diff options
| author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2017-09-26 21:33:33 +0200 |
|---|---|---|
| committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2017-09-26 21:33:33 +0200 |
| commit | 27b687ed27fad429e6fbf1b3e69c579a8f2aae16 (patch) | |
| tree | 3cc65fc88f91073a4aaf2106ff0efade87f4fcb8 /id/server/idserverlib | |
| parent | 4bbd3f88211399f41e8210ad3fbe5b0ea8910994 (diff) | |
| parent | c498c2812a9f2b97da2356774527aaec0ae1f608 (diff) | |
| download | moa-id-spss-27b687ed27fad429e6fbf1b3e69c579a8f2aae16.tar.gz moa-id-spss-27b687ed27fad429e6fbf1b3e69c579a8f2aae16.tar.bz2 moa-id-spss-27b687ed27fad429e6fbf1b3e69c579a8f2aae16.zip | |
Merge branch 'eIDAS_node_implementation' of https://gitlab.iaik.tugraz.at/egiz/moa-idspss into eIDAS_node_implementation
Diffstat (limited to 'id/server/idserverlib')
30 files changed, 327 insertions, 582 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java index b57e6ed69..55b1a7c9a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java @@ -69,6 +69,7 @@ public class StatisticLogger implements IStatisticLogger{ private static final String GENERIC_LOCALBKU = ":3496/https-security-layer-request"; private static final String GENERIC_HANDYBKU = "https://www.handy-signatur.at/"; + private static final String GENERIC_ONLINE_BKU = "bkuonline"; private static final String MANTATORTYPE_JUR = "jur"; private static final String MANTATORTYPE_NAT = "nat"; @@ -422,8 +423,13 @@ public class StatisticLogger implements IStatisticLogger{ return IOAAuthParameters.HANDYBKU; } - Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.ONLINEBKU); - return IOAAuthParameters.ONLINEBKU; + if (bkuURL.contains(GENERIC_ONLINE_BKU)) { + Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.ONLINEBKU); + return IOAAuthParameters.ONLINEBKU; + } + + Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.AUTHTYPE_OTHERS); + return IOAAuthParameters.AUTHTYPE_OTHERS; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java index 6d53fd510..0b066f3b9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java @@ -23,10 +23,8 @@ package at.gv.egovernment.moa.id.advancedlogging; -import java.util.Date; - import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moa.id.commons.api.IRequest; /** * @author tlenz @@ -34,6 +32,43 @@ import at.gv.egovernment.moa.util.MiscUtil; */ public class TransactionIDUtils { + /** + * Set all MDC variables from pending request to this threat context<br> + * These includes SessionID, TransactionID, and unique service-provider identifier + * + * @param pendingRequest + */ + public static void setAllLoggingVariables(IRequest pendingRequest) { + setTransactionId(pendingRequest.getUniqueTransactionIdentifier()); + setSessionId(pendingRequest.getUniqueSessionIdentifier()); + setServiceProviderId(pendingRequest.getOnlineApplicationConfiguration().getPublicURLPrefix()); + + } + + /** + * Remove all MDC variables from this threat context + * + */ + public static void removeAllLoggingVariables() { + removeSessionId(); + removeTransactionId(); + removeServiceProviderId(); + + } + + + public static void setServiceProviderId(String oaUniqueId) { + org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID, oaUniqueId); + org.slf4j.MDC.put(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID, oaUniqueId); + + } + + public static void removeServiceProviderId() { + org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID); + org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID); + + } + public static void setTransactionId(String pendingRequestID) { org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID, "TID-" + pendingRequestID); @@ -50,9 +85,9 @@ public class TransactionIDUtils { public static void setSessionId(String uniqueSessionId) { org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID, - "TID-" + uniqueSessionId); + "SID-" + uniqueSessionId); org.slf4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID, - "TID-" + uniqueSessionId); + "SID-" + uniqueSessionId); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java index bbb322a4f..34d0d4be1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java @@ -74,20 +74,26 @@ public class AuthenticationSessionCleaner implements Runnable { ExceptionContainer exContainer = (ExceptionContainer) entry; if (exContainer.getExceptionThrown() != null) { - //add session and transaction ID to log if exists + //add session, transaction, and service-provider IDs into logging context if exists if (MiscUtil.isNotEmpty(exContainer.getUniqueTransactionID())) TransactionIDUtils.setTransactionId(exContainer.getUniqueTransactionID()); if (MiscUtil.isNotEmpty(exContainer.getUniqueSessionID())) TransactionIDUtils.setSessionId(exContainer.getUniqueSessionID()); + if (MiscUtil.isNotEmpty(exContainer.getUniqueServiceProviderId())) + TransactionIDUtils.setServiceProviderId(exContainer.getUniqueServiceProviderId()); + //log exception to technical log logExceptionToTechnicalLog(exContainer.getExceptionThrown()); //remove session and transaction ID from thread - TransactionIDUtils.removeSessionId(); - TransactionIDUtils.removeTransactionId(); - } + TransactionIDUtils.removeAllLoggingVariables(); + + } else { + Logger.warn("Receive an ExceptionContainer that includes no 'Exception' object. Somethinge is suspect!!!!!"); + + } } } catch (Exception e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java index c582050ad..710008714 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java @@ -32,7 +32,7 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad; import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; @@ -68,10 +68,10 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask { throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() }); } - - IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + + IGUIBuilderConfiguration config = new SPSpecificGUIBuilderConfigurationWithDBLoad( pendingReq, - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_BKUSELECTION, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_BKUSELECTION, GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); guiBuilder.build(response, config, "BKU-Selection form"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java index ca99e9ba3..475009cf2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java @@ -31,7 +31,7 @@ import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad; import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; @@ -67,10 +67,10 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas //store pending request requestStoreage.storePendingRequest(pendingReq); - //build consents evaluator form - IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + //build consents evaluator form + IGUIBuilderConfiguration config = new