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse();
X509Certificate cert = session.getSignerCertificate();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 58412b218..c5ba49b2e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -203,10 +203,10 @@ public class AuthenticationSession implements Serializable {
*/
private List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH;
- /**
- * If infobox validators are needed after signing, they can be stored in this list.
- */
- private List infoboxValidators;
+// /**
+// * If infobox validators are needed after signing, they can be stored in this list.
+// */
+// private List infoboxValidators;
/**
* The register and number in the register parameter in case of a business service application.
@@ -347,7 +347,7 @@ public class AuthenticationSession implements Serializable {
public AuthenticationSession(String id) {
sessionID = id;
// setTimestampStart();
- infoboxValidators = new ArrayList();
+// infoboxValidators = new ArrayList();
}
public X509Certificate getSignerCertificate() {
@@ -712,15 +712,15 @@ public class AuthenticationSession implements Serializable {
this.issueInstant = issueInstant;
}
- /**
- * Returns the iterator to the stored infobox validators.
- *
- * @return Iterator
- */
- public Iterator getInfoboxValidatorIterator() {
- if (infoboxValidators == null) return null;
- return infoboxValidators.iterator();
- }
+// /**
+// * Returns the iterator to the stored infobox validators.
+// *
+// * @return Iterator
+// */
+// public Iterator getInfoboxValidatorIterator() {
+// if (infoboxValidators == null) return null;
+// return infoboxValidators.iterator();
+// }
// /**
// * Adds an infobox validator class to the stored infobox validators.
@@ -744,23 +744,23 @@ public class AuthenticationSession implements Serializable {
// return infoboxValidators.iterator();
// }
- /**
- * Tests for pending input events of the infobox validators.
- *
- * @return true if a validator has a form to show
- */
- public boolean isValidatorInputPending() {
- boolean result = false;
- Iterator iter = getInfoboxValidatorIterator();
- if (iter != null) {
- while (!result && iter.hasNext()) {
- Vector infoboxValidatorVector = (Vector) iter.next();
- InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
- if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result = true;
- }
- }
- return result;
- }
+// /**
+// * Tests for pending input events of the infobox validators.
+// *
+// * @return true if a validator has a form to show
+// */
+// public boolean isValidatorInputPending() {
+// boolean result = false;
+// Iterator iter = getInfoboxValidatorIterator();
+// if (iter != null) {
+// while (!result && iter.hasNext()) {
+// Vector infoboxValidatorVector = (Vector) iter.next();
+// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
+// if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result = true;
+// }
+// }
+// return result;
+// }
// /**
// * Returns the first pending infobox validator.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java
index f1d3b078e..9c2960c4c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java
@@ -29,16 +29,6 @@ public class BKUException extends MOAIDException {
private String bkuErrorCode;
private String bkuErrorMessage;
- public BKUException(String messageId, Object[] parameters) {
- super(messageId, parameters);
-
- }
-
-
- public BKUException(String messageId, Object[] parameters, Throwable wrapped) {
- super(messageId, parameters, wrapped);
- }
-
public BKUException(String messageId, Object[] parameters,
String bkuErrorCode, String bkuErrorMessage) {
super(messageId, parameters);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
index e26ab6597..c80cbea26 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
@@ -46,6 +46,7 @@
package at.gv.egovernment.moa.id.auth.exception;
+
public class MISSimpleClientException extends MOAIDException {
private static final long serialVersionUID = 1L;
@@ -59,22 +60,16 @@ public class MISSimpleClientException extends MOAIDException {
public MISSimpleClientException(String message) {
super(message, null);
- this.misErrorMessage = message;
}
public MISSimpleClientException(String message, String code, String text) {
- super(message, null);
+ super(message, new Object[] { code , text });
