diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-02-18 19:21:10 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-02-18 19:21:10 +0100 |
commit | 9bafb2671b297d39574c346c896347f197282081 (patch) | |
tree | 6a6b4a0a3327990e10e99395764eb80a2aea2e24 /id/server/modules/moa-id-modules-saml1 | |
parent | f38bf93a9636f43246b7021c0ac48591b7afaf57 (diff) | |
download | moa-id-spss-9bafb2671b297d39574c346c896347f197282081.tar.gz moa-id-spss-9bafb2671b297d39574c346c896347f197282081.tar.bz2 moa-id-spss-9bafb2671b297d39574c346c896347f197282081.zip |
remove AXIS1 implemented WebService for SAML1 --> now a simple Spring controller is used as WebService endpoint
Diffstat (limited to 'id/server/modules/moa-id-modules-saml1')
7 files changed, 935 insertions, 127 deletions
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index 7e46e53fe..fc5837e51 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -46,18 +46,39 @@ package at.gv.egovernment.moa.id.protocols.saml1; +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.StringWriter; import java.util.Calendar; -import org.apache.axis.AxisFault; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + import org.apache.commons.lang3.StringEscapeUtils; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; import org.w3c.dom.Element; import org.w3c.dom.NodeList; +import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.servlet.AbstractController; import at.gv.egovernment.moa.id.util.ErrorResponseUtils; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.util.VelocityProvider; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; @@ -66,151 +87,262 @@ import at.gv.egovernment.moa.util.XPathUtils; /** * Web service for picking up authentication data created in the MOA-ID Auth component. * - * @author Paul Ivancsics - * @version $Id: GetAuthenticationDataService.java 1233 2012-01-26 21:59:33Z kstranacher $ - * @see at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData + * This getAssertion WebService implementations a hacked solution to integrate SAML1 into + * the new Spring based MOA-ID implementation. + * + * @deprecated + * It is too bad about the time to implement a better solution, + * since SAML1 is deprecated MOA-ID >= 2.0.0 + * + * @author tlenz */ -public class GetAuthenticationDataService implements Constants { +@Controller +public class GetAuthenticationDataService extends AbstractController implements Constants { - /** - * Constructor for GetAuthenticationDataService. - */ - public GetAuthenticationDataService() { - super(); - } + @Autowired private SAML1AuthenticationServer saml1AuthServer; + + private static final String PARAM_WSDL="wsdl"; + private static final String PARAM_XSD="xsd"; + + private static final String TEMPLATE_PLAIN_INFO="plain_info.vm"; + private static final String TEMPLATE_WSDL="wsdl/MOA-ID-1.x.vm"; + private static final String TEMPLATE_XSD="wsdl/MOA-SPSS-1.2.vm"; + private static final String TEMPLATE_SOAP_ERROR="soap_error.vm"; + private static final String TEMPLATE_SOAP_SUCCESS="soap_success.vm"; + + private static final String SERVICE_ENDPOINT = "/services/GetAuthenticationData"; + + private static final String CONTEXT_ENDPOINT = "endpoint"; + private static final String CONTEXT_ERROR = "error"; + + private static final String CONTEXT_SOAP_RESPONSEID = "responseID"; + private static final String CONTEXT_SOAP_REQUESTEID = "requestID"; + private static final String CONTEXT_SOAP_ISSUEINSTANT = "issueInstant"; + private static final String CONTEXT_SOAP_ERRORMESSAGE = "errorMsg"; + private static final String CONTEXT_SOAP_STATUSCODE = "statusCode"; + private static final String CONTEXT_SOAP_ASSERTION = "assertion"; + + @RequestMapping(value = "/services/GetAuthenticationData", method = {RequestMethod.POST}) + public void getAuthenticationData(HttpServletRequest req, HttpServletResponse resp) + throws IOException { + InputStream is = null; + VelocityContext context = new VelocityContext(); + try { + is = req.getInputStream(); + Element soapReq = DOMUtils.parseXmlNonValidating(is); - /** - * Takes a <code>lt;samlp:Request></code> containing a - * <code>SAML artifact</code> and returns the corresponding - * authentication data <code>lt;saml:Assertion></code> - * (obtained from the <code>AuthenticationServer</code>), - * enclosed in a <code>lt;samlp:Response></code>. - * <br/>Bad requests are mapped into various <code>lt;samlp:StatusCode></code>s, - * possibly containing enclosed sub-<code>lt;samlp:StatusCode></code>s. - * The status codes are defined in the SAML specification. - * - * @param requests request elements of type <code>lt;samlp:Request></code>; - * only 1 request element is allowed - * @return response element of type <code>lt;samlp:Response></code>, - * packed into an <code>Element[]</code> - * @throws AxisFault thrown when an error occurs in assembling the - * <code>lt;samlp:Response></code> - */ - public Element[] Request(Element[] requests) - throws