SPSpecificGUIBuilderConfigurationWithDBLoad( pendingReq, - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_SENDASSERTION, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_SENDASSERTION, GeneralProcessEngineSignalController.ENDPOINT_SENDASSERTION_EVALUATION); guiBuilder.build(response, config, "SendAssertion-Evaluation"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java index 1431911a3..353261085 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java @@ -33,6 +33,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.ExceptionHandler; import com.google.common.net.MediaType; + import at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; @@ -139,13 +140,11 @@ public abstract class AbstractController extends MOAIDAuthConstants { if (pendingReq != null) { revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR); transactionStorage.put(key, - new ExceptionContainer(pendingReq.getUniqueSessionIdentifier(), - pendingReq.getUniqueTransactionIdentifier(), loggedException),-1); + new ExceptionContainer(pendingReq, loggedException),-1); } else { transactionStorage.put(key, - new ExceptionContainer(null, - null, loggedException),-1); + new ExceptionContainer(null, loggedException),-1); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java index 0ce7b0050..32f103ca7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java @@ -45,11 +45,7 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont //change pending-request ID
requestStorage.changePendingRequestID(pendingReq);
pendingRequestID = pendingReq.getRequestID();
-
- //add transactionID and unique sessionID to Logger
- TransactionIDUtils.setSessionId(pendingReq.getUniqueSessionIdentifier());
- TransactionIDUtils.setTransactionId(pendingReq.getUniqueTransactionIdentifier());
-
+
// process instance is mandatory
if (pendingReq.getProcessInstanceId() == null) {
throw new MOAIllegalStateException("process.03", new Object[]{"MOA session does not provide process instance id."});
@@ -64,8 +60,7 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont } finally {
//MOASessionDBUtils.closeSession();
- TransactionIDUtils.removeTransactionId();
- TransactionIDUtils.removeSessionId();
+ TransactionIDUtils.removeAllLoggingVariables();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java index 9b658d81b..416e787a7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java @@ -34,7 +34,7 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IRequest; @@ -71,17 +71,17 @@ public class GUILayoutBuilderServlet extends AbstractController { IRequest pendingReq = extractPendingRequest(req); //initialize GUI builder configuration - ServiceProviderSpecificGUIFormBuilderConfiguration config = null; + SPSpecificGUIBuilderConfigurationWithDBLoad config = null; if (pendingReq != null) - config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + config = new SPSpecificGUIBuilderConfigurationWithDBLoad( pendingReq, - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_CSS, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_CSS, null); else - config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + config = new SPSpecificGUIBuilderConfigurationWithDBLoad( HTTPUtils.extractAuthURLFromRequest(req), - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_CSS, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_CSS, null); //build GUI component @@ -100,17 +100,17 @@ public class GUILayoutBuilderServlet extends AbstractController { IRequest pendingReq = extractPendingRequest(req); //initialize GUI builder configuration - ServiceProviderSpecificGUIFormBuilderConfiguration config = null; + SPSpecificGUIBuilderConfigurationWithDBLoad config = null; if (pendingReq != null) - config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + config = new SPSpecificGUIBuilderConfigurationWithDBLoad( pendingReq, - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_JS, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_JS, GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); else - config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + config = new SPSpecificGUIBuilderConfigurationWithDBLoad( HTTPUtils.extractAuthURLFromRequest(req), - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_JS, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_JS, GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); //build GUI component diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java index bedc67513..466364adb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java @@ -57,8 +57,8 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor { String uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId); if (MiscUtil.isEmpty(uniqueSessionIdentifier)) uniqueSessionIdentifier = Random.nextRandom(); - TransactionIDUtils.setSessionId(uniqueSessionIdentifier); + TransactionIDUtils.setSessionId(uniqueSessionIdentifier); request.setAttribute(MOAIDConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier); return true; @@ -79,8 +79,8 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor { @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { - // TODO Auto-generated method stub - + TransactionIDUtils.removeAllLoggingVariables(); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java index 1c6fdcb65..4820b6fdc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.data; import java.io.Serializable; +import at.gv.egovernment.moa.id.commons.api.IRequest; + /** * @author tlenz * @@ -34,13 +36,21 @@ public class ExceptionContainer implements Serializable { private Throwable exceptionThrown = null; private String uniqueSessionID = null; private String uniqueTransactionID = null; + private String uniqueServiceProviderId = null; /** * */ - public ExceptionContainer(String uniqueSessionID, String uniqueTransactionID, Throwable exception) { - this.uniqueSessionID = uniqueSessionID; - this.uniqueTransactionID = uniqueTransactionID; + public ExceptionContainer(IRequest pendingReq, Throwable exception) { + if (pendingReq != null) { + this.uniqueSessionID = pendingReq.getUniqueSessionIdentifier(); + this.uniqueTransactionID = pendingReq.getUniqueTransactionIdentifier(); + + if (pendingReq.getOnlineApplicationConfiguration() != null) + this.uniqueServiceProviderId = pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix(); + + } + this.exceptionThrown = exception; } @@ -62,6 +72,14 @@ public class ExceptionContainer implements Serializable { public String getUniqueTransactionID() { return uniqueTransactionID; } + + /** + * @return the uniqueServiceProviderId + */ + public String getUniqueServiceProviderId() { + return uniqueServiceProviderId; + } + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index ab0a1ec40..7c581d470 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -47,6 +47,7 @@ import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; @@ -202,6 +203,14 @@ public class AuthenticationManager extends MOAIDAuthConstants { public AuthenticationSession doAuthentication(HttpServletRequest httpReq, HttpServletResponse httpResp, RequestImpl pendingReq) throws MOADatabaseException, ServletException, IOException, MOAIDException { + //load OA configuration