this.misErrorMessage = text;
this.misErrorCode = code;
}
- public MISSimpleClientException(Throwable cause) {
- super("UNDEFINED ERROR", null, cause);
- }
-
public MISSimpleClientException(String message, Throwable cause) {
super(message, null, cause);
- this.misErrorMessage = message;
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index a776bbe9a..9e2e845b5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -65,7 +65,6 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
@@ -190,13 +189,9 @@ public class GetMISSessionIDServlet extends AuthServlet {
List<MISMandate> list = MISSimpleClient.sendGetMandatesRequest(
connectionParameters.getUrl(), misSessionID, sslFactory);
- if (list == null) {
+ if (list == null || list.size() == 0) {
Logger.error("Keine Vollmacht gefunden.");
- throw new MISSimpleClientException("Keine Vollmacht gefunden");
- }
- if (list.size() == 0) {
- Logger.error("Keine Vollmacht gefunden.");
- throw new MISSimpleClientException("Keine Vollmacht gefunden");
+ throw new AuthenticationException("auth.15", null);
}
// for now: list contains only one element
@@ -205,7 +200,7 @@ public class GetMISSessionIDServlet extends AuthServlet {
String sMandate = new String(mandate.getMandate());
if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) {
Logger.error("Mandate is empty.");
- throw new AuthenticationException("auth.16",
+ throw new AuthenticationException("auth.15",
new Object[] { GET_MIS_SESSIONID });
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index 787dc6f10..c82d1168a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -227,7 +227,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
if (profiles == null) {
Logger.error("No Mandate/Profile for OA configured.");
- throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
+ throw new AuthenticationException("config.21", new Object[] { GET_MIS_SESSIONID});
}
// String profilesArray[] = profiles.split(",");
@@ -323,78 +323,5 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
}
}
-
- /**
- * Calls the MIS Service
- * @param session
- * @throws IOException
- */
-// private void callMISService(AuthenticationSession session, HttpServletRequest req, HttpServletResponse resp) throws IOException {
-//
-// try {
-// AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
-// ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
-// SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
-//
-// // get identitity link as byte[]
-// Element elem = session.getIdentityLink().getSamlAssertion();
-// String s = DOMUtils.serializeNode(elem);
-//
-// System.out.println("IDL: " + s);
-//
-// byte[] idl = s.getBytes();
-//
-// // redirect url
-// // build redirect(to the GetMISSessionIdSerlvet)
-// String redirectURL =
-// new DataURLBuilder().buildDataURL(
-// session.getAuthURL(),
-// GET_MIS_SESSIONID,
-// session.getSessionID());
-//
-// String oaURL = session.getOAURLRequested();
-// OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
-// String profiles = oaParam.getMandateProfiles();
-//
-// if (profiles == null) {
-// Logger.error("No Mandate/Profile for OA configured.");
-// throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
-// }
-//
-// String profilesArray[] = profiles.split(",");
-// for(int i = 0; i < profilesArray.length; i++) {
-// profilesArray[i] = profilesArray[i].trim();
-// }
-//
-// String oaFriendlyName = oaParam.getFriendlyName();
-// String mandateReferenceValue = session.getMandateReferenceValue();
-// X509Certificate cert = session.getSignerCertificate();
-// MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory);
-// String redirectMISGUI = misSessionID.getRedirectURL();
-//
-// if (misSessionID == null) {
-// Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
-// throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
-// }
-//
-// session.setMISSessionID(misSessionID.getSessiondId());
-//
-// resp.setStatus(302);
-// resp.addHeader("Location", redirectMISGUI);
-// Logger.debug("REDIRECT TO: " + redirectURL);
-// }
-// catch (MOAIDException ex) {
-// handleError(null, ex, req, resp);
-// } catch (GeneralSecurityException ex) {
-// handleError(null, ex, req, resp);
-// } catch (PKIException e) {
-// handleError(null, e, req, resp);
-// } catch (MISSimpleClientException e) {