AxisFault { - - Element request = requests[0]; - Element[] responses = new Element[1]; + //process request + Element soapResp = processRequest(soapReq); + + String respString = DOMUtils.serializeNode(soapResp, true); + + resp.setContentType("text/xml;charset=UTF-8"); + context.put(CONTEXT_SOAP_ASSERTION, respString); + evaluateTemplate(context, resp, TEMPLATE_SOAP_SUCCESS); + + } catch (ParserConfigurationException | SAXException | IOException | TransformerException e) { + Logger.error("SAML1 GetAuthenticationData receive a non-valid request.", e); + resp.setContentType("text/xml;charset=UTF-8"); + + context.put(CONTEXT_SOAP_ISSUEINSTANT, DateTimeUtils.buildDateTimeUTC(Calendar.getInstance())); + context.put(CONTEXT_SOAP_RESPONSEID, Random.nextRandom()); + context.put(CONTEXT_SOAP_STATUSCODE, "samlp:Requester"); + context.put(CONTEXT_SOAP_ERRORMESSAGE, e.getMessage()); + + evaluateTemplate(context, resp, TEMPLATE_SOAP_ERROR); + + } catch (SAML1AssertionResponseBuildException e) { + Logger.error("SAML1 GetAuthenticationData response build failed..", e); + resp.setContentType("text/xml;charset=UTF-8"); + + context.put(CONTEXT_SOAP_ISSUEINSTANT, e.getIssueInstant()); + context.put(CONTEXT_SOAP_REQUESTEID, e.getRequestID()); + context.put(CONTEXT_SOAP_RESPONSEID, e.getResponseID()); + context.put(CONTEXT_SOAP_STATUSCODE, "samlp:Responder"); + context.put(CONTEXT_SOAP_ERRORMESSAGE, e.getMessage()); + + evaluateTemplate(context, resp, TEMPLATE_SOAP_ERROR); + + } finally { + try { + if (is != null) + is.close(); + + } catch (Exception e) { + + } + } + } + + @RequestMapping(value = "/services/GetAuthenticationData", method = {RequestMethod.GET}) + public void getAuthenticationDataWSDL(HttpServletRequest req, HttpServletResponse resp) + throws Exception { + String wsdl_param = req.getParameter(PARAM_WSDL); + String xsd_param = req.getParameter(PARAM_XSD); + + String fullServiceEndPoint = HTTPUtils.extractAuthURLFromRequest(req) + SERVICE_ENDPOINT; + + VelocityContext context = new VelocityContext(); + context.put(CONTEXT_ENDPOINT, fullServiceEndPoint); + + if (wsdl_param != null) { + //print wsdl + resp.setContentType("text/xml;charset=UTF-8"); + evaluateTemplate(context, resp, TEMPLATE_WSDL); + + } else if (xsd_param != null){ + //print xsd + resp.setContentType("text/xml;charset=UTF-8"); + evaluateTemplate(context, resp, TEMPLATE_XSD); + + } else { + //print plain info + resp.setContentType("text/html;charset=UTF-8"); + evaluateTemplate(context, resp, TEMPLATE_PLAIN_INFO); + + } + + } + + private Element processRequest(Element soapReq) throws ParserConfigurationException, IOException, SAXException, TransformerException, SAML1AssertionResponseBuildException { String requestID = ""; String statusCode = ""; String subStatusCode = null; String statusMessageCode = null; String statusMessage = null; String samlAssertion = ""; - if (requests.length > 1) { - // more than 1 request given as parameter - statusCode = "samlp:Requester"; - subStatusCode = "samlp:TooManyResponses"; - statusMessageCode = "1201"; - } + Element responses; + + //select soap-body element + NodeList saml1ReqList = soapReq.getElementsByTagNameNS(soapReq.getNamespaceURI(), "Body");; + if (saml1ReqList.getLength() != 1) { + saml1ReqList = soapReq.getElementsByTagNameNS(soapReq.getNamespaceURI(), "body");; + if (saml1ReqList.getLength() != 1) { + throw new SAXException("No unique 'soap-env:Body' element."); + + } + } + + //get first child from body --> should be the SAML1 Request element + Element saml1Req; + if (saml1ReqList.item(0).getFirstChild() instanceof Element) + saml1Req = (Element) saml1ReqList.item(0).getFirstChild(); + else { - try { - DOMUtils.validateElement(request, ALL_SCHEMA_LOCATIONS, null); - NodeList samlArtifactList = XPathUtils.selectNodeList(request, "samlp:AssertionArtifact"); - if (samlArtifactList.getLength() == 0) { - // no SAML artifact given in request - statusCode = "samlp:Requester"; - statusMessageCode = "1202"; - } - else if (samlArtifactList.getLength() > 1) { - // too many SAML artifacts given in request - statusCode = "samlp:Requester"; - subStatusCode = "samlp:TooManyResponses"; - statusMessageCode = "1203"; - } + throw new SAXException("First child of 'soap-env:Body' element has a wrong type."); - else { - Element samlArtifactElem = (Element)samlArtifactList.item(0); - requestID = request.getAttribute("RequestID"); - String samlArtifact = DOMUtils.getText(samlArtifactElem); - - - //SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); - - try { + } - samlAssertion = "Find a solution to integrate Axis 1 into Spring"; - //samlAssertion = saml1server.getSaml1AuthenticationData(samlArtifact); - - // success - statusCode = "samlp:Success"; - statusMessageCode = "1200"; - } - - catch (ClassCastException ex) { + //validate the SAML1 request element, which we selected above + DOMUtils.validateElement(saml1Req, ALL_SCHEMA_LOCATIONS, null); + + //parse