from pending request + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + + //set logging context and log unique OA identifier to revision log + TransactionIDUtils.setServiceProviderId(pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix()); + revisionsLogger.logEvent(oaParam, + pendingReq, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, pendingReq.getOAURL()); + //generic authentication request validation if (pendingReq.isPassiv() && pendingReq.forceAuth()) { @@ -236,12 +245,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq); // check if Service-Provider allows SSO sessions - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); boolean useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP(); - - revisionsLogger.logEvent(oaParam, - pendingReq, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, pendingReq.getOAURL()); - + //if a legacy request is used SSO should not be allowed in case of mandate authentication boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(httpReq); @@ -615,7 +620,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { //send SLO response to SLO request issuer SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq); LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs()); - sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState); + sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq); } else { //print SLO information directly @@ -651,7 +656,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { if (pvpReq != null) { SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq); LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); - sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState); + sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq); revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java index eec48e0f3..90ccb3c27 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java @@ -52,9 +52,8 @@ public class RequestStorage implements IRequestStorage{ } //set transactionID and sessionID to Logger - TransactionIDUtils.setTransactionId(pendingRequest.getUniqueTransactionIdentifier()); - TransactionIDUtils.setSessionId(pendingRequest.getUniqueSessionIdentifier()); - + TransactionIDUtils.setAllLoggingVariables(pendingRequest); + return pendingRequest; } catch (MOADatabaseException | NullPointerException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java new file mode 100644 index 000000000..b05e60e94 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java @@ -0,0 +1,114 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.opemsaml; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.OutputStreamWriter; +import java.io.Writer; + +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.opensaml.common.binding.SAMLMessageContext; +import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.transport.http.HTTPOutTransport; +import org.opensaml.ws.transport.http.HTTPTransportUtils; + +import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class MOAIDHTTPPostEncoder extends HTTPPostEncoder { + + private VelocityEngine velocityEngine; + private IGUIBuilderConfiguration guiConfig; + private GUIFormBuilderImpl guiBuilder; + + /** + * @param engine + * @param templateId + */ + public MOAIDHTTPPostEncoder(IGUIBuilderConfiguration guiConfig, GUIFormBuilderImpl guiBuilder, VelocityEngine engine) { + super(engine, null); + this.velocityEngine = engine; + this.guiConfig = guiConfig; + this.guiBuilder = guiBuilder; + + } + + /** + * Base64 and POST encodes the outbound message and writes it to the outbound transport. + * + * @param messageContext current message context + * @param endpointURL endpoint URL to which to encode message + * + * @throws MessageEncodingException thrown if there is a problem encoding the message + */ + protected void postEncode(SAMLMessageContext messageContext, String endpointURL) throws MessageEncodingException { + Logger.debug("Invoking Velocity template to create POST body"); + InputStream is = null; + try { + //build Velocity Context from GUI input paramters + VelocityContext context = guiBuilder.generateVelocityContextFromConfiguration(guiConfig); + + //load template + is = guiBuilder.getTemplateInputStream(guiConfig); + + //populate velocity context with SAML2 parameters + populateVelocityContext(context, messageContext, endpointURL); + + //populate transport parameter + HTTPOutTransport outTransport = (HTTPOutTransport) messageContext.getOutboundMessageTransport(); + HTTPTransportUtils.addNoCacheHeaders(outTransport); + HTTPTransportUtils.setUTF8Encoding(outTransport); + HTTPTransportUtils.setContentType(outTransport, "text/html"); + + //evaluate template and write content to response + Writer out = new OutputStreamWriter(outTransport.getOutgoingStream(), "UTF-8"); + velocityEngine.evaluate(context, out, "SAML2_POST_BINDING", new BufferedReader(new InputStreamReader(is))); + out.flush(); + + } catch (Exception e) { + Logger.error("Error invoking Velocity template", e); + throw new MessageEncodingException("Error creating output document", e); + + } finally { + if (is != null) { + try { + is.close(); + + } catch (IOException e) { + Logger.error("Can NOT close GUI-Template InputStream.", e); + } + } + + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java index 365a31fe1..643e30ac9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java @@ -39,6 +39,7 @@ import org.opensaml.saml2.core.Response; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; @@ -79,6 +80,7 @@ public class AttributQueryAction implements IAction { @Autowired private IDPCredentialProvider pvpCredentials; @Autowired private AuthConfiguration authConfig; @Autowired(required=true) private MOAMetadataProvider metadataProvider; + @Autowired(required=true) ApplicationContext springContext; private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList( new String[]{PVPConstants.EID_STORK_TOKEN_NAME}); @@ -141,9 +143,9 @@ public class AttributQueryAction implements IAction { metadataProvider, issuerEntityID, attrQuery, date, assertion, authConfig.isPVP2AssertionEncryptionActive()); - SoapBinding decoder = new SoapBinding(); + SoapBinding decoder = springContext.getBean("PVPSOAPBinding", SoapBinding.class); decoder.encodeRespone(httpReq, httpResp, authResponse, null, null, - pvpCredentials.getIDPAssertionSigningCredential()); + pvpCredentials.getIDPAssertionSigningCredential(), pendingReq); return null; } catch (MessageEncodingException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java index aac49844e..9d60ae4b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java @@ -35,6 +35,7 @@ import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; @@ -62,6 +63,7 @@ public class AuthenticationAction implements IAction { @Autowired IDPCredentialProvider pvpCredentials; @Autowired AuthConfiguration authConfig; @Autowired(required=true) private MOAMetadataProvider metadataProvider; + @Autowired(required=true) ApplicationContext