-// handleError(null, e, req, resp);
-// } catch (TransformerException e) {
-// handleError(null, e, req, resp);
-// }
-// }
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
index 5483b865e..0e2251f21 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
@@ -113,27 +113,27 @@ public class ParepUtils {
}
}
- /*
- *
- */
- public static String extractRepresentativeID(Element mandate) throws ValidateException {
- try {
- Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
- nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
- Node resultNode = XPathAPI.selectSingleNode(mandate, "//md:Mandate/attribute::MandateID", nameSpaceNode);
- if (resultNode != null) {
- // because following line is not ready for JDK 1.4.x we need to get the childnode;
- // return resultNode.getTextContent();
- Node textNode = resultNode.getFirstChild();
- if (textNode != null) {
- return textNode.getNodeValue();
- }
- }
- return null;
- } catch (Exception e) {
- throw new ValidateException("validator.62", null);
- }
- }
+// /*
+// *
+// */
+// public static String extractRepresentativeID(Element mandate) throws ValidateException {
+// try {
+// Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+// nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+// Node resultNode = XPathAPI.selectSingleNode(mandate, "//md:Mandate/attribute::MandateID", nameSpaceNode);
+// if (resultNode != null) {
+// // because following line is not ready for JDK 1.4.x we need to get the childnode;
+// // return resultNode.getTextContent();
+// Node textNode = resultNode.getFirstChild();
+// if (textNode != null) {
+// return textNode.getNodeValue();
+// }
+// }
+// return null;
+// } catch (Exception e) {
+// throw new ValidateException("validator.62", null);
+// }
+// }
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
index 677b5e7ab..75501d812 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
@@ -28,6 +28,8 @@ public final class OAuth20Constants {
throw new InstantiationError();
}
+ public static final String ERRORPAGE = "moa_errorcodes.html";
+
// error parameters and error codes
public static final String PARAM_ERROR = "error";
public static final String PARAM_ERROR_DESCRIPTION = "error_description";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20OANotSupportedException.java
index 60fe47364..0edeb89bc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20OANotSupportedException.java
@@ -1,4 +1,4 @@
-/*******************************************************************************
+/*
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
@@ -19,22 +19,26 @@
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+ */
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
-public class PVP2EncodingException extends PVP2Exception {
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
- public PVP2EncodingException() {
- super("pvp2.01", null);
- }
-
- public PVP2EncodingException(Throwable wrapped) {
- super("pvp2.01", null, wrapped);
- }
+/**
+ * @author tlenz
+ *
+ */
+public class OAuth20OANotSupportedException extends OAuth20Exception {
+
+ private static final long serialVersionUID = -8713091674236329339L;
/**
- *
+ * @param errorCode
+ * @param messageId
+ * @param parameters
*/
- private static final long serialVersionUID = -1348774139990071020L;
+ public OAuth20OANotSupportedException() {
+ super(OAuth20Constants.ERROR_SERVER_ERROR, "oauth20.06", new Object[] {});
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java
index d560e46f0..470507f08 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java
@@ -28,7 +28,7 @@ public class OAuth20ServerErrorException extends OAuth20Exception {
private static final long serialVersionUID = 1L;
public OAuth20ServerErrorException() {
- super(OAuth20Constants.ERROR_SERVER_ERROR, "oauth20.06", new Object[] {});
+ super(OAuth20Constants.ERROR_SERVER_ERROR, "oauth20.10", new Object[] {});
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
index d0b43d25a..d08bd593a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidRequestException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -89,7 +90,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
}
if (StringUtils.isEmpty(config.getOAuthClientSecret()) || StringUtils.isEmpty(config.getOAuthClientId())