inforamtion from SAML1 request + try { + NodeList samlArtifactList = XPathUtils.selectNodeList(saml1Req, "samlp:AssertionArtifact"); + if (samlArtifactList.getLength() == 0) { + // no SAML artifact given in request + statusCode = "samlp:Requester"; + statusMessageCode = "1202"; + + } else if (samlArtifactList.getLength() > 1) { + // too many SAML artifacts given in request + statusCode = "samlp:Requester"; + subStatusCode = "samlp:TooManyResponses"; + statusMessageCode = "1203"; + + } else { + Element samlArtifactElem = (Element)samlArtifactList.item(0); + requestID = saml1Req.getAttribute("RequestID"); + String samlArtifact = DOMUtils.getText(samlArtifactElem); + + try { + samlAssertion = saml1AuthServer.getSaml1AuthenticationData(samlArtifact); + + // success + statusCode = "samlp:Success"; + statusMessageCode = "1200"; - try { - //Throwable error = saml1server.getErrorResponse(samlArtifact); - Throwable error = new Exception("Find a solution to integrate Axis 1 into Spring"); - statusCode = "samlp:Responder"; + } catch (ClassCastException ex) { + try { + Throwable error = saml1AuthServer.getErrorResponse(samlArtifact); + statusCode = "samlp:Responder"; + + ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); + + if (error instanceof MOAIDException) { + statusMessageCode = ((MOAIDException)error).getMessageId(); + statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage()); - ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); + } else { + statusMessage = StringEscapeUtils.escapeXml(error.getMessage()); - if (error instanceof MOAIDException) { - statusMessageCode = ((MOAIDException)error).getMessageId(); - statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage()); - - } else { - statusMessage = StringEscapeUtils.escapeXml(error.getMessage()); - } - subStatusCode = errorUtils.getResponseErrorCode(error); - - } catch (Exception e) { - //no authentication data for given SAML artifact - statusCode = "samlp:Requester"; - subStatusCode = "samlp:ResourceNotRecognized"; - statusMessage = ex.toString(); - } - + } + subStatusCode = errorUtils.getResponseErrorCode(error); + + } catch (Exception e) { + //no authentication data for given SAML artifact + statusCode = "samlp:Requester"; + subStatusCode = "samlp:ResourceNotRecognized"; + statusMessage = ex.toString(); } -// catch (AuthenticationException ex) { -// //no authentication data for given SAML artifact -// statusCode = "samlp:Requester"; -// subStatusCode = "samlp:ResourceNotRecognized"; -// statusMessage = ex.toString(); -// } + } catch (AuthenticationException ex) { + //no authentication data for given SAML artifact + statusCode = "samlp:Requester"; + subStatusCode = "samlp:ResourceNotRecognized"; + statusMessage = ex.toString(); } } - catch (Throwable t) { - // invalid request format - statusCode = "samlp:Requester"; - statusMessageCode = "1204"; - } + + + } catch (Throwable t) { + // invalid request format + statusCode = "samlp:Requester"; + statusMessageCode = "1204"; + + } + + String responseID = Random.nextRandom(); + String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()); + + try { + if (statusMessage == null) + statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null); + responses = new SAMLResponseBuilder().build( + responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion); + return responses; + + } catch (Throwable e) { + throw new SAML1AssertionResponseBuildException(responseID, issueInstant, + requestID, "1299", e.getMessage(), e); + + } } + + + private void evaluateTemplate(VelocityContext context, HttpServletResponse httpResp, String templateURL) throws IOException { + InputStream is = null; + try { + is = Thread.currentThread() + .getContextClassLoader() + .getResourceAsStream(templateURL); + + VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); + BufferedReader reader = new BufferedReader(new InputStreamReader(is )); + StringWriter writer = new StringWriter(); + engine.evaluate(context, writer, "SAML1 GetAuthenticationData", reader); + httpResp.getOutputStream().write(writer.toString().getBytes("UTF-8")); + + } catch (Exception e) { + Logger.error("SAML1 GetAuthenticationData has an error:", e); + throw new IOException(e); + + } finally { + if (is != null) + is.close(); + + } - try { - String responseID = Random.nextRandom(); - String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()); - - if (statusMessage == null) - statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null); - responses[0] = new SAMLResponseBuilder().build( - responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion); - - } - catch (MOAIDException e) { - AxisFault fault = AxisFault.makeFault(e); - fault.setFaultDetail(new Element[] { e.toErrorResponse()}); - throw fault; - } - catch (Throwable t) { - MOAIDException e = new MOAIDException("1299", null, t); - AxisFault fault = AxisFault.makeFault(e); - fault.setFaultDetail(new Element[] { e.toErrorResponse()}); - throw fault; - } - return responses; - } - + } } + diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AssertionResponseBuildException.