springContext; public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { @@ -102,11 +104,11 @@ public class AuthenticationAction implements IAction { if (consumerService.getBinding().equals( SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - binding = new RedirectBinding(); + binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class); } else if (consumerService.getBinding().equals( SAMLConstants.SAML2_POST_BINDING_URI)) { - binding = new PostBinding(); + binding = springContext.getBean("PVPPOSTBinding", PostBinding.class); } @@ -117,7 +119,7 @@ public class AuthenticationAction implements IAction { try { binding.encodeRespone(httpReq, httpResp, authResponse, consumerService.getLocation(), moaRequest.getRelayState(), - pvpCredentials.getIDPAssertionSigningCredential()); + pvpCredentials.getIDPAssertionSigningCredential(), req); //set protocol type sloInformation.setProtocolType(req.requestedModule()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index a7a249eed..216d7a8b1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -444,13 +444,13 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { IEncoder encoder = null; if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - encoder = new RedirectBinding(); + encoder = applicationContext.getBean("PVPRedirectBinding", RedirectBinding.class); } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { - encoder = new PostBinding(); + encoder = applicationContext.getBean("PVPPOSTBinding", PostBinding.class); } else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) { - encoder = new SoapBinding(); + encoder = applicationContext.getBean("PVPSOAPBinding", SoapBinding.class); } if(encoder == null) { @@ -465,7 +465,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { X509Credential signCred = pvpCredentials.getIDPAssertionSigningCredential(); encoder.encodeRespone(request, response, samlResponse, pvpRequest.getConsumerURL(), - relayState, signCred); + relayState, signCred, protocolRequest); return true; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java index ff703d585..f709da213 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java @@ -111,7 +111,7 @@ public class SingleLogOutAction implements IAction { //LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, null); Logger.info("Sending SLO success message to requester ..."); - sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState()); + sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState(), pvpReq); return null; } else { @@ -127,7 +127,7 @@ public class SingleLogOutAction implements IAction { //LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, null); Logger.info("Sending SLO success message to requester ..."); - sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState()); + sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState(), pvpReq); return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java index 3b2fb3687..ccbef6e6c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java @@ -31,6 +31,7 @@ import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; public interface IEncoder { @@ -43,12 +44,13 @@ public interface IEncoder { * @param targetLocation URL, where the request should be transmit * @param relayState token for session handling * @param credentials Credential to sign the request object + * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null * @throws MessageEncodingException * @throws SecurityException * @throws PVP2Exception */ public void encodeRequest(HttpServletRequest req, - HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials) + HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException, PVP2Exception; /** @@ -59,10 +61,11 @@ public interface IEncoder { * @param targetLocation URL, where the request should be transmit * @param relayState token for session handling * @param credentials Credential to sign the response object + * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null * @throws MessageEncodingException * @throws SecurityException */ public void encodeRespone(HttpServletRequest req, - HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials) + HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException, PVP2Exception; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index 9977e607b..c7688c14b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -25,13 +25,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.velocity.app.VelocityEngine; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.common.binding.decoding.URIComparator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; -import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.saml2.metadata.IDPSSODescriptor; @@ -49,8 +47,17 @@ import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; +import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad; import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.opemsaml.MOAIDHTTPPostEncoder; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; @@ -62,10 +69,14 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@Service("PVPPOSTBinding") public class PostBinding implements IDecoder, IEncoder { + + @Autowired(required=true) AuthConfiguration authConfig; + @Autowired(required=true) GUIFormBuilderImpl guiBuilder; public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation, String relayState, Credential credentials) + RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException { try { @@ -75,9 +86,18 @@ public class PostBinding implements IDecoder, IEncoder { //load default PVP security configurations MOADefaultBootstrap.initializeDefaultPVPConfiguration(); - VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); - HTTPPostEncoder encoder = new HTTPPostEncoder(engine, - "resources/templates/pvp_postbinding_template.html"); + //initialize POST binding encoder with template decoration + IGUIBuilderConfiguration guiConfig = + new SPSpecificGUIBuilderConfigurationWithFileSystemLoad( + pendingReq, + "pvp_postbinding_template.html", + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, + null, + authConfig.getRootConfigFileDir()); + MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder, + VelocityProvider.getClassPathVelocityEngine()); + + //set OpenSAML2 process parameter into binding context dao HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( resp, true); BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); @@ -103,22 +123,27 @@ public class PostBinding implements IDecoder, IEncoder { } public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, - StatusResponseType response, String targetLocation, String relayState, Credential credentials) + StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException { try { -// X509Credential credentials = credentialProvider -// .getIDPAssertionSigningCredential(); - //load default PVP security configurations MOADefaultBootstrap.initializeDefaultPVPConfiguration(); Logger.debug("create SAML POSTBinding