|| StringUtils.isEmpty(config.getOAuthRedirectUri())) {
- throw new OAuth20ServerErrorException();
+ throw new OAuth20OANotSupportedException();
}
}
catch (ConfigurationException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 951960bc6..9dac8d5a0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -11,6 +11,7 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
@@ -18,6 +19,7 @@ import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -98,20 +100,27 @@ public class OAuth20Protocol implements IModulInfo {
*/
public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest)
throws Throwable {
-
+
// get error code and description
String errorCode;
String errorDescription;
- // String errorUri = "http://tools.ietf.org/html/draft-ietf-oauth-v2-11";
+ String errorUri = AuthConfigurationProvider.getInstance().getPublicURLPrefix()
+ +"/" + OAuth20Constants.ERRORPAGE;
+ String moaError = null;
+
+ ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
if (e instanceof OAuth20Exception) {
errorCode = ((OAuth20Exception) e).getErrorCode();
errorDescription = URLEncoder.encode(((OAuth20Exception) e).getMessageId() + ": " + e.getMessage(), "UTF-8");
+ moaError = errorUtils.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId());
+
} else {
errorCode = OAuth20Constants.ERROR_SERVER_ERROR;
errorDescription = URLEncoder.encode(e.getMessage(), "UTF-8");
+ moaError = errorUtils.getResponseErrorCode(e);
}
-
+
String paramRedirect = null;
String state = null;
boolean isAuthRequest = false;
@@ -155,7 +164,8 @@ public class OAuth20Protocol implements IModulInfo {
OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR, errorCode);
OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription);
- // OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_URI, errorUri);
+ if (MiscUtil.isNotEmpty(moaError))
+ OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError);
OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_STATE, state);
response.setContentType("text/html");
@@ -170,7 +180,7 @@ public class OAuth20Protocol implements IModulInfo {
Map<String, Object> params = new HashMap<String, Object>();
params.put(OAuth20Constants.PARAM_ERROR, errorCode);
params.put(OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription);
- // params.put(OAuth20Constants.PARAM_ERROR_URI, errorUri);
+ params.put(OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError);
// create response
JsonObject jsonObject = new JsonObject();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index db57b8cc3..8732409b5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -52,14 +52,12 @@ import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.signature.SignableXMLObject;
import edu.emory.mathcs.backport.java.util.Arrays;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
@@ -93,10 +91,11 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.VelocityLogAdapter;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
@@ -283,6 +282,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
Status status = SAML2Utils.createSAMLObject(Status.class);
StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
+
+ ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
+ String moaError = null;
+
if(e instanceof NoPassivAuthenticationException) {
statusCode.setValue(StatusCode.NO_PASSIVE_URI);
statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
@@ -301,12 +304,20 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
String statusMessageValue = ex.getStatusMessageValue();
if(statusMessageValue != null) {
statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue));
- }
-
+ }
+ moaError = errorUtils.mapInternalErrorToExternalError(ex.getMessageId());
} else {
statusCode.setValue(StatusCode.RESPONDER_URI);
statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
+ moaError = errorUtils.getResponseErrorCode(e);
+ }
+
+
+ if (MiscUtil.isNotEmpty(moaError)) {
+ StatusCode moaStatusCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ moaStatusCode.setValue(moaError);
+ statusCode.setStatusCode(moaStatusCode);
}
status.setStatusCode(statusCode);
@@ -375,7 +386,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
public boolean validate(HttpServletRequest request,
HttpServletResponse response, IRequest pending) {
- // TODO implement validation!