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AssertionResponseBuildException.java new file mode 100644 index 000000000..0c06a94df --- /dev/null +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AssertionResponseBuildException.java @@ -0,0 +1,86 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.saml1; + +/** + * @author tlenz + * + */ +public class SAML1AssertionResponseBuildException extends Exception { + + private static final long serialVersionUID = -394698807368683821L; + + private String responseID; + private String issueInstant; + private String requestID; + private String errorCode; + + /** + * @param responseID + * @param issueInstant + * @param requestID + * @param string + * @param message + */ + public SAML1AssertionResponseBuildException(String responseID, String issueInstant, String requestID, String errorCode, + String errorMsg, Throwable throwable) { + super(errorMsg, throwable); + + this.requestID = requestID; + this.issueInstant = issueInstant; + this.responseID = responseID; + this.errorCode = errorCode; + } + + /** + * @return the responseID + */ + public String getResponseID() { + return responseID; + } + + /** + * @return the issueInstant + */ + public String getIssueInstant() { + return issueInstant; + } + + /** + * @return the requestID + */ + public String getRequestID() { + return requestID; + } + + /** + * @return the errorCode + */ + public String getErrorCode() { + return errorCode; + } + + + + +} diff --git a/id/server/modules/moa-id-modules-saml1/src/main/resources/plain_info.vm b/id/server/modules/moa-id-modules-saml1/src/main/resources/plain_info.vm new file mode 100644 index 000000000..dfc11820f --- /dev/null +++ b/id/server/modules/moa-id-modules-saml1/src/main/resources/plain_info.vm @@ -0,0 +1,14 @@ +<html> +<head> +<meta content="text/html; charset=utf-8" http-equiv="Content-Type"> +</head> +<body> +<h1>GetAuthenticationData</h1> +<p>Hi there, this is an Web service!</p> +#if($error) + <i>Your request has an error: $error</i> +#else + <i>Perhaps there will be a form for invoking the service here...</i> +#end +</body> +</html> diff --git a/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_error.vm b/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_error.vm new file mode 100644 index 000000000..65945e2de --- /dev/null +++ b/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_error.vm @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="UTF-8"?> +<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <soapenv:Body><samlp:Response #if($requestID) InResponseTo="$requestID" #end IssueInstant="$issueInstant" MajorVersion="1" MinorVersion="0" ResponseID="$responseID" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"> <samlp:Status> <samlp:StatusCode Value="$statusCode"/> <samlp:StatusMessage>$errorMsg</samlp:StatusMessage> </samlp:Status> </samlp:Response> </soapenv:Body> +</soapenv:Envelope>
\ No newline at end of file diff --git a/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_success.vm b/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_success.vm new file mode 100644 index 000000000..7dad2c259 --- /dev/null +++ b/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_success.vm @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="UTF-8"?> +<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <soapenv:Body>$assertion</soapenv:Body> +</soapenv:Envelope>
\ No newline at end of file diff --git a/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-ID-1.x.vm b/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-ID-1.x.vm new file mode 100644 index 000000000..74be59723 --- /dev/null +++ b/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-ID-1.x.vm @@ -0,0 +1,40 @@ +<?xml version="1.0" encoding="UTF-8"?> +<definitions name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/ http://schemas.xmlsoap.org/wsdl/"> + <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="$endpoint?xsd"/> + <message name="GetAuthenticationDataInput"> + <part name="body" element="samlp:Request"/> + </message> + <message name="GetAuthenticationDataOutput"> + <part name="body" element="samlp:Response"/> + </message> + <message name="MOAFault"> + <part name="body" element="moa:ErrorResponse"/> + </message> + <portType name="IdentificationPortType"> + <operation name="getAuthenticationData"> + <input message="tns:GetAuthenticationDataInput"/> + <output message="tns:GetAuthenticationDataOutput"/> + <fault name="MOAFault" message="tns:MOAFault"/> + </operation> + </portType> + <binding name="IdentificationBinding" type="tns:IdentificationPortType" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/soap/ http://schemas.xmlsoap.org/wsdl/soap/"> + <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> + <operation