response"); - VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); - - HTTPPostEncoder encoder = new HTTPPostEncoder(engine, - "resources/templates/pvp_postbinding_template.html"); + //initialize POST binding encoder with template decoration + IGUIBuilderConfiguration guiConfig = + new SPSpecificGUIBuilderConfigurationWithFileSystemLoad( + pendingReq, + "pvp_postbinding_template.html", + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, + null, + authConfig.getRootConfigFileDir()); + MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder, + VelocityProvider.getClassPathVelocityEngine()); + + //set OpenSAML2 process parameter into binding context dao HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( resp, true); BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index 279038967..4f44a6202 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -50,7 +50,9 @@ import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; +import org.springframework.stereotype.Service; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; @@ -62,10 +64,11 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@Service("PVPRedirectBinding") public class RedirectBinding implements IDecoder, IEncoder { public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation, String relayState, Credential credentials) + RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException { // try { @@ -100,7 +103,7 @@ public class RedirectBinding implements IDecoder, IEncoder { public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, - Credential credentials) throws MessageEncodingException, SecurityException { + Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException { // try { // X509Credential credentials = credentialProvider // .getIDPAssertionSigningCredential(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java index 94d91694a..552b64ac6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java @@ -48,7 +48,9 @@ import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.signature.SignableXMLObject; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; @@ -60,6 +62,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@Service("PVPSOAPBinding") public class SoapBinding implements IDecoder, IEncoder { @Autowired(required=true) private MOAMetadataProvider metadataProvider; @@ -136,13 +139,13 @@ public class SoapBinding implements IDecoder, IEncoder { } public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation, String relayState, Credential credentials) + RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException, PVP2Exception { } public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, - StatusResponseType response, String targetLocation, String relayState, Credential credentials) + StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException, PVP2Exception { // try { // Credential credentials = credentialProvider diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java index 01ef4a43d..f29418853 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java @@ -44,6 +44,8 @@ import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.xml.security.SecurityException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.commons.api.IRequest; @@ -64,6 +66,7 @@ import at.gv.egovernment.moa.util.MiscUtil; @Service("PVPAuthnRequestBuilder") public class PVPAuthnRequestBuilder { + @Autowired(required=true) ApplicationContext springContext; /** * Build a PVP2.x specific authentication request @@ -202,17 +205,17 @@ public class PVPAuthnRequestBuilder { IEncoder binding = null; if (endpoint.getBinding().equals( SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - binding = new RedirectBinding(); + binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class); } else if (endpoint.getBinding().equals( SAMLConstants.SAML2_POST_BINDING_URI)) { - binding = new PostBinding(); + binding = springContext.getBean("PVPPOSTBinding", PostBinding.class); } //encode message binding.encodeRequest(null, httpResp, authReq, - endpoint.getLocation(), pendingReq.getRequestID(), config.getAuthnRequestSigningCredential()); + endpoint.getLocation(), pendingReq.getRequestID(), config.getAuthnRequestSigningCredential(), pendingReq); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java index de59e6055..4fef52aec 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java @@ -59,6 +59,7 @@ import org.opensaml.xml.signature.Signature; import org.opensaml.xml.signature.SignatureConstants; import org.opensaml.xml.signature.Signer; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; import org.w3c.dom.Document; @@ -95,7 +96,9 @@ import at.gv.egovernment.moa.logging.Logger; public class SingleLogOutBuilder { @Autowired(required=true) private MOAMetadataProvider metadataProvider; + @Autowired(required=true) ApplicationContext springContext; @Autowired private IDPCredentialProvider credentialProvider; + public void checkStatusCode(ISLOInformationContainer sloContainer, LogoutResponse logOutResp) { Status status = logOutResp.getStatus(); @@ -185,15 +188,15 @@ public class SingleLogOutBuilder { public void sendFrontChannelSLOMessage(SingleLogoutService consumerService, LogoutResponse sloResp, HttpServletRequest req, HttpServletResponse resp, - String relayState) throws MOAIDException { + String relayState, PVPTargetConfiguration pvpReq) throws MOAIDException { IEncoder binding = null; if (consumerService.getBinding().equals( SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - binding = new RedirectBinding(); + binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class); } else if (consumerService.getBinding().equals( SAMLConstants.SAML2_POST_BINDING_URI)) { - binding = new PostBinding(); + binding = springContext.getBean("PVPPOSTBinding", PostBinding.class); } @@ -204,7 +207,7 @@ public class SingleLogOutBuilder { try { binding.encodeRespone(req, resp, sloResp, consumerService.getLocation(), relayState, - credentialProvider.getIDPAssertionSigningCredential()); + credentialProvider.getIDPAssertionSigningCredential(), pvpReq); } catch (MessageEncodingException e) { Logger.error("Message Encoding exception", e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java index 2ded32bac..d05d180e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java @@ -55,6 +55,12 @@ public class EntityVerifier { try { IOAAuthParameters oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID); + if (oa == null) { + Logger.debug("No OnlineApplication with EntityID: " + entityID); + return null; + + } + String certBase64 = oa.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); if (MiscUtil.isNotEmpty(certBase64)) { return Base64Utils.decode(certBase64, false); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java index f37ae0b0b..d30ce4924 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java @@ -44,9 +44,9 @@ import iaik.security.ec.common.ECParameterSpec; import iaik.security.ec.common.ECPublicKey; import iaik.security.ec.common.ECStandardizedParameterFactory; import iaik.security.ec.common.EllipticCurve; +import iaik.security.ec.math.field.AbstractPrimeField; import iaik.security.ec.math.field.Field; import iaik.security.ec.math.field.FieldElement; -import iaik.security.ec.math.field.PrimeField; public class ECDSAKeyValueConverter { @@ -221,7 +221,7 @@ public class ECDSAKeyValueConverter // Value xValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyXStr, 10)); // publicKeyPointX = field.newElement(xValue); - PrimeField pf = (PrimeField) field; + AbstractPrimeField pf = (AbstractPrimeField) field; publicKeyPointX = pf.newElement(new BigInteger(publicKeyXStr, 10)); // Value yValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyYStr, 10)); // publicKeyPointY = field.newElement(yValue); diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html deleted file mode 100644 index f5bca7f1f..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html +++ /dev/null @@ -1,193 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
