aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-05-10 15:50:52 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-05-10 15:50:52 +0200
commitaa4f6b8a17400e6ebbe83d92e26b25413deb9aa1 (patch)
tree0798f107e13d8a8546c1b15c6432e5360a656e92 /id/server/modules
parent576f5ea5cfaf2ea174f198dc5df238c1ca0c331a (diff)
parentc3e07d7fb87b2d132ffc838e4878b9479da361a7 (diff)
downloadmoa-id-spss-aa4f6b8a17400e6ebbe83d92e26b25413deb9aa1.tar.gz
moa-id-spss-aa4f6b8a17400e6ebbe83d92e26b25413deb9aa1.tar.bz2
moa-id-spss-aa4f6b8a17400e6ebbe83d92e26b25413deb9aa1.zip
Update to MOA-SPSS 3.0.0-RC1
Merge branch 'moa-id-3.2_(OPB)' into moa-id_with_moa-sig_and_eccelerate Conflicts: id/moa-spss-container/pom.xml pom.xml
Diffstat (limited to 'id/server/modules')
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java30
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java4
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java45
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java10
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java6
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java14
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java12
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java10
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java10
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java4
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java10
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java10
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java12
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java8
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java14
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java34
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java8
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java8
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java2
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java12
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml2
-rw-r--r--id/server/modules/moa-id-module-eIDAS/pom.xml51
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java54
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java8
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java2
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java4
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java21
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java70
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java2
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java48
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java2
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java25
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java18
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java80
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java59
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java59
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java62
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java67
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java31
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java58
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java37
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java10
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java20
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java174
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java80
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java14
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml5
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java9
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java25
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java28
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java100
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java6
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/exceptions/ELGAMetadataException.java2
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java144
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java126
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java51
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java50
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java95
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java61
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java59
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java2
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml19
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml10
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/templates/mandate-service-selection.html76
-rw-r--r--id/server/modules/moa-id-module-openID/pom.xml4
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java2
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java2
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java2
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java2
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java2
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java2
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java2
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java2
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java2
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java2
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java2
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java2
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java6
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java6
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java6
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java8
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java8
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java4
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java6
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/pom.xml5
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java11
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java11
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java19
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java124
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java10
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java47
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java223
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java164
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java118
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java17
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java2
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java21
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java17
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java6
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java11
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java15
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java2
-rw-r--r--id/server/modules/moa-id-modules-saml1/pom.xml7
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java6