name="getAuthenticationData"> + <soap:operation soapAction="urn:GetAuthenticationDataAction"/> + <input> + <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/> + </input> + <output> + <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/> + </output> + <fault name="MOAFault"> + <soap:fault name="MOAFault" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/> + </fault> + </operation> + </binding> + <service name="GetAuthenticationDataService"> + <port name="IdentificationPort" binding="tns:IdentificationBinding"> + <soap:address location="$endpoint"/> + </port> + </service> +</definitions> diff --git a/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-SPSS-1.2.vm b/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-SPSS-1.2.vm new file mode 100644 index 000000000..4c86626a0 --- /dev/null +++ b/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-SPSS-1.2.vm @@ -0,0 +1,528 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- MOA SP/SS 1.2 Schema --> +<xsd:schema + targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" + xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" + xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" + elementFormDefault="qualified" attributeFormDefault="unqualified" + version="1.2"> + <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" + schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd" /> + <xsd:import namespace="http://www.w3.org/XML/1998/namespace" + schemaLocation="http://www.w3.org/2001/xml.xsd" /> + <!--########## Create XML Signature ### --> + <!--### Create XML Signature Request ### --> + <xsd:element name="CreateXMLSignatureRequest"> + <xsd:complexType> + <xsd:complexContent> + <xsd:extension base="CreateXMLSignatureRequestType" /> + </xsd:complexContent> + </xsd:complexType> + </xsd:element> + <xsd:complexType name="CreateXMLSignatureRequestType"> + <xsd:sequence> + <xsd:element name="KeyIdentifier" type="KeyIdentifierType" /> + <xsd:element name="SingleSignatureInfo" maxOccurs="unbounded"> + <xsd:annotation> + <xsd:documentation>Ermöglichung der Stapelsignatur durch + wiederholte Angabe dieses Elements</xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="DataObjectInfo" maxOccurs="unbounded"> + <xsd:complexType> + <xsd:complexContent> + <xsd:extension base="DataObjectInfoType"> + <xsd:attribute name="ChildOfManifest" type="xsd:boolean" + use="optional" default="false" /> + </xsd:extension> + </xsd:complexContent> + </xsd:complexType> + </xsd:element> + <xsd:element name="CreateSignatureInfo" minOccurs="0"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="CreateSignatureEnvironment" + type="ContentOptionalRefType" /> + <xsd:choice> + <xsd:annotation> + <xsd:documentation>Auswahl: Entweder explizite Angabe des + Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit + der Signaturumgebung, oder Verweis auf ein benanntes Profil + </xsd:documentation> + </xsd:annotation> + <xsd:element ref="CreateSignatureEnvironmentProfile" /> + <xsd:element name="CreateSignatureEnvironmentProfileID" + type="ProfileIdentifierType" /> + </xsd:choice> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + </xsd:sequence> + <xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" + use="optional" default="true" /> + </xsd:complexType> + </xsd:element> + </xsd:sequence> + </xsd:complexType> + <!--### Create XML Signature Response ### --> + <xsd:complexType name="CreateXMLSignatureResponseType"> + <xsd:choice maxOccurs="unbounded"> + <xsd:annotation> + <xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine + Stapelsignatur-Anfrage</xsd:documentation> + </xsd:annotation> + <xsd:element name="SignatureEnvironment"> + <xsd:annotation> + <xsd:documentation>Resultat, falls die Signaturerstellung + erfolgreich war</xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:sequence> + <xsd:any namespace="##any" processContents="lax" /> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element ref="ErrorResponse" /> + </xsd:choice> + </xsd:complexType> + <xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType" /> + <!--########## Verify CMS Signature ### --> + <!--### Verifiy CMS Signature Request ### --> + <xsd:element name="VerifyCMSSignatureRequest"> + <xsd:complexType> + <xsd:complexContent> + <xsd:extension base="VerifyCMSSignatureRequestType"> + <xsd:attribute name="Signatories" type="SignatoriesType" + use="optional" default="1" /> + </xsd:extension> + </xsd:complexContent> + </xsd:complexType> + </xsd:element> + <xsd:complexType name="VerifyCMSSignatureRequestType"> + <xsd:sequence> + <xsd:element name="DateTime" type="xsd:dateTime" + minOccurs="0" /> + <xsd:element name="CMSSignature" type="xsd:base64Binary" /> + <xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" + minOccurs="0" /> + <xsd:element name="TrustProfileID"> + <xsd:annotation> + <xsd:documentation>mit diesem Profil wird eine Menge von + vertrauenswürdigen Wurzelzertifikaten spezifiziert + </xsd:documentation> + </xsd:annotation> + </xsd:element> + </xsd:sequence> + </xsd:complexType> + <!