-<html>
-<head>
-<BASE href="<BASE_href>">
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
- <title>Berufsmäßige Parteieinvertretung</title>
-</head>
-<body>
- Berufsmäßige Parteienvertretung einer
- natürlichen/juristischen Person
- <form name="ProcessInputForm" method="post" accept-charset="UTF-8"
- enctype="application/x-www-form-urlencoded" action="<BKU>">
- <table width="80%" border="0">
- <tr />
- <tr />
- <tr>
- <td colspan="3"><em>Vertreter:</em></td>
- </tr>
- <tr>
- <td align="right" width="20%">Vorname <img
- title=" Dieses Feld muss ausgefüllt sein!" alt="Stern"
- src="img/stern.gif" width="10" height="16" /></td>
- <td><input name="rpgivenname_" type="text" disabled="true"
- id="rpgivenname" value="<rpgivenname>" size="50" readonly="true" />
- </td>
- <td></td>
- </tr>
- <tr>
- <td align="right">Name <img
- title=" Dieses Feld muss ausgefüllt sein!" alt="Stern"
- src="img/stern.gif" width="10" height="16" /></td>
- <td><input name="rpfamilyname_" type="text" disabled="true"
- id="rpfamilyname" value="<rpfamilyname>" size="50" readonly="true" />
- </td>
- <td></td>
- </tr>
- <tr>
- <td align="right">Geburtsdatum <img
- title=" Dieses Feld muss ausgefüllt sein!" alt="Stern"
- src="img/stern.gif" width="10" height="16" /></td>
- <td><input name="rpdobyear_" type="text" disabled="true"
- id="rpdobyear" value="<rpdobyear>" size="4" maxlength="4"
- readonly="true" /> - <input name="rpdobmonth_" type="text"
- disabled="true" id="rpdobmonth" value="<rpdobmonth>" size="2"
- maxlength="2" readonly="true" /> - <input name="rpdobday_"
- type="text" disabled="true" id="rpdobday" value="<rpdobday>"
- size="2" maxlength="2" readonly="true" /></td>
- <td></td>
- </tr>
- <tr>
- <td colspan="2"><br /> <em>Ich bin berufsmäßig
- berechtigt für die nachfolgend genannte Person in deren Namen
- mit der Bürgerkarte einzuschreiten.</em></td>
- <td> </td>
- </tr>
- <tr>
- <td colspan="3"><br /> <em>Vertretene Person:</em></td>
- </tr>
- <tr>
- <td colspan="3"><input name="physical_" type="radio"
- physdisabled="" value="true" physselected="" /> natürliche
- Person: </td>
- </tr>
- <tr>
- <td align="right">Vorname <img
- title=" Dieses Feld muss ausgefüllt sein!" alt="Stern"
- src="img/stern.gif" width="10" height="16" /></td>
- <td><input name="givenname_" type="text" id="givenname"
- value="<givenname>" physdisabled="" size="50" /> <img
- src="img/info.gif" title="Vorname laut ZMR Schreibweise" alt="Info"
- border="0" /></td>
- <td></td>
- </tr>
- <tr>
- <td align="right">Name <img
- title=" Dieses Feld muss ausgefüllt sein!" alt="Stern"
- src="img/stern.gif" width="10" height="16" /></td>
- <td><input name="familyname_" type="text" id="familyname"
- value="<familyname>" physdisabled="" size="50" /> <img
- src="img/info.gif" title="Familienname laut ZMR Schreibweise"
- alt="Info" border="0" /></td>
- <td></td>
- </tr>
- <tr>
- <td align="right">Geburtsdatum <img
- title=" Dieses Feld muss ausgefüllt sein!" alt="Stern"
- src="img/stern.gif" width="10" height="16" /></td>
- <td><input name="dobyear_" type="text" id="dobyear" size="4"
- maxlength="4" value="<dobyear>" physdisabled="" /> - <input
- name="dobmonth_" type="text" id="dobmonth" size="2" maxlength="2"
- value="<dobmonth>" physdisabled="" /> - <input name="dobday_"
- type="text" id="dobday" size="2" maxlength="2" value="<dobday>"
- physdisabled="" /> <img src="img/info.gif"
- title="Format: JJJJ-MM-TT" alt="Info" border="0" /></td>
- <td></td>
- </tr>
- <tr>
- <td align="center"><em>optional:</em></td>
- <td colspan="2" />
- </tr>
- <tr>
- <td align="right">Straße </td>
- <td><input name="streetname_" type="text" id="streetname"
- value="<streetname>" physdisabled="" size="50" /> <img
- src="img/info.gif" title="Straße laut ZMR Schreibweise"
- border="0" /></td>
- <td></td>
- </tr>
- <tr>
- <td align="right">Hausnummer </td>
- <td><input name="buildingnumber_" type="text"
- id="buildingnumber" value="<buildingnumber>" physdisabled=""
- size="50" /> <img src="img/info.gif"
- title="Hausnummer laut ZMR Schreibweise" alt="Info" border="0" /></td>
- <td></td>
- </tr>
- <tr>
- <td align="right">Einh. Nr. </td>
- <td><input name="unit_" type="text" id="unit" value="<unit>"
- size="50" physdisabled="" /> <img src="img/info.gif"
- title="Nutzungseinheitsnummer laut ZMR Schreibweise" alt="Info"
- border="0" /></td>
- <td></td>
- </tr>
- <tr>
- <td align="right">Postleitzahl </td>
- <td><input name="postalcode_" type="text" id="postalcode"
- value="<postalcode>" size="50" physdisabled="" /> <img
- src="img/info.gif" title="Postleitzahl laut ZMR Schreibweise"
- alt="Info" border="0" /></td>
- <td></td>
- </tr>
- <tr>
- <td align="right">Gemeinde </td>
- <td><input name="municipality_" type="text" id="municipality"
- value="<municipality>" size="50" physdisabled="" /> <img
- src="img/info.gif" title="Gemeinde laut ZMR Schreibweise"
- alt="Info" border="0" /></td>
- <td></td>
- </tr>
- <tr>
- <td colspan="3"> </td>
- </tr>
- <tr>
- <td colspan="3"><input name="physical_" type="radio"
- cbdisabled="" value="false" cbselected=""/ > juristische
- Person: </td>
- </tr>
- <tr>
- <td align="right">Name <img
- title=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif"
- alt="Stern" width="10" height="16" /></td>
- <td><input name="fullname_" type="text" cbdisabled=""
- id="fullname" value="<fullname>" size="50" /> <img
- src="img/info.gif"
- title="Name der Organisation laut ZMR Schreibweise" alt="Info"
- border="0" /></td>
- <td></td>
- </tr>
- <tr>
- <td align="right" nowrap="nowrap"><select
- name="cbidentificationtype_" size="1" cbseldisabled="">
- <option value="urn:publicid:gv.at:baseid+XFN" fnselected="">Firmenbuchnummer</option>
- <option value="urn:publicid:gv.at:baseid+XZVR" vrselected="">Vereinsnummer</option>
- <option value="urn:publicid:gv.at:baseid+XERSB" ersbselected="">Ord.Nr.im
- Ergänzungsreg.</option>
- </select> <img title=" Dieses Feld muss ausgefüllt sein!"