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java20
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java10
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java11
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java2
-rw-r--r--id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java4
-rw-r--r--id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java2
-rw-r--r--id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java5
-rw-r--r--id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java4
112 files changed, 2319 insertions, 836 deletions
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 40f203bfd..90ed1c886 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -43,7 +43,6 @@ import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BKUException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.exception.ServiceException;
import at.gv.egovernment.moa.id.auth.exception.ValidateException;
@@ -57,11 +56,13 @@ import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.data.MISMandate;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.util.XMLUtil;
import at.gv.egovernment.moa.logging.Logger;
@@ -166,12 +167,14 @@ public class AuthenticationServer extends BaseAuthenticationServer {
}
String infoboxReadRequest = "";
- if (pendingReq.needSingleSignOnFunctionality()) {
- Logger.info("SSO Login requested");
+ String ssoDomainIdentifier = authConfig.getSSOTagetIdentifier();
+ if (MiscUtil.isNotEmpty(ssoDomainIdentifier) &&
+ pendingReq.needSingleSignOnFunctionality()) {
+ Logger.debug("SSO Login requested");
//load identityLink with SSO Target
boolean isbuisness = false;
- String domainIdentifier = authConfig.getSSOTagetIdentifier().trim();
- if (domainIdentifier.startsWith(PREFIX_WPBK)) {
+
+ if (ssoDomainIdentifier.startsWith(PREFIX_WPBK)) {
isbuisness = true;
} else {
@@ -181,10 +184,10 @@ public class AuthenticationServer extends BaseAuthenticationServer {
//build ReadInfobox request
infoboxReadRequest = new InfoboxReadRequestBuilder().build(
- isbuisness, domainIdentifier);
+ isbuisness, ssoDomainIdentifier);
} else {
- Logger.info("Non-SSO Login requested");
+ Logger.debug("Non-SSO Login requested or SSO not allowed/possible");
//build ReadInfobox request
infoboxReadRequest = new InfoboxReadRequestBuilder().build(
oaParam.getBusinessService(), oaParam
@@ -292,7 +295,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
.getMoaSpIdentityLinkTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseIDLTestTrustStore()));
// invokes the call
- Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
+ Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance()
.verifyXMLSignature(domVerifyXMLSignatureRequest);
// parses the <VerifyXMLSignatureResponse>
VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
@@ -952,8 +955,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
// try {
// invokes the call
- domVsresp = new SignatureVerificationInvoker()
- .verifyXMLSignature(domVsreq);
+ domVsresp = SignatureVerificationInvoker.getInstance().verifyXMLSignature(domVsreq);
// parses the <VerifyXMLSignatureResponse>
VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index f00f4386f..e51700111 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -48,10 +48,10 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
index dc981ba33..ef81af94b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
@@ -49,11 +49,11 @@ package at.gv.egovernment.moa.id.auth.builder;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
-import java.util.Map;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.util.FormBuildUtils;
+import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.util.MiscUtil;
/**
@@ -165,31 +165,32 @@ public class GetIdentityLinkFormBuilder extends Builder {
htmlForm = replaceTag(htmlForm, PUSHINFOBOX_TAG, pushInfobox, false, ALL);
//new:wird oben mitreplaced htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL);
- //removed in MOA-ID 2.0
-// htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest), true, ALL);
-// htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, true, ALL);
+
+ //set applet-background coller
+ if (oaParam != null && MiscUtil.isNotEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR)))
+ htmlForm = replaceTag(htmlForm, COLOR_TAG,
+ oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR), false, ALL);
+ else
+ htmlForm = replaceTag(htmlForm, COLOR_TAG, FormBuildUtils.getDefaultMap().get(FormBuildUtils.PARAM_MAIN_BACKGROUNDCOLOR), false, ALL);
+
+ //set redirect target
+ if (oaParam != null && MiscUtil.isNotEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET)))
+ htmlForm = replaceTag(htmlForm, REDIRECTTARGETTAG,
+ oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET), false, ALL);
+ else
+ htmlForm = replaceTag(htmlForm, REDIRECTTARGETTAG, FormBuildUtils.getDefaultMap().get(FormBuildUtils.PARAM_REDIRECTTARGET), false, ALL);
- Map<String, String> map = null;
-
- if (oaParam != null) {
- map = oaParam.getFormCustomizaten();
- htmlForm = replaceTag(htmlForm, COLOR_TAG, map.get(FormBuildUtils.MAIN_BACKGROUNDCOLOR), false, ALL);
- htmlForm = replaceTag(htmlForm, REDIRECTTARGETTAG, map.get(FormBuildUtils.REDIRECTTARGET), false, ALL);
-
- } else {
- htmlForm = replaceTag(htmlForm, COLOR_TAG, FormBuildUtils.getDefaultMap().get(FormBuildUtils.MAIN_BACKGROUNDCOLOR), false, ALL);
- htmlForm = replaceTag(htmlForm, REDIRECTTARGETTAG, FormBuildUtils.getDefaultMap().get(FormBuildUtils.REDIRECTTARGET), false, ALL);
- }
-
- if (map != null && MiscUtil.isNotEmpty(map.get(FormBuildUtils.APPLET_HEIGHT)))
- htmlForm = replaceTag(htmlForm, APPLETHEIGHT_TAG, map.get(FormBuildUtils.APPLET_HEIGHT), false, ALL);
+ //set applet heigh
+ if (oaParam != null && MiscUtil.isNotEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT)))
+ htmlForm = replaceTag(htmlForm, APPLETHEIGHT_TAG, oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT), false, ALL);
else if (MiscUtil.isNotEmpty(appletheigth))
htmlForm = replaceTag(htmlForm, APPLETHEIGHT_TAG, appletheigth, false, ALL);
else
htmlForm = replaceTag(htmlForm, APPLETHEIGHT_TAG, "160", false, ALL);
- if (map != null && MiscUtil.isNotEmpty(map.get(FormBuildUtils.APPLET_WIDTH)))
- htmlForm = replaceTag(htmlForm, APPLETWIDTH_TAG, map.get(FormBuildUtils.APPLET_WIDTH), false, ALL);
+ //set applet width
+ if (oaParam != null && MiscUtil.isNotEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH)))
+ htmlForm = replaceTag(htmlForm, APPLETWIDTH_TAG, oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH), false, ALL);
else if (MiscUtil.isNotEmpty(appletwidth))
htmlForm = replaceTag(htmlForm, APPLETWIDTH_TAG, appletwidth, false, ALL);
else
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
index cbdef7093..b0efb100a 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
@@ -3,8 +3,8 @@ package at.gv.egovernment.moa.id.auth.modules.internal;
import org.apache.commons.lang3.StringUtils;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.AuthModule;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