--### Verify CMS Signature Response ### --> + <xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType" /> + <xsd:complexType name="VerifyCMSSignatureResponseType"> + <xsd:sequence maxOccurs="unbounded"> + <xsd:element name="SignerInfo" type="dsig:KeyInfoType"> + <xsd:annotation> + <xsd:documentation>only ds:X509Data and RetrievalMethod is + supported; QualifiedCertificate is included as + X509Data/any;publicAuthority is included as X509Data/any + </xsd:documentation> + </xsd:annotation> + </xsd:element> + <xsd:element name="SignatureCheck" type="CheckResultType" /> + <xsd:element name="CertificateCheck" type="CheckResultType" /> + </xsd:sequence> + </xsd:complexType> + <!--########## Verify XML Signature ### --> + <!--### Verify XML Signature Request ### --> + <xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType" /> + <xsd:complexType name="VerifyXMLSignatureRequestType"> + <xsd:sequence> + <xsd:element name="DateTime" type="xsd:dateTime" + minOccurs="0" /> + <xsd:element name="VerifySignatureInfo"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType" /> + <xsd:element name="VerifySignatureLocation" type="xsd:token" /> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:choice minOccurs="0" maxOccurs="unbounded"> + <xsd:element ref="SupplementProfile" /> + <xsd:element name="SupplementProfileID" type="xsd:string" /> + </xsd:choice> + <xsd:element name="SignatureManifestCheckParams" + minOccurs="0"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" + maxOccurs="unbounded"> + <xsd:annotation> + <xsd:documentation>Pro dsig:Reference-Element in der zu + überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element + erscheinen. Die Reihenfolge der einzelnen ReferenceInfo + Elemente entspricht jener der dsig:Reference Elemente in der + XML-Signatur.</xsd:documentation> + </xsd:annotation> + </xsd:element> + </xsd:sequence> + <xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" + use="optional" default="true" /> + </xsd:complexType> + </xsd:element> + <xsd:element name="ReturnHashInputData" minOccurs="0" /> + <xsd:element name="TrustProfileID"> + <xsd:annotation> + <xsd:documentation>mit diesem Profil wird eine Menge von + vertrauenswürdigen Wurzelzertifikaten spezifiziert + </xsd:documentation> + </xsd:annotation> + </xsd:element> + </xsd:sequence> + </xsd:complexType> + <!--### Verify XML Signature Response ### --> + <xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType" /> + <xsd:complexType name="VerifyXMLSignatureResponseType"> + <xsd:sequence> + <xsd:element name="SignerInfo" type="dsig:KeyInfoType"> + <xsd:annotation> + <xsd:documentation>only ds:X509Data and ds:RetrievalMethod is + supported; QualifiedCertificate is included as X509Data/any; + PublicAuthority is included as X509Data/any</xsd:documentation> + </xsd:annotation> + </xsd:element> + <xsd:element name="HashInputData" type="ContentExLocRefBaseType" + minOccurs="0" maxOccurs="unbounded" /> + <xsd:element name="ReferenceInputData" type="ContentExLocRefBaseType" + minOccurs="0" maxOccurs="unbounded" /> + <xsd:element name="SignatureCheck" type="ReferencesCheckResultType" /> + <xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" + minOccurs="0" /> + <xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" + minOccurs="0" maxOccurs="unbounded" /> + <xsd:element name="CertificateCheck" type="CheckResultType" /> + </xsd:sequence> + </xsd:complexType> + <xsd:simpleType name="ProfileIdentifierType"> + <xsd:restriction base="xsd:token" /> + </xsd:simpleType> + <xsd:complexType name="MetaInfoType"> + <xsd:sequence> + <xsd:element name="MimeType" type="MimeTypeType" /> + <xsd:element name="Description" type="xsd:anyURI" + minOccurs="0" /> + <xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded" /> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="FinalDataMetaInfoType"> + <xsd:complexContent> + <xsd:extension base="MetaInfoType"> + <xsd:sequence> + <xsd:element name="Type" type="xsd:anyURI" minOccurs="0" /> + </xsd:sequence> + </xsd:extension> + </xsd:complexContent> + </xsd:complexType> + <xsd:complexType name="DataObjectInfoType"> + <xsd:sequence> + <xsd:element name="DataObject"> + <xsd:complexType> + <xsd:complexContent> + <xsd:extension base="ContentOptionalRefType" /> + </xsd:complexContent> + </xsd:complexType> + </xsd:element> + <xsd:choice> + <xsd:annotation> + <xsd:documentation>Auswahl: Entweder explizite Angabe EINER + Transformationskette inklusive ggf. sinnvoller Supplements oder + Verweis auf ein benanntes Profil</xsd:documentation> + </xsd:annotation> + <xsd:element ref="CreateTransformsInfoProfile" /> + <xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType" /> + </xsd:choice> + </xsd:sequence> + <xsd:attribute name="Structure" use="required"> + <xsd:simpleType> + <xsd:restriction base="xsd:string"> + <xsd:enumeration