- src="img/stern.gif" alt="Stern" width="10" height="16" /></td>
- <td><input name="cbidentificationvalue_" type="text"
- cbdisabled="" id="cbidentificationvalue"
- value="<cbidentificationvalue>" size="50" /> <img
- src="img/info.gif" title="Ordnungsbegriff laut ZMR Schreibweise"
- alt="Info" border="0" /></td>
- <td></td>
- </tr>
- </table>
- <br />
- <errortext>
- <p>
- <em>Bitte halten Sie Ihre Bürgerkartenumgebung bereit.</em>
- </p>
- <p>
- <input name="XMLRequest" type="hidden"
- value="<?xml version='1.0' encoding='UTF-8'?><NullOperationRequest xmlns='http://www.buergerkarte.at/namespaces/securitylayer/1.2#'/>" />
- <input name="DataURL" type="hidden" value="<DataURL>" /> <input
- type="submit" name="Submit" value=" Weiter " /> <input
- name="Clear" type="reset" id="Clear"
- value="Formular zurücksetzen" />
- </p>
- <br />
- </form>
-</body>
-</html>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html deleted file mode 100644 index cffc46981..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html +++ /dev/null @@ -1,235 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
-
-<html>
-<head>
-<BASE href="<BASE_href>">
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
- <title>Berufsmäßige Parteieinvertretung</title>
- <link href="css/styles.css" type="text/css" rel="stylesheet">
- <link href="css/styles_opera.css" type="text/css" rel="stylesheet">
- <link href="css/mandates.css" type="text/css" rel="stylesheet">
-
- <script src="formallg.js" type="text/javascript"></script>
- <script src="fa.js" type="text/javascript"></script>
-</head>
-<body>
-
-
- <div class="hleft">
- <!--Stammzahlenregisterbehörde<br/>-->
-
- <!--Ballhausplatz 2<br/>-->
- <!--1014 Wien-->
- </div>
- <div class="hright" align="right">
- <img src="img/egov_schrift.gif" alt="E-Gov Logo" />
- </div>
- <div class="htitle" align="left">
- <h1>Berufsmäßige Parteienvertretung</h1>
- </div>
- <div class="leiste1" align="center">Bitte beachten Sie</div>
- <div class="leiste2" align="center"></div>
- <div class="leiste3">
- <img title=" Dieses Feld muss ausgefüllt sein!" alt="Stern"
- src="img/stern.gif" width="10" height="16" /> Feld muss
- ausgefüllt sein
- </div>
- <div class="leiste3">
- <img title=" Hilfe zum Ausfüllen " alt="Info" src="img/info.gif"
- width="10" height="16" /> Ausfüllhilfe
- </div>
- <div class="leiste3">
- <img title=" Angabe bitte ergänzen oder richtig stellen! "
- alt="Rufezeichen" src="img/rufezeichen.gif" width="10" height="16" />
- Fehlerhinweis
- </div>
- <div style="clear: both"> </div>
-
- <h2>Berufsmäßige Parteienvertretung einer
- natürlichen/juristischen Person</h2>
- <div class="boundingbox">
- <form name="ProcessInputForm" method="post" accept-charset="UTF-8"
- enctype="application/x-www-form-urlencoded" action="<BKU>">
- <table width="80%" border="0">
- <tr />
- <tr />
- <tr>
- <td colspan="3"><em>Vertreter:</em></td>
- </tr>
- <tr>
- <td align="right" width="20%">Vorname <img
- title=" Dieses Feld muss ausgefüllt sein!" alt="Stern"
- src="img/stern.gif" width="10" height="16" /></td>
- <td><input name="rpgivenname_" type="text" disabled="true"
- id="rpgivenname" value="<rpgivenname>" size="50" readonly="true" />
- </td>
- <td></td>
- </tr>
- <tr>
- <td align="right">Name <img
- title=" Dieses Feld muss ausgefüllt sein!" alt="Stern"
- src="img/stern.gif" width="10" height="16" /></td>
- <td><input name="rpfamilyname_" type="text" disabled="true"
- id="rpfamilyname" value="<rpfamilyname>" size="50" readonly="true" />
- </td>
- <td></td>
- </tr>
- <tr>
- <td align="right">Geburtsdatum <img
- title=" Dieses Feld muss ausgefüllt sein!" alt="Stern"
- src="img/stern.gif" width="10" height="16" /></td>
- <td><input name="rpdobyear_" type="text" disabled="true"
- id="rpdobyear" value="<rpdobyear>" size="4" maxlength="4"
- readonly="true" /> - <input name="rpdobmonth_" type="text"
- disabled="true" id="rpdobmonth" value="<rpdobmonth>" size="2"
- maxlength="2" readonly="true" /> - <input name="rpdobday_"
- type="text" disabled="true" id="rpdobday" value="<rpdobday>"
- size="2" maxlength="2" readonly="true" /></td>
- <td></td>
- </tr>
- <tr>
- <td colspan="2"><br /> <em>Ich bin berufsmäßig
- berechtigt für die nachfolgend genannte Person in deren
- Namen mit der Bürgerkarte einzuschreiten.</em></td>
- <td> </td>
- </tr>
- <tr>
- <td colspan="3"><br /> <em>Vertretene Person:</em></td>
- </tr>
- <tr>
- <td colspan="3"><input name="physical_" type="radio"
- physdisabled="" value="true" physselected="" /> natürliche
- Person: </td>
- </tr>
- <tr>
- <td align="right">Vorname <img
- title=" Dieses Feld muss ausgefüllt sein!" alt="Stern"
- src="img/stern.gif" width="10" height="16" /></td>
- <td><input name="givenname_" type="text" id="givenname"
- value="<givenname>" physdisabled="" size="50" /> <img
- src="img/info.gif" title="Vorname laut ZMR Schreibweise"
- alt="Info" border="0" /></td>
- <td></td>
- </tr>
- <tr>
- <td align="right">Name <img
- title=" Dieses Feld muss ausgefüllt sein!" alt="Stern"
- src="img/stern.gif" width="10" height="16" /></td>
- <td><input name="familyname_" type="text" id="familyname"
- value="<familyname>" physdisabled="" size="50" /> <img
- src="img/info.gif" title="Familienname laut ZMR Schreibweise"
- alt="Info" border="0" /></td>
- <td></td>
- </tr>
- <tr>
- <td align="right">Geburtsdatum <img
- title=" Dieses Feld muss ausgefüllt sein!" alt="Stern"
- src="img/stern.gif" width="10" height="16" /></td>
- <td><input name="dobyear_" type="text" id="dobyear" size="4"
- maxlength="4" value="<dobyear>" physdisabled="" /> - <input
- name="dobmonth_" type="text" id="dobmonth" size="2" maxlength="2"
- value="<dobmonth>" physdisabled="" /> - <input name="dobday_"
- type="text" id="dobday" size="2" maxlength="2" value="<dobday>"
- physdisabled="" /> <img src="img/info.gif"
- title="Format: JJJJ-MM-TT" alt="Info" border="0" /></td>
- <td></td>
- </tr>
- <tr>
- <td align="center"><em>optional:</em></td>
- <td colspan="2" />
- </tr>
- <tr>
- <td align="right">Straße </td>
- <td><input name="streetname_" type="text" id="streetname"
- value="<streetname>" physdisabled="" size="50" /> <img
- src="img/info.gif" title="Straße laut ZMR Schreibweise"
- border="0" /></td>
- <td></td>
- </tr>
- <tr>
- <td align="right">Hausnummer </td>
- <td><input name="buildingnumber_" type="text"
- id="buildingnumber" value="<buildingnumber>" physdisabled=""
- size="50" /> <img src="img/info.gif"
- title="Hausnummer laut ZMR Schreibweise" alt="Info" border="0" />
- </td>
- <td></td>
- </tr>
- <tr>
- <td align="right">Einh. Nr. </td>
- <td><input name="unit_" type="text" id="unit" value="<unit>"
- size="50" physdisabled="" /> <img src="img/info.gif"
- title="Nutzungseinheitsnummer laut ZMR Schreibweise" alt="Info"
- border="0" /></td>
- <td></td>
- </tr>
- <tr>
- <td align="right">Postleitzahl </td>
- <td><input name="postalcode_" type="text" id="postalcode"
- value="<postalcode>" size="50" physdisabled="" /> <img
- src="img/info.gif" title="Postleitzahl laut ZMR Schreibweise"
- alt="Info" border="0" /></td>
- <td></td>
- </tr>
- <tr>
- <td align="right">Gemeinde </td>
- <td><input name="municipality_" type="text" id="municipality"
- value="<municipality>" size="50" physdisabled="" /> <img
- src="img/info.gif" title="Gemeinde laut ZMR Schreibweise"
- alt="Info" border="0" /></td>
- <td></td>
- </tr>
- <tr>
- <td colspan="3"> </td>
- </tr>
- <tr>
- <td colspan="3"><input name="physical_" type="radio"
- cbdisabled="" value="false" cbselected=""/ > juristische
- Person: </td>
- </tr>
- <tr>
- <td align="right">Name <img
- title=" Dieses Feld muss ausgefüllt sein!"