/**
@@ -17,12 +17,6 @@ public class DefaultCitizenCardAuthModuleImpl implements AuthModule {
return 0;
}
- public String getProcessName() {
- return "DefaultAuthentication";
-
-
- }
-
@Override
public String selectProcess(ExecutionContext context) {
//select process if BKU is selected and it is no STORK authentication
@@ -35,7 +29,7 @@ public class DefaultCitizenCardAuthModuleImpl implements AuthModule {
if (StringUtils.isBlank((String) context.get("ccc")) &&
StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU)) &&
!performBKUSelection)
- return getProcessName();
+ return "DefaultAuthentication";
else
return null;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
index aff6b1ca6..000a47438 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
@@ -1,6 +1,6 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_VERIFY_CERTIFICATE;
+import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.REQ_VERIFY_CERTIFICATE;
import java.io.IOException;
@@ -14,9 +14,9 @@ import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.CitizenCardServletUtils;
@@ -32,7 +32,7 @@ import at.gv.egovernment.moa.logging.Logger;
* </ul>
* Expects:
* <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
* </ul>
* Result:
* <ul>
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
index cbaaa5ec7..e47aff83b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
@@ -10,13 +10,15 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
+import com.google.common.net.MediaType;
+
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.StringUtils;
@@ -26,14 +28,14 @@ import at.gv.egovernment.moa.util.StringUtils;
* In detail:
* <ul>
* <li>Renames the moa session id.</li>
- * <li>Removes ExecutionContext property {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}.</li>
+ * <li>Removes ExecutionContext property {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}.</li>
* <li>Creates the http form mentioned above.</li>
* <li>Returns the http form via HttpServletResponse.</li>
* </ul>
* Expects:
* <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID} <strong>or</strong></li>
- * <li>ExecutionContext property {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID} (in case of legacy authentication without CCE selection, where the moa session is not provided by request parameter).</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID} <strong>or</strong></li>
+ * <li>ExecutionContext property {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID} (in case of legacy authentication without CCE selection, where the moa session is not provided by request parameter).</li>
* </ul>
* Result:
* <ul>
@@ -75,9 +77,9 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED);
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL());
-
+
if (!StringUtils.isEmpty(getIdentityLinkForm)) {
- resp.setContentType("text/html;charset=UTF-8");
+ resp.setContentType(MediaType.HTML_UTF_8.toString());
PrintWriter out = new PrintWriter(resp.getOutputStream());
out.print(getIdentityLinkForm);
out.flush();
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
index 204e39b8c..7cc9df30c 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -1,7 +1,7 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_XMLRESPONSE;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK;
+import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.PARAM_XMLRESPONSE;
+import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK;
import java.io.ByteArrayInputStream;
import java.io.IOException;
@@ -22,7 +22,6 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
@@ -31,6 +30,7 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.client.SZRGWClientException;
import at.gv.egovernment.moa.id.client.utils.SZRGWClientUtils;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
@@ -44,7 +44,7 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
* In detail:
* <ul>
* <li>Renames the moa session id.</li>
- * <li>Parses the CreateXMLSignatureResponse retrieved from POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
+ * <li>Parses the CreateXMLSignatureResponse retrieved from POST parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
* <li>Extracts signature and signer certificate.</li>
* <li>Send request to SZR Gateway in order to get an identity link.</li>
* <li>Updates moa session (sets identity link, QAA level 4, authentication data and foreigner flag).</li>
@@ -52,8 +52,8 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
* </ul>
* Expects:
* <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code CreateXMLSignatureResponse}.</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code CreateXMLSignatureResponse}.</li>
* </ul>
* Result:
* <ul>
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
index 0a1e3c8f5..c172c3b9c 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
@@ -1,6 +1,6 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.GET_MIS_SESSIONID;
+import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.GET_MIS_SESSIONID;
import java.security.GeneralSecurityException;
import java.util.List;
@@ -18,10 +18,10 @@ import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.SSLUtils;
@@ -42,7 +42,7 @@ import iaik.pki.PKIException;
* </ul>
* Expects:
* <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
* </ul>
* Result:
* <ul>
@@ -72,7 +72,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
String misSessionID = moasession.getMISSessionID();
//get mandates from MIS
- ConnectionParameter connectionParameters = authConfig
+ ConnectionParameterInterface connectionParameters = authConfig
.getOnlineMandatesConnectionParameter();
SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
authConfig,
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
index b1b87f68d..c1fae1f1e 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
@@ -31,15 +31,15 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.FileUtils;
@@ -177,9 +177,9 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
}
}
+ //set useMandate flag to executionContext
executionContext.put(MOAIDAuthConstants.PARAM_USEMANDATE, moasession.isMandateUsed());
- executionContext.put(MOAIDAuthConstants.PARAM_USEMISMANDATE, moasession.isMandateUsed());
-
+
}
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
index b9a8fecf6..ed49201b8 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
@@ -8,9 +8,9 @@ import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.CitizenCardServletUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -25,7 +25,7 @@ import at.gv.egovernment.moa.logging.Logger;
* </ul>
* Expects:
* <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
* </ul>
* Result:
* <ul>
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
index f976c0b49..afbb87f10 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
@@ -22,7 +22,7 @@
*/
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.GET_MIS_SESSIONID;
+import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.GET_MIS_SESSIONID;
import java.util.List;