+
return true;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 79a1c3e0f..4d6343fce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -71,10 +71,12 @@ import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.id.util.QAALevelVerifier;
@@ -232,7 +234,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
}
}
- if (attributeConsumingService != null) {
+ if (attributeConsumingService != null) {
Iterator<RequestedAttribute> it = attributeConsumingService
.getRequestAttributes().iterator();
while (it.hasNext()) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
index 69da5c09c..b49070bd6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
@@ -30,7 +30,7 @@ public class InvalidAssertionEncryptionException extends PVP2Exception {
public InvalidAssertionEncryptionException() {
super("pvp2.16", new Object[]{});
- this.statusCodeValue = StatusCode.REQUESTER_URI;
+ this.statusCodeValue = StatusCode.RESPONDER_URI;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java
deleted file mode 100644
index fdc8c8d39..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class NoAuthContextException extends PVP2Exception {
-
- /**
- *
- */
- private static final long serialVersionUID = 7040652043174500992L;
-
- public NoAuthContextException() {
- super("pvp2.04", null);
- this.statusCodeValue = StatusCode.REQUESTER_URI;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index f29c0eaef..a57fb5717 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -32,6 +32,7 @@ import java.util.List;
import java.util.Map;
import java.util.Timer;
+import javax.net.ssl.SSLHandshakeException;
import javax.xml.namespace.QName;
import org.apache.commons.httpclient.MOAHttpClient;
@@ -370,9 +371,13 @@ public class MOAMetadataProvider implements MetadataProvider {
httpProvider.initialize();
return httpProvider;
-
-
+
} catch (Throwable e) {
+ if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
+ Logger.warn("SSL-Server certificate for metadata "
+ + metadataURL + " not trusted.", e);
+ }
+
Logger.error(
"Failed to add Metadata file for "
+ oaName + "[ "
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index 66861afa3..2b4aaf458 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -56,6 +56,7 @@ import org.w3c.dom.NodeList;
import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.util.Constants;
@@ -148,20 +149,19 @@ public class GetAuthenticationDataService implements Constants {
try {
Throwable error = saml1server.getErrorResponse(samlArtifact);
- statusCode = "samlp:RequestDenied";
+ statusCode = "samlp:Responder";
+
+ ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
if (error instanceof MOAIDException) {
statusMessageCode = ((MOAIDException)error).getMessageId();
- subStatusCode = statusMessageCode;
statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage());
} else {
statusMessage = StringEscapeUtils.escapeXml(error.getMessage());
- subStatusCode = "9999";
- }
-
-
-
+ }
+ subStatusCode = errorUtils.getResponseErrorCode(error);
+
} catch (Exception e) {
//no authentication data for given SAML artifact
statusCode = "samlp:Requester";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java
new file mode 100644
index 000000000..778351d1f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.util;
+
+import java.util.Locale;
+
+import at.gv.egovernment.moa.id.auth.exception.BKUException;
+import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.util.Messages;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ErrorResponseUtils {
+
+ public static final String INTERNALERRORCODE = "9199";
+
+ private static ErrorResponseUtils instance = null;
+ private static final String[] DEFAULT_MESSAGE_RESOURCES =
+ { "resources/properties/id_messages" };
+ private static final Locale[] DEFAULT_MESSAGE_LOCALES =
+ new Locale[] { new Locale("de", "AT") };
+ private Messages messages = null;
+
+
+ public static ErrorResponseUtils getInstance() {
+ if (instance == null) {
+ instance = new ErrorResponseUtils(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES);
+
+ }
+ return instance;
+ }
+
+ private ErrorResponseUtils(String[] resourceNames, Locale[] locales) {
+ this.messages = new Messages(resourceNames, locales);
+ }
+
+ public String getResponseErrorCode(Throwable throwable) {
+ String errorCode = null;
+
+ if (throwable instanceof BKUException) {
+ BKUException error = (BKUException) throwable;
+ errorCode = mapInternalErrorToExternalError(error.getMessageId()) +
+ error.getBkuErrorCode();
+
+ } else if (throwable instanceof MISSimpleClientException) {
+ MISSimpleClientException error = (MISSimpleClientException) throwable;
+
+ if (MiscUtil.isNotEmpty(error.getMISErrorCode()))
+ errorCode = mapInternalErrorToExternalError(error.getMessageId()) +