value="detached" /> + <xsd:enumeration value="enveloping" /> + </xsd:restriction> + </xsd:simpleType> + </xsd:attribute> + </xsd:complexType> + <xsd:complexType name="TransformsInfoType"> + <xsd:sequence> + <xsd:element ref="dsig:Transforms" minOccurs="0" /> + <xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType" /> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="XMLDataObjectAssociationType"> + <xsd:sequence> + <xsd:element name="MetaInfo" type="MetaInfoType" + minOccurs="0" /> + <xsd:element name="Content" type="ContentRequiredRefType" /> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="CMSDataObjectOptionalMetaType"> + <xsd:sequence> + <xsd:element name="MetaInfo" type="MetaInfoType" + minOccurs="0" /> + <xsd:element name="Content" type="CMSContentBaseType" /> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="CMSContentBaseType"> + <xsd:complexContent> + <xsd:restriction base="ContentOptionalRefType"> + <xsd:choice minOccurs="0"> + <xsd:element name="Base64Content" type="xsd:base64Binary" /> + </xsd:choice> + </xsd:restriction> + </xsd:complexContent> + </xsd:complexType> + <xsd:complexType name="CheckResultType"> + <xsd:sequence> + <xsd:element name="Code" type="xsd:nonNegativeInteger" /> + <xsd:element name="Info" type="AnyChildrenType" + minOccurs="0" /> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="ReferencesCheckResultType"> + <xsd:complexContent> + <xsd:restriction base="CheckResultType"> + <xsd:sequence> + <xsd:element name="Code" type="xsd:nonNegativeInteger" /> + <xsd:element name="Info" type="ReferencesCheckResultInfoType" + minOccurs="0" /> + </xsd:sequence> + </xsd:restriction> + </xsd:complexContent> + </xsd:complexType> + <xsd:complexType name="ReferencesCheckResultInfoType" + mixed="true"> + <xsd:complexContent mixed="true"> + <xsd:restriction base="AnyChildrenType"> + <xsd:sequence> + <xsd:any namespace="##other" processContents="lax" + minOccurs="0" maxOccurs="unbounded" /> + <xsd:element name="FailedReference" type="xsd:positiveInteger" + minOccurs="0" maxOccurs="unbounded" /> + </xsd:sequence> + </xsd:restriction> + </xsd:complexContent> + </xsd:complexType> + <xsd:complexType name="ManifestRefsCheckResultType"> + <xsd:complexContent> + <xsd:restriction base="CheckResultType"> + <xsd:sequence> + <xsd:element name="Code" type="xsd:nonNegativeInteger" /> + <xsd:element name="Info" type="ManifestRefsCheckResultInfoType" /> + </xsd:sequence> + </xsd:restriction> + </xsd:complexContent> + </xsd:complexType> + <xsd:complexType name="ManifestRefsCheckResultInfoType" + mixed="true"> + <xsd:complexContent mixed="true"> + <xsd:restriction base="AnyChildrenType"> + <xsd:sequence> + <xsd:any namespace="##other" processContents="lax" + minOccurs="0" maxOccurs="unbounded" /> + <xsd:element name="FailedReference" type="xsd:positiveInteger" + minOccurs="0" maxOccurs="unbounded" /> + <xsd:element name="ReferringSigReference" type="xsd:positiveInteger" /> + </xsd:sequence> + </xsd:restriction> + </xsd:complexContent> + </xsd:complexType> + <!--########## Error Response ### --> + <xsd:element name="ErrorResponse" type="ErrorResponseType"> + <xsd:annotation> + <xsd:documentation>Resultat, falls die Signaturerstellung gescheitert + ist</xsd:documentation> + </xsd:annotation> + </xsd:element> + <xsd:complexType name="ErrorResponseType"> + <xsd:sequence> + <xsd:element name="ErrorCode" type="xsd:integer" /> + <xsd:element name="Info" type="xsd:string" /> + </xsd:sequence> + </xsd:complexType> + <!--########## Auxiliary Types ### --> + <xsd:simpleType name="KeyIdentifierType"> + <xsd:restriction base="xsd:string" /> + </xsd:simpleType> + <xsd:simpleType name="KeyStorageType"> + <xsd:restriction base="xsd:string"> + <xsd:enumeration value="Software" /> + <xsd:enumeration value="Hardware" /> + </xsd:restriction> + </xsd:simpleType> + <xsd:simpleType name="MimeTypeType"> + <xsd:restriction base="xsd:token" /> + </xsd:simpleType> + <xsd:complexType name="AnyChildrenType" mixed="true"> + <xsd:sequence> + <xsd:any namespace="##any" processContents="lax" minOccurs="0" + maxOccurs="unbounded" /> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="XMLContentType" mixed="true"> + <xsd:complexContent mixed="true"> + <xsd:extension base="AnyChildrenType"> + <xsd:attribute ref="xml:space" use="optional" /> + </xsd:extension> + </xsd:complexContent> + </xsd:complexType> + <xsd:complexType name="ContentBaseType"> + <xsd:choice minOccurs="0"> + <xsd:element name="Base64Content" type="xsd:base64Binary" /> + <xsd:element name="XMLContent" type="XMLContentType" /> + <xsd:element name="LocRefContent" type="xsd:anyURI" /> + </xsd:choice> + </xsd:complexType> + <xsd:complexType name="ContentExLocRefBaseType"> + <xsd:complexContent> + <xsd:restriction base="ContentBaseType"> + <xsd:choice minOccurs="0"> + <xsd:element name="Base64Content" type="xsd:base64Binary" /> + <xsd:element