@@ -39,12 +39,12 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
@@ -72,7 +72,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
//perform default task initialization
defaultTaskInitialization(request, executionContext);
- ConnectionParameter connectionParameters = authConfig.getOnlineMandatesConnectionParameter();
+ ConnectionParameterInterface connectionParameters = authConfig.getOnlineMandatesConnectionParameter();
SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(authConfig, connectionParameters);
// get identitity link as byte[]
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
index b52778577..516e9501b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
@@ -1,6 +1,6 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_XMLRESPONSE;
+import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.PARAM_XMLRESPONSE;
import java.io.IOException;
import java.util.Map;
@@ -15,10 +15,10 @@ import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -28,15 +28,15 @@ import at.gv.egovernment.moa.logging.Logger;
* In detail:
* <ul>
* <li>Renames the moa session id.</li>
- * <li>Takes the {@code CreateXMLSignatureResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
+ * <li>Takes the {@code CreateXMLSignatureResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
* <li>Verifies the {@code CreateXMLSignatureResponse}.</li>
* <li>Updates moa session.</li>
* <li>Redirects back to {@code /dispatcher} in order to finalize the authentication.</li>
* </ul>
* Expects:
* <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code CreateXMLSignatureResponse}.</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code CreateXMLSignatureResponse}.</li>
* </ul>
* Result:
* <ul>
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
index cd444f7c8..df158a7ec 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
@@ -1,6 +1,6 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_GET_FOREIGN_ID;
+import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.REQ_GET_FOREIGN_ID;
import java.io.IOException;
import java.util.Map;
@@ -17,9 +17,9 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.CitizenCardServletUtils;
@@ -28,11 +28,11 @@ import at.gv.egovernment.moa.spss.util.CertificateUtils;
import iaik.x509.X509Certificate;
/**
- * Parses the certificate from {@code InfoBoxReadResponse} (via POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}), creates the auth block to be signed and returns a {@code CreateXMLSignatureRequest} for auth block signature.<p/>
+ * Parses the certificate from {@code InfoBoxReadResponse} (via POST parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}), creates the auth block to be signed and returns a {@code CreateXMLSignatureRequest} for auth block signature.<p/>
* In detail:
* <ul>
* <li>Renames the moa session id.</li>
- * <li>Retrieves the certificate via {@code InfoBoxReadResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
+ * <li>Retrieves the certificate via {@code InfoBoxReadResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
* <li>Verifies the certificate.</li>
* <li>Creates the auth block to be signed using information from the certificate (Organwalter, foreign citizen.</li>
* <li>Puts it in a {@code CreateXMLSignatureRequest}.</li>
@@ -41,8 +41,8 @@ import iaik.x509.X509Certificate;
* </ul>
* Expects:
* <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_SESSIONID} containing a {@code InfoBoxReadResponse}.</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_SESSIONID} containing a {@code InfoBoxReadResponse}.</li>
* </ul>
* Result:
* <ul>
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
index 23e92c0c0..0deda4d43 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
@@ -12,10 +12,10 @@ import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.logging.Logger;
@@ -24,15 +24,15 @@ import at.gv.egovernment.moa.logging.Logger;
* In detail:
* <ul>
* <li>Renames the moa session id.</li>
- * <li>Parses the identity link retrieved as {@code InfoBoxReadResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
+ * <li>Parses the identity link retrieved as {@code InfoBoxReadResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
* <li>Verifies the identity link.</li>
* <li>Updates moa session.</li>
* <li>Puts boolean flag {@code identityLinkAvailable} into {@code ExecutionContext}.</li>
* </ul>
* Expects:
* <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code InfoBoxReadResponse}.</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code InfoBoxReadResponse}.</li>
* </ul>
* Result:
* <ul>
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
index b39cf9e9b..eca231094 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
@@ -49,7 +49,10 @@ package at.gv.egovernment.moa.id.auth.parser;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
@@ -96,6 +99,15 @@ public class CreateXMLSignatureResponseParser {
/** This is the root element of the CreateXMLsignatureResponse */
private Element sigResponse_;
+ private static final Map<String, Object> parserFeatures =
+ Collections.unmodifiableMap(new HashMap<String, Object>() {
+ private static final long serialVersionUID = 1L;
+ {
+ put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+
+ }
+ });
+
/**
* Parses and validates the document given as string and extracts the
* root element.
@@ -156,7 +168,7 @@ public class CreateXMLSignatureResponseParser {
private void init(InputStream is) throws AuthenticationException, ParseException, BKUException {
try {
- Element responseElem = DOMUtils.parseXmlValidating(is);
+ Element responseElem = DOMUtils.parseXmlValidating(is, parserFeatures);
if ("CreateXMLSignatureResponse".equals(responseElem.getLocalName())) {
sigResponse_ = responseElem;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
index 28ce69e95..90fd7e1c7 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
@@ -46,18 +46,19 @@
package at.gv.egovernment.moa.id.auth.parser;
-import iaik.x509.X509Certificate;
-
import java.io.ByteArrayInputStream;
+import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CertificateException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
-import org.apache.axis.encoding.Base64;
import org.apache.xpath.XPathAPI;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -66,9 +67,11 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BKUException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.XPathUtils;
+import iaik.x509.X509Certificate;
/**
* Parses an <code>&lt;InfoboxReadResponse&gt;</code>.
@@ -82,6 +85,16 @@ public class InfoboxReadResponseParser {
/** This is the root element of the XML-Document provided by the Security Layer Card*/
private Element infoBoxElem_;
+ private static final Map<String, Object> parserFeatures =
+ Collections.unmodifiableMap(new HashMap<String, Object>() {
+ private static final long serialVersionUID = 1L;
+ {
+ put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+
+ }
+ });
+
+
/**
* Parses and validates the document given as string and extracts the
* root element.