+ error.getMISErrorCode();
+ else
+ errorCode = mapInternalErrorToExternalError(error.getMessageId());
+
+ } else if (throwable instanceof MOAIDException) {
+ MOAIDException error = (MOAIDException) throwable;
+ errorCode = mapInternalErrorToExternalError(error.getMessageId());
+
+ } else {
+ errorCode = INTERNALERRORCODE;
+
+ }
+
+ return errorCode;
+
+ }
+
+ public String mapInternalErrorToExternalError(String intErrorCode) {
+ String extErrorCode = messages.getMessage(intErrorCode, null);
+
+ if (MiscUtil.isEmpty(extErrorCode))
+ extErrorCode = INTERNALERRORCODE;
+
+ return extErrorCode;
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
index b9c4e88b7..3025e626f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -149,17 +149,17 @@ public class MISSimpleClient {
}
return foundMandates;
} catch (ParserConfigurationException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (DOMException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (TransformerException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
}
}
public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, List<String> mandateIdentifier, String targetType, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
if (webServiceURL == null) {
- throw new NullPointerException("Argument webServiceURL must not be null.");
+ throw new MISSimpleClientException("service.04");
}
if (idl == null) {
throw new NullPointerException("Argument idl must not be null.");
@@ -253,11 +253,11 @@ public class MISSimpleClient {
return msid;
} catch (ParserConfigurationException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (DOMException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (TransformerException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
}
}
@@ -271,9 +271,10 @@ public class MISSimpleClient {
if (errorElement != null) {
String code = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error/mis:Code/text()", NS_NODE)).getNodeValue();
String text = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error/mis:Text/text()", NS_NODE)).getNodeValue();
- throw new MISSimpleClientException("Fehler beim Abfragen des Online-Vollmachten Services: " + code + " / " + text, code, text); }
+ throw new MISSimpleClientException("service.05", code, text); }
+
} catch (TransformerException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("auth.15", e);
}
}
@@ -308,19 +309,19 @@ public class MISSimpleClient {
return unpackFromSOAP(doc.getDocumentElement());
} catch(IOException e) {
- throw new MISSimpleClientException(e.getLocalizedMessage(), e);
+ throw new MISSimpleClientException("service.04", e);
} catch (TransformerException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (SAXException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (ParserConfigurationException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (Exception e) {
- throw new MISSimpleClientException(e.getLocalizedMessage(), e);
+ throw new MISSimpleClientException("service.06", e);
}
@@ -336,7 +337,7 @@ public class MISSimpleClient {
soapBody.appendChild(doc.importNode(element, true));
return soapEnvelope;
} catch(ParserConfigurationException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
}
}
@@ -344,7 +345,7 @@ public class MISSimpleClient {
try {
return (Element) XPathAPI.selectSingleNode(element, "/soap:Envelope/soap:Body/child::*[position()=1]", NS_NODE);
} catch(TransformerException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
}
}
}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 5b2e7ce3d..802e89649 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -24,7 +24,6 @@ auth.03=Fehler beim Abholen einer Datei von der URL "{0}": Interne Fehlermeldung
auth.04=Fehler beim Auslesen der Resource "{0}": {1}
auth.05=Fehlender Parameter "{1}" beim Aufruf von "{0}"
auth.06=Fehler beim Speichern der Anmeldedaten, fehlerhaftes SAML-Artifact Format (SAML-Artifact={0})
-#auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen. <br><b>Hinweis:</b> Bitte Dokumentation zu GenericConfiguration: "FrontendServlets.EnableHTTPConnection" beachten.
auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen.
auth.08=In der B\u00FCrgerkartenumgebung ist ein Fehler aufgetreten\: <br>Fehlercode <i>{0}</i>\: {1}
auth.09=Zur Auswahlseite der B\u00FCrgertenumgebung (URL\={0}) konnte keine Verbindung hergestellt werden. \: <br>HTTP-Statuscode <i>{1}</i>
@@ -33,7 +32,7 @@ auth.11=Die zentral gespeicherte Auswahlseite f\u00FCr B\u00FCrgerkartenumgebung
auth.12=Fehlerhafter Parameter "{1}" beim Aufruf von "{0}"
auth.13=Vollmachtenmodus f\u00FCr ausl\u00E4ndische B\u00FCrger wird nicht unterst\u00FCtzt.
auth.14=Zertifikat konnte nicht ausgelesen werden.
-auth.15=Fehler bei Anfrage an Vollmachten Service.