- src="img/stern.gif" alt="Stern" width="10" height="16" /></td>
- <td><input name="fullname_" type="text" cbdisabled=""
- id="fullname" value="<fullname>" size="50" /> <img
- src="img/info.gif"
- title="Name der Organisation laut ZMR Schreibweise" alt="Info"
- border="0" /></td>
- <td></td>
- </tr>
- <tr>
- <td align="right" nowrap="nowrap"><select
- name="cbidentificationtype_" size="1" cbseldisabled="">
- <option value="urn:publicid:gv.at:baseid+XFN" fnselected="">Firmenbuchnummer</option>
- <option value="urn:publicid:gv.at:baseid+XZVR" vrselected="">Vereinsnummer</option>
- <option value="urn:publicid:gv.at:baseid+XERSB" ersbselected="">Ord.Nr.im
- Ergänzungsreg.</option>
- </select> <img title=" Dieses Feld muss ausgefüllt sein!"
- src="img/stern.gif" alt="Stern" width="10" height="16" /></td>
- <td><input name="cbidentificationvalue_" type="text"
- cbdisabled="" id="cbidentificationvalue"
- value="<cbidentificationvalue>" size="50" /> <img
- src="img/info.gif" title="Ordnungsbegriff laut ZMR Schreibweise"
- alt="Info" border="0" /></td>
- <td></td>
- </tr>
- </table>
- <br />
- <errortext>
- <p>
- <em>Bitte halten Sie Ihre Bürgerkartenumgebung bereit.</em>
- </p>
- <p>
- <input name="XMLRequest" type="hidden"
- value="<?xml version='1.0' encoding='UTF-8'?><NullOperationRequest xmlns='http://www.buergerkarte.at/namespaces/securitylayer/1.2#'/>" />
- <input name="DataURL" type="hidden" value="<DataURL>" /> <input
- type="submit" name="Submit" value=" Weiter " /> <input
- name="Clear" type="reset" id="Clear"
- value="Formular zurücksetzen" />
- </p>
- <br />
- </form>
- </div>
-</body>
-</html>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/fetchGender.html b/id/server/idserverlib/src/main/resources/resources/templates/fetchGender.html deleted file mode 100644 index f47ee53ff..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/fetchGender.html +++ /dev/null @@ -1,16 +0,0 @@ -<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> - - <body> - <form action="${action}" method="post" target="_parent"> - <div> - <input type="hidden" name="SAMLResponse" value="${SAMLResponse}"/> - </div> - <p>Please indicate the gender of the represented.</p> - <div> - <input type="submit" name="gender" value="M"/> - <input type="submit" name="gender" value="F"/> - </div> - </form> - - </body> -</html>
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm b/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm deleted file mode 100644 index 7fcc1bb36..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm +++ /dev/null @@ -1,36 +0,0 @@ -## -## Velocity Template for OASIS WEBFORM BINDING -## -## Velocity context may contain the following properties -## action - String - the action URL for the form -## signresponse - String - the Base64 encoded SAML Request -## verifyresponse - String - the Base64 encoded SAML Response -## clienturl - String - URL where the USer gets redirected after the signature process - -<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> - - <body onload="document.forms[0].submit()"> - <noscript> - <p> - <strong>Note:</strong> Since your browser does not support JavaScript, - you must press the Continue button once to proceed. - </p> - </noscript> - - <form action="${action}" method="post"> - <div> - #if($signrequest)<input type="hidden" name="signrequest" value="${signrequest}"/>#end - - #if($verifyrequest)<input type="hidden" name="verifyrequest" value="${verifyrequest}"/>#end - #if($clienturl)<input type="hidden" name="clienturl" value="${clienturl}"/>#end - - </div> - <noscript> - <div> - <input type="submit" value="Continue"/> - </div> - </noscript> - </form> - - </body> -</html>
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html b/id/server/idserverlib/src/main/resources/templates/pvp_postbinding_template.html index 64e88a688..45c183215 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html +++ b/id/server/idserverlib/src/main/resources/templates/pvp_postbinding_template.html @@ -31,11 +31,9 @@ <form action="${action}" method="post" target="_parent"> <div> - #if($RelayState)<input type="hidden" name="RelayState" - value="${RelayState}" />#end #if($SAMLRequest)<input type="hidden" - name="SAMLRequest" value="${SAMLRequest}" />#end #if($SAMLResponse)<input - type="hidden" name="SAMLResponse" value="${SAMLResponse}" />#end - + #if($RelayState) <input type="hidden" name="RelayState" value="${RelayState}"/> #end + #if($SAMLRequest) <input type="hidden" name="SAMLRequest" value="${SAMLRequest}" /> #end + #if($SAMLResponse) <input type="hidden" name="SAMLResponse" value="${SAMLResponse}" /> #end </div> <noscript> <div> |