@@ -132,7 +145,8 @@ public class InfoboxReadResponseParser {
private void init(InputStream is) throws AuthenticationException, ParseException, BKUException {
try {
- Element responseElem = DOMUtils.parseXmlValidating(is);
+
+ Element responseElem = DOMUtils.parseXmlValidating(is, parserFeatures);
if ("InfoboxReadResponse".equals(responseElem.getLocalName())) {
infoBoxElem_ = responseElem;
@@ -256,16 +270,14 @@ public class InfoboxReadResponseParser {
String base64Content = DOMUtils.getText(base64ContentElement);
- // Decode Base64 value to X509Certificate
- byte[] content = Base64.decode(base64Content);
+ // Decode Base64 value to X509Certificate
+ byte[] content = Base64Utils.decode(base64Content, false);
return new X509Certificate(content);
- } catch (ParserConfigurationException e) {
- throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e);
- } catch (TransformerException e) {
- throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e);
- } catch (CertificateException e) {
+ } catch (ParserConfigurationException | TransformerException |
+ CertificateException | IOException e) {
throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e);
+
}
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 5e0a69fd4..4b0e7b869 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -56,7 +56,6 @@ import javax.xml.bind.DatatypeConverter;
import org.jaxen.SimpleNamespaceContext;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
@@ -64,11 +63,12 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
import at.gv.egovernment.moa.id.auth.exception.ValidateException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 0597df622..4e591ada2 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -54,14 +54,14 @@ import java.util.Iterator;
import java.util.List;
import java.util.Set;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.exception.ValidateException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
import iaik.asn1.structures.Name;
import iaik.security.ec.common.ECPublicKey;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
index 1850ff671..55562176d 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
@@ -69,7 +69,7 @@ import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.exception.ValidateException;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.BoolUtils;
import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
index 36bab9355..9fbdf5cd7 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
@@ -55,11 +55,13 @@ import java.net.URLEncoder;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import com.google.common.net.MediaType;
+
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -91,7 +93,7 @@ public class CitizenCardServletUtils extends ServletUtils{
resp.addHeader("Location", dataURL);
//TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
- resp.setContentType("text/xml;charset=UTF-8");
+ resp.setContentType(MediaType.XML_UTF_8.toString());
OutputStream out = resp.getOutputStream();
out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8"));
@@ -127,7 +129,7 @@ public class CitizenCardServletUtils extends ServletUtils{
resp.addHeader("Location", dataURL);
//TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
- resp.setContentType("text/xml;charset=UTF-8");
+ resp.setContentType(MediaType.XML_UTF_8.toString());
OutputStream out = resp.getOutputStream();
out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8"));
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
index afa3fe2ad..74792ed72 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
@@ -38,7 +38,7 @@
<pd:Transition from="verifyCertificate" to="verifyAuthBlock" conditionExpression="ctx['useMandate']" />
<pd:Transition from="verifyCertificate" to="getForeignID" />
- <pd:Transition from="verifyAuthBlock" to="prepareGetMISMandate" conditionExpression="ctx['useMISMandate']" />
+ <pd:Transition from="verifyAuthBlock" to="prepareGetMISMandate" conditionExpression="ctx['useMandate']" />
<pd:Transition from="verifyAuthBlock" to="finalizeAuthentication" />
<pd:Transition from="prepareGetMISMandate" to="getMISMandate" />
diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml
index b43efac9e..addf086d8 100644
--- a/id/server/modules/moa-id-module-eIDAS/pom.xml
+++ b/id/server/modules/moa-id-module-eIDAS/pom.xml
@@ -14,9 +14,34 @@
<eidas-commons.version>eidas.1.0</eidas-commons.version>
<eidas-saml-engine.version>eidas.1.0</eidas-saml-engine.version>
-
+ <eidas-encryption.version>eidas.1.0</eidas-encryption.version>
+ <eidas-configmodule.version>eidas.1.0</eidas-configmodule.version>
+
</properties>
+ <profiles>
+ <profile>
+ <id>default</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ </activation>
+ <repositories>
+ <repository>
+ <id>local</id>
+ <name>local</name>
+ <url>file:${basedir}/../../../../repository</url>
+ </repository>
+ <repository>
+ <id>egiz-commons</id>
+ <url>https://demo.egiz.gv.at/int-repo/</url>
+ <releases>
+ <enabled>true</enabled>
+ </releases>
+ </repository>
+ </repositories>
+ </profile>
+ </profiles>
+
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
@@ -47,6 +72,30 @@
</exclusion>
</exclusions>
</dependency>
+
+ <dependency>
+ <groupId>eu.eidas</groupId>
+ <artifactId>eidas-configmodule</artifactId>
+ <version>${eidas-configmodule.version}</version>
+ <exclusions>
+ <exclusion>
+ <artifactId>log4j-over-slf4j</artifactId>
+ <groupId>org.slf4j</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
+ <dependency>
+ <groupId>eu.eidas</groupId>
+ <artifactId>eidas-encryption</artifactId>
+ <version>${eidas-encryption.version}</version>
+ <exclusions>
+ <exclusion>
+ <artifactId>log4j-over-slf4j</artifactId>
+ <groupId>org.slf4j</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
<!-- eidas SAML Engine -->
<dependency>
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 8471439e2..d93d739b1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -22,6 +22,16 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.opensaml.xml.encryption.EncryptionConstants;
+import org.opensaml.xml.signature.SignatureConstants;
+
+import eu.eidas.auth.engine.core.eidas.EidasAttributesTypes;
+import eu.eidas.auth.engine.core.validator.eidas.EIDASAttributes;
+
/**
* @author tlenz
*
@@ -60,23 +70,55 @@ public class Constants {
public static final long CONFIG_PROPS_METADATA_GARBAGE_TIMEOUT = 7 * 24 * 60 * 60 * 1000; //remove unused eIDAS metadata after 7 days
//eIDAS attribute names
- public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier";
- public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth";
- public static final String eIDAS_ATTR_CURRENTGIVENNAME = "CurrentGivenName";
- public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "CurrentFamilyName";