+auth.15=Fehler beim validieren der Online-Vollmacht.
auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}"
auth.17=Vollmachtenmodus f\u00FCr nicht-\u00F6ffentlichen Bereich wird nicht unterst\u00FCtzt.
auth.18=Keine MOASessionID vorhanden
@@ -70,7 +69,8 @@ config.16=MOA ID Proxy konnte nicht gestartet werden. Das Element ConnnectionPar
config.17=Fehler beim initialisieren von Hibernate
config.18=Keine MOA-ID 2.x Konfiguration gefunden.
config.19=Kein Schl\u00FCssel f\u00FCr die Resignierung der Personenbindung gefunden.
-config.20=Umgebungsvariable "moa.id.proxy.configuration" nicht gesetzt
+config.20=Umgebungsvariable "moa.id.proxy.configuration" nicht gesetzt
+config.21=F\u00FCr diese Online Applikation sind keine Vollmachtsprofile hinterlegt.
parser.00=Leichter Fehler beim Parsen: {0}
parser.01=Fehler beim Parsen: {0}
@@ -88,11 +88,15 @@ builder.03=Fehler beim Aufbau des HTML Codes f\u00FCr Vollmachten
builder.04=Die Personenbindung konnte nicht neu signiert werden und wird aus diesem Grund nicht ausgeliefert. MOA-SS lieferte folgenden Fehlercode {0} und Fehler {1} zur\u00FCck.
builder.05=Beim resignieren der Personenbindung ist ein allgemeiner Fehler aufgetreten und wird aus diesem Grund nicht ausgeliefert.
builder.06=Fehler beim generieren der Anmeldedaten aus SSO IDP Interfederation Informationen.
+builder.07=Fehlerhaftes SecurityLayer Template.
service.00=Fehler beim Aufruf des Web Service: {0}
service.01=Fehler beim Aufruf des Web Service: kein Endpoint
service.02=Fehler beim Aufruf des Web Service, Status {0}: {1}
service.03=Fehler beim Aufruf des SPSS-API: {0}
+service.04=Das Online-Vollmachten Service ist unter {0} nicht erreichbar.
+service.05=Fehler beim Anfragen des Online-Vollmachen Service: {0} / {1}
+service.06=Allgemeiner Fehler beim Anfragen des Online-Vollmachten Service
cleaner.00=AuthenticationSessionCleaner wurde gestartet
cleaner.01=Fehler im AuthenticationSessionCleaner
@@ -152,7 +156,7 @@ validator.26=OA Applikation ist eine Wirtschaftsapplikation, trotzdem ist ein SA
validator.27=OA Applikation ist keine Wirtschaftsapplikation, trotzdem ist ein SAML-Attribut "wbPK" enthalten
validator.28=Fehlerhafter Wert im "wbPK" SAML-Attribut {0}
validator.29=Fehler beim Auslesen des "wbPK" SAML-Attributs {0}
-validator.30=Der Namespace des SAML-Attributs "wbPK" ist ung�ltig {0}
+validator.30=Der Namespace des SAML-Attributs "wbPK" ist ung\u00FCltig {0}
validator.31="wbPK" wurde nicht in den SAML-Attributen gefunden {0}
@@ -234,7 +238,7 @@ pvp2.15=Keine Metadateninformation gefunden
pvp2.16=Fehler beim verschl\u00FCsseln der PVP2 Assertion
pvp2.17=Der QAA Level {0} entspricht nicht dem angeforderten QAA Level {1}
pvp2.18=Es konnten nicht alle Single Sign-On Sessions beendet werden.
-pvp2.19=Der Single LogOut Vorgang wurde wegen eines unkorregierbaren Fehler abgebrochen.