name="XMLContent" type="XMLContentType" /> + </xsd:choice> + </xsd:restriction> + </xsd:complexContent> + </xsd:complexType> + <xsd:complexType name="ContentOptionalRefType"> + <xsd:complexContent> + <xsd:extension base="ContentBaseType"> + <xsd:attribute name="Reference" type="xsd:anyURI" use="optional" /> + </xsd:extension> + </xsd:complexContent> + </xsd:complexType> + <xsd:complexType name="ContentRequiredRefType"> + <xsd:complexContent> + <xsd:restriction base="ContentOptionalRefType"> + <xsd:choice minOccurs="0"> + <xsd:element name="Base64Content" type="xsd:base64Binary" /> + <xsd:element name="XMLContent" type="XMLContentType" /> + <xsd:element name="LocRefContent" type="xsd:anyURI" /> + </xsd:choice> + <xsd:attribute name="Reference" type="xsd:anyURI" use="required" /> + </xsd:restriction> + </xsd:complexContent> + </xsd:complexType> + <xsd:complexType name="VerifyTransformsDataType"> + <xsd:choice maxOccurs="unbounded"> + <xsd:annotation> + <xsd:documentation>Ein oder mehrere Transformationswege können von + der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur + hat zumindest einem dieser Transformationswege zu entsprechen. Die + Angabe kann explizit oder als Profilbezeichner erfolgen. + </xsd:documentation> + </xsd:annotation> + <xsd:element ref="VerifyTransformsInfoProfile" /> + <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string"> + <xsd:annotation> + <xsd:documentation>Profilbezeichner für einen Transformationsweg + </xsd:documentation> + </xsd:annotation> + </xsd:element> + </xsd:choice> + </xsd:complexType> + <xsd:element name="QualifiedCertificate" /> + <xsd:element name="PublicAuthority" type="PublicAuthorityType" /> + <xsd:complexType name="PublicAuthorityType"> + <xsd:sequence> + <xsd:element name="Code" type="xsd:string" minOccurs="0" /> + </xsd:sequence> + </xsd:complexType> + <xsd:simpleType name="SignatoriesType"> + <xsd:union memberTypes="AllSignatoriesType"> + <xsd:simpleType> + <xsd:list itemType="xsd:positiveInteger" /> + </xsd:simpleType> + </xsd:union> + </xsd:simpleType> + <xsd:simpleType name="AllSignatoriesType"> + <xsd:restriction base="xsd:string"> + <xsd:enumeration value="all" /> + </xsd:restriction> + </xsd:simpleType> + <xsd:complexType name="CreateSignatureLocationType"> + <xsd:simpleContent> + <xsd:extension base="xsd:token"> + <xsd:attribute name="Index" type="xsd:nonNegativeInteger" + use="required" /> + </xsd:extension> + </xsd:simpleContent> + </xsd:complexType> + <xsd:complexType name="TransformParameterType"> + <xsd:choice minOccurs="0"> + <xsd:annotation> + <xsd:documentation>Die Angabe des Transformationsparameters + (explizit oder als Hashwert) kann unterlassen werden, wenn die + Applikation von der Unveränderlichkeit des Inhalts der in + "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen + kann.</xsd:documentation> + </xsd:annotation> + <xsd:element name="Base64Content" type="xsd:base64Binary"> + <xsd:annotation> + <xsd:documentation>Der Transformationsparameter explizit angegeben. + </xsd:documentation> + </xsd:annotation> + </xsd:element> + <xsd:element name="Hash"> + <xsd:annotation> + <xsd:documentation>Der Hashwert des Transformationsparameters. + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:sequence> + <xsd:element ref="dsig:DigestMethod" /> + <xsd:element ref="dsig:DigestValue" /> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + </xsd:choice> + <xsd:attribute name="URI" type="xsd:anyURI" use="required" /> + </xsd:complexType> + <xsd:element name="CreateSignatureEnvironmentProfile"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType" /> + <xsd:element name="Supplement" type="XMLDataObjectAssociationType" + minOccurs="0" maxOccurs="unbounded" /> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="VerifyTransformsInfoProfile"> + <xsd:annotation> + <xsd:documentation>Explizite Angabe des Transformationswegs + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:sequence> + <xsd:element ref="dsig:Transforms" minOccurs="0" /> + <xsd:element name="TransformParameter" type="TransformParameterType" + minOccurs="0" maxOccurs="unbounded"> + <xsd:annotation> + <xsd:documentation>Alle impliziten Transformationsparameter, die + zum Durchlaufen der oben angeführten Transformationskette bekannt + sein müssen, müssen hier angeführt werden. Das Attribut "URI" + bezeichnet den Transformationsparameter in exakt jener Weise, wie + er in der zu überprüfenden Signatur gebraucht wird. + </xsd:documentation> + </xsd:annotation> + </xsd:element> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="Supplement" type="XMLDataObjectAssociationType" /> + <xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType" /> + <xsd:element name="CreateTransformsInfoProfile"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="CreateTransformsInfo" type="TransformsInfoType" /> + <xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded" /> + </xsd:sequence> + </xsd:complexType> + </xsd:element> +</xsd:schema> |