+ public static final String eIDAS_ATTR_PERSONALIDENTIFIER = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_PERSONIDENTIFIER;
+ public static final String eIDAS_ATTR_DATEOFBIRTH = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_DATEOFBIRTH;
+ public static final String eIDAS_ATTR_CURRENTGIVENNAME = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_FIRSTNAME;
+ public static final String eIDAS_ATTR_CURRENTFAMILYNAME = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_GIVENNAME;
//http endpoint descriptions
public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/sp/post";
public static final String eIDAS_HTTP_ENDPOINT_SP_REDIRECT = "/eidas/sp/redirect";
- public static final String eIDAS_HTTP_ENDPOINT_IDP_POST = "/eidas/idp/post";
+ public static final String eIDAS_HTTP_ENDPOINT_IDP_POST = "/eidas/idp/post";
+ public static final String eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST = "/eidas/ColleagueRequest";
public static final String eIDAS_HTTP_ENDPOINT_IDP_REDIRECT = "/eidas/idp/redirect";
public static final String eIDAS_HTTP_ENDPOINT_METADATA = "/eidas/metadata";
+
//Event-Codes for Revisionslog
public static final int eIDAS_REVERSIONSLOG_METADATA = 3400;
public static final int eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST = 3401;
public static final int eIDAS_REVERSIONSLOG_IDP_AUTHRESPONSE = 3402;
public static final int eIDAS_REVERSIONSLOG_SP_AUTHREQUEST= 3403;
public static final int eIDAS_REVERSIONSLOG_SP_AUTHRESPONSE= 3404;
-
+
+ //metadata constants
+ public final static Map<String, EidasAttributesTypes> METADATA_POSSIBLE_ATTRIBUTES = Collections.unmodifiableMap(
+ new HashMap<String, EidasAttributesTypes>(){
+ private static final long serialVersionUID = 1L;
+ {
+ put(EIDASAttributes.ATTRIBUTE_GIVENNAME, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+ put(EIDASAttributes.ATTRIBUTE_FIRSTNAME, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+ put(EIDASAttributes.ATTRIBUTE_DATEOFBIRTH, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+ put(EIDASAttributes.ATTRIBUTE_PERSONIDENTIFIER, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+
+ //TODO: add additional attributes for eIDAS with mandates
+ //put(EIDASAttributes.ATTRIBUTE_LEGALIDENTIFIER, EidasAttributesTypes.LEGAL_PERSON_MANDATORY);
+ //put(EIDASAttributes.ATTRIBUTE_LEGALNAME, EidasAttributesTypes.LEGAL_PERSON_MANDATORY);
+ }
+ }
+ );
+
+ public static final String METADATA_ALLOWED_ALG_DIGIST =
+ SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256 + ";" +
+ SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512 ;
+
+ public static final String METADATA_ALLOWED_ALG_SIGN =
+ SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256 + ";" +
+ SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512;
+
+ public static final String METADATA_ALLOWED_ALG_ENCRYPT =
+ EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM + ";" +
+ EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM + ";" +
+ EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM;
+
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java
index 9b634ff4d..1759a7281 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java
@@ -54,7 +54,7 @@ public class MOAIDCertificateManagerConfigurationImpl extends
try {
initalizeConfiguration();
- } catch (at.gv.egovernment.moa.id.config.ConfigurationException e) {
+ } catch (at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException e) {
Logger.error("eIDAS SAML-engine initialization FAILED", e);
}
@@ -89,7 +89,7 @@ public class MOAIDCertificateManagerConfigurationImpl extends
try {
initalizeConfiguration();
- } catch (at.gv.egovernment.moa.id.config.ConfigurationException e) {
+ } catch (at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException e) {
Logger.error("eIDAS SAML-engine initialization FAILED", e);
}
@@ -103,10 +103,10 @@ public class MOAIDCertificateManagerConfigurationImpl extends
/**
* Initialize eIDAS SAML-engine from MOA-ID configuration
- * @throws at.gv.egovernment.moa.id.config.ConfigurationException
+ * @throws at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException
*
*/
- private void initalizeConfiguration() throws at.gv.egovernment.moa.id.config.ConfigurationException {
+ private void initalizeConfiguration() throws at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException {
//initialize configuration
MOAeIDASSAMLEngineConfigurationImpl tmp = new MOAeIDASSAMLEngineConfigurationImpl();
tmp.initialize();
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
index 584910ea5..5d1874157 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
@@ -37,7 +37,7 @@ import java.util.Properties;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.FileUtils;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
index bdd8c8e72..1ba344fd1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
@@ -1,7 +1,7 @@
package at.gv.egovernment.moa.id.auth.modules.eidas.config;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
import eu.eidas.auth.engine.core.impl.EncryptionSW;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
index 2c0f1cf8c..16d909331 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
@@ -24,7 +24,6 @@ package at.gv.egovernment.moa.id.auth.modules.eidas;
import java.io.IOException;
-import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -46,7 +45,8 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController {
public eIDASSignalServlet() {
super();
Logger.debug("Registering servlet " + getClass().getName() +
- " with mappings '/eidas/sp/post' and '/eidas/sp/redirect'.");
+ " with mappings '"+ Constants.eIDAS_HTTP_ENDPOINT_SP_POST +
+ "' and '"+ Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT + "'.");
}
@@ -75,12 +75,13 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController {
// use SAML2 relayState
if (sessionId == null) {
sessionId = StringEscapeUtils.escapeHtml(request.getParameter("RelayState"));
- }
+ } else
+ Logger.warn("No parameter 'SAMLResponse'. Unable to retrieve MOA session id.");
// take from InResponseTo attribute of SAMLResponse
- if (sessionId == null) {
- String base64SamlToken = request.getParameter("SAMLResponse");
- if (base64SamlToken != null && false) {
+// if (sessionId == null) {
+// String base64SamlToken = request.getParameter("SAMLResponse");
+// if (base64SamlToken != null && false) {
// byte[] samlToken = Base64Utils.decode(base64SamlToken, false);
// Document samlResponse = parseDocument(new ByteArrayInputStream(samlToken));
//
@@ -91,10 +92,10 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController {
// XPathExpression expression = xPath.compile("string(/saml2p:Response/@InResponseTo)");