+pvp2.19=Der Single LogOut Vorgang musste wegen eines unkorregierbaren Fehler abgebrochen werden.
oauth20.01=Fehlerhafte redirect url
oauth20.02=Fehlender Parameter "{0}"
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes.properties
new file mode 100644
index 000000000..624ad4461
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes.properties
@@ -0,0 +1,180 @@
+auth.00=1000
+auth.01=1001
+auth.02=1100
+auth.03=9000
+auth.04=9100
+auth.05=1002
+auth.06=6200
+auth.07=1003
+auth.08=40
+auth.09=9100
+auth.10=1002
+auth.11=9100
+auth.12=1002
+auth.13=1007
+auth.14=1004
+auth.15=1108
+auth.16=9102
+auth.17=1006
+auth.18=1100
+auth.20=1100
+auth.21=1005
+auth.22=6000
+auth.23=9000
+auth.24=9001
+
+init.00=9199
+init.01=9199
+init.02=9199
+init.04=9101
+
+config.00=9199
+config.01=9199
+config.02=9199
+config.03=9199
+config.04=9199
+config.05=9199
+config.06=9199
+config.07=9199
+config.08=9199
+config.09=9199
+config.10=9199
+config.11=9199
+config.12=9199
+config.13=9199
+config.14=9199
+config.15=9199
+config.16=9199
+config.17=9199
+config.18=9199
+config.19=9199
+config.20=9199
+config.21=9006
+
+parser.00=1101
+parser.01=1101
+parser.02=1101
+parser.03=1101
+parser.04=1101
+parser.05=1101
+parser.06=1101
+parser.07=1101
+
+builder.00=9102
+builder.01=9103
+builder.02=9102
+builder.03=9102
+builder.04=Die Personenbindung konnte nicht neu signiert werden und wird aus diesem Grund nicht ausgeliefert. MOA-SS lieferte folgenden Fehlercode {0} und Fehler {1} zur\u00FCck.
+builder.05=Beim resignieren der Personenbindung ist ein allgemeiner Fehler aufgetreten und wird aus diesem Grund nicht ausgeliefert.
+builder.06=4400
+builder.07=9002
+
+service.00=4300
+service.03=4300
+service.04=41000
+service.05=411
+service.06=41001
+
+validator.00=1102
+validator.01=1102
+validator.02=1102
+validator.03=1102
+validator.04=1102
+validator.05=1102
+
+validator.06=1103
+validator.07=1104
+validator.08=1103
+validator.09=1106
+
+validator.10=1106
+validator.11=1106
+validator.12=1106
+validator.13=1106
+validator.14=1106
+validator.15=1106
+validator.16=1106
+
+validator.17=1104
+validator.18=1104
+
+validator.19=1105
+
+validator.21=1103
+validator.22=1103
+validator.23=1103
+validator.24=1103
+validator.25=1103
+
+validator.26=1106
+validator.27=1106
+validator.28=1106
+validator.29=1106
+validator.30=1106
+validator.31=1106
+
+validator.32=1106
+validator.33=1106
+validator.34=1106
+validator.35=1106
+validator.36=1106
+validator.37=1106
+validator.38=1106
+validator.39=1106
+
+validator.40=9199
+validator.41=9199
+validator.42=9199
+validator.43=9199
+validator.44=9199
+validator.45=9102
+validator.46=9102
+validator.47=9102
+validator.48=9199
+
+validator.49=1104
+validator.50=1106
+
+validator.64=9102
+
+validator.67=1106
+validator.68=1106
+validator.69=1106
+validator.70=1106
+validator.71=1105
+
+ssl.01=1107
+
+stork.00=1200
+stork.01=1200
+stork.02=1200
+stork.04=1201
+stork.05=1201
+stork.06=1202
+stork.07=1201
+stork.08=1201
+stork.09=1201
+stork.10=4200
+stork.11=1203
+stork.12=9003
+stork.13=1203
+stork.14=6001
+stork.15=6001
+stork.16=1203
+stork.17=1203
+stork.18=9004
+
+pvp2.01=6100
+pvp2.06=6100
+pvp2.13=9199
+pvp2.16=6101
+pvp2.17=6102
+
+oauth20.01=6200
+oauth20.06=1000
+oauth20.09=9005
+oauth20.10=9102
+
+##Map MIS/BKU statuscodes to MOA-ID-Auth statuscodes
+mis.301=1005
+bku.6001=1005 \ No newline at end of file