// sessionId = (String) expression.evaluate(samlResponse, XPathConstants.STRING);
// sessionId = StringEscapeUtils.escapeHtml(StringUtils.trimToNull(sessionId));
- } else {
- Logger.warn("No parameter 'SAMLResponse'. Unable to retrieve MOA session id.");
- }
- }
+// } else {
+// Logger.warn("No parameter 'SAMLResponse'. Unable to retrieve MOA session id.");
+// }
+// }
} catch (Exception e) {
Logger.warn("Unable to retrieve moa session id.", e);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index 55504dcb0..80a2734f2 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -18,6 +18,7 @@ import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
+import org.opensaml.saml2.metadata.provider.FilterException;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
@@ -26,9 +27,9 @@ import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
import org.opensaml.xml.XMLObject;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing;
import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
@@ -65,7 +66,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
private MOAeIDASChainingMetadataProvider() {
internalProvider = new ChainingMetadataProvider();
lastAccess = new HashMap<String, Date>();
-
+
}
/* (non-Javadoc)
@@ -92,12 +93,13 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
}
}
- if (!expiredEntities.isEmpty()) {
- ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
-
- //get all actually loaded metadata providers
- Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
+ ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+ boolean isUpdateRequired = false;
+ //get all actually loaded metadata providers
+ Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
+
+ if (!expiredEntities.isEmpty()) {
for (String expired : expiredEntities) {
if (loadedproviders.containsKey(expired)) {
HTTPMetadataProvider provider = loadedproviders.get(expired);
@@ -107,7 +109,8 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
//remove from map
loadedproviders.remove(expired);
-
+ isUpdateRequired = true;
+
/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
*The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
//chainProvider.removeMetadataProvider(provider);
@@ -118,18 +121,43 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
Logger.warn("eIDAS metadata for EntityID: " + expired
+ " is marked as unsed, but no loaded metadata provider is found.");
- }
+ }
+ }
+ //check signature of all metadata which are actually loaded
+ List<String> nonValidMetadataProvider = new ArrayList<String>();
+ for (HTTPMetadataProvider provider : loadedproviders.values()) {
+ try {
+ provider.getMetadataFilter().doFilter(provider.getMetadata());
+
+ } catch (FilterException | MetadataProviderException e) {
+ Logger.info("eIDAS MetadataProvider: " + provider.getMetadataURI()
+ + " is not valid any more. Reason:" + e.getMessage());
+ if (Logger.isDebugEnabled())
+ Logger.warn("Reason", e);
+
+ nonValidMetadataProvider.add(provider.getMetadataURI());
+
+ }
+ }
+ for (String el : nonValidMetadataProvider) {
+ loadedproviders.remove(el);
+ isUpdateRequired = true;
+
+ }
+
+ //update chaining metadata-provider if it is required
+ if (isUpdateRequired) {
try {
synchronized (chainProvider) {
chainProvider.setProviders(new ArrayList<MetadataProvider>(loadedproviders.values()));
-
+
emitChangeEvent();
}
-
+
} catch (MetadataProviderException e) {
Logger.warn("ReInitalize eIDASA MetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy", e);
-
+
}
}
}
@@ -184,7 +212,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
httpProvider.setMetadataFilter(filter);
httpProvider.initialize();
-
+
return httpProvider;
} catch (Throwable e) {
@@ -277,7 +305,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
}
-
+
public boolean requireValidMetadata() {
return internalProvider.requireValidMetadata();
}
@@ -341,12 +369,22 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
public List<RoleDescriptor> getRole(String entityID, QName roleName)
throws MetadataProviderException {
- return internalProvider.getRole(entityID, roleName);
+ EntityDescriptor entityDesc = getEntityDescriptor(entityID);
+ if (entityDesc != null)
+ return entityDesc.getRoleDescriptors(roleName);
+
+ else
+ return null;
}
public RoleDescriptor getRole(String entityID, QName roleName,
String supportedProtocol) throws MetadataProviderException {
- return internalProvider.getRole(entityID, roleName, supportedProtocol);
+ EntityDescriptor entityDesc = getEntityDescriptor(entityID);
+ if (entityDesc != null)
+ return internalProvider.getRole(entityID, roleName, supportedProtocol);
+
+ else
+ return null;
}
/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
index e3ae5c046..7537c4d84 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
@@ -94,6 +94,8 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
throws SAMLEngineException {
//Do nothing, because metadata signature is already validated during
//metadata provider initialization
+
+ //TODO: maybe signature validation is needed on every request
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java
new file mode 100644
index 000000000..5837d7dbf
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import eu.eidas.auth.engine.core.ExtensionProcessorI;
+import eu.eidas.auth.engine.core.eidas.EidasExtensionProcessor;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAeIDAsExtensionProcessor extends EidasExtensionProcessor implements ExtensionProcessorI {
+
+ /**
+ * Add only eIDAS attributes which are supported by Austrian eIDAS node
+ *
+ */
+ @Override
+ public Set<String> getSupportedAttributes(){
+ Set<String> supportedAttributes=new HashSet<String>( Constants.METADATA_POSSIBLE_ATTRIBUTES.keySet());
+
+ return supportedAttributes;
+ }
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java
index 98bc559d2..20f18b772 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java
@@ -22,7 +22,7 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
/**
* @author tlenz
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
index 95690bbeb..234c4e038 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
@@ -22,19 +22,21 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+import org.opensaml.saml2.core.StatusCode;
/**
* @author tlenz
*
*/
-public class EIDASEngineException extends Exception {
+public class EIDASEngineException extends eIDASException {
/**
+ * @param objects
* @param string
* @param e
*/
- public EIDASEngineException(String string, Throwable e) {
- super(string, e);
+ public EIDASEngineException(String msg, Object[] objects, Throwable e) {
+ super(msg, objects, e);
}
/**
@@ -42,4 +44,21 @@ public class EIDASEngineException extends Exception {
*/
private static final long serialVersionUID = 1559812927427153879L;
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeFirstLevel()
+ */
+ @Override
+ public String getStatusCodeFirstLevel() {
+ return StatusCode.RESPONDER_URI;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeSecondLevel()
+ */
+ @Override
+ public String getStatusCodeSecondLevel() {
+ return StatusCode.AUTHN_FAILED_URI;
+ }
+
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
index 7840ae2e6..b25895eca 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
@@ -22,17 +22,31 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+import org.opensaml.saml2.core.StatusCode;
+
/**
* @author tlenz
*
*/
-public class eIDASAttributeException extends Exception {
+public class eIDASAttributeException extends eIDASException {
private static final long serialVersionUID = 1L;
public eIDASAttributeException(String message) {
- super(message);
+ super("eIDAS.07", new Object[]{message});
}
+ @Override
+ public String getStatusCodeFirstLevel() {
+ return StatusCode.RESPONDER_URI;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeSecondLevel()
+ */
+ @Override
+ public String getStatusCodeSecondLevel() {
+ return StatusCode.AUTHN_FAILED_URI;
+ }
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java
new file mode 100644
index 000000000..c96af37ef
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASAuthnRequestProcessingException extends eIDASException {
+
+ private String subStatusCode = null;
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1083563877689098041L;
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public eIDASAuthnRequestProcessingException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ public eIDASAuthnRequestProcessingException(String subStatusCode, String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ this.subStatusCode = subStatusCode;
+ }
+
+ public eIDASAuthnRequestProcessingException(String messageId, Object[] parameters, Throwable e) {
+ super(messageId, parameters, e );
+ }
+
+ public eIDASAuthnRequestProcessingException(String subStatusCode, String messageId, Object[] parameters, Throwable e) {
+ super(messageId, parameters, e );
+ this.subStatusCode = subStatusCode;
+ }
+
+ @Override
+ public String getStatusCodeFirstLevel() {
+ return StatusCode.REQUESTER_URI;
+
+ }
+
+ @Override
+ public String getStatusCodeSecondLevel() {
+ if (MiscUtil.isNotEmpty(subStatusCode))
+ return subStatusCode;
+
+ else
+ return StatusCode.REQUEST_DENIED_URI;
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java
new file mode 100644
index 000000000..2a15ee18a
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASAuthnRequestValidationException extends eIDASException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 4353716509546972267L;
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public eIDASAuthnRequestValidationException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+
+ }
+
+ @Override
+ public String getStatusCodeFirstLevel() {
+ return StatusCode.REQUESTER_URI;
+
+ }
+
+ @Override
+ public String getStatusCodeSecondLevel() {
+ return StatusCode.RESOURCE_NOT_RECOGNIZED_URI;
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java
new file mode 100644
index 000000000..f42004abc
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+
+/**
+ * @author tlenz
+ *
+ */
+public abstract class eIDASException extends MOAIDException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+
+ public abstract String getStatusCodeFirstLevel();
+ public abstract String getStatusCodeSecondLevel();
+
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public eIDASException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public eIDASException(String messageId, Object[] parameters, Throwable e) {
+ super(messageId, parameters, e);
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java
new file mode 100644
index 000000000..0ffcf11ef
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASResponseBuildException extends eIDASException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 4446851988854996919L;
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public eIDASResponseBuildException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ public eIDASResponseBuildException(String messageId, Object[] parameters, Throwable e) {
+ super(messageId, parameters, e);
+ }
+
+ @Override
+ public String getStatusCodeFirstLevel() {
+ return StatusCode.RESPONDER_URI;
+
+ }
+
+ @Override
+ public String getStatusCodeSecondLevel() {
+ return StatusCode.AUTHN_FAILED_URI;
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java
new file mode 100644
index 000000000..d10ca1c88
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASResponseNotSuccessException extends eIDASException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 6145402939313568907L;
+
+ public eIDASResponseNotSuccessException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * @param messageId
+ * @param parameters
+ * @param e
+ */
+ public eIDASResponseNotSuccessException(String messageId, Object[] parameters, Throwable e) {
+ super(messageId, parameters, e);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeFirstLevel()
+ */
+ @Override
+ public String getStatusCodeFirstLevel() {
+ return StatusCode.RESPONDER_URI;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeSecondLevel()
+ */
+ @Override
+ public String getStatusCodeSecondLevel() {
+ return StatusCode.AUTHN_FAILED_URI;
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index 515ce2913..5d7430dd7 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -22,29 +22,25 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
-import java.io.IOException;
import java.io.InputStream;
-import java.text.ParseException;
import java.text.SimpleDateFormat;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.xml.parsers.ParserConfigurationException;
import org.springframework.stereotype.Component;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
@@ -94,28 +90,28 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
// - set bpk/wpbk;
Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
- throw new eIDASAttributeException("PersonalIdentifier is missing");
+ throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
String eIdentifier = eIDASAttributes.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).getValue().get(0);
prIdentification.getFirstChild().setNodeValue(eIdentifier);
// - set last name
Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH);
if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))
- throw new eIDASAttributeException("currentFamilyName is missing");
+ throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME);
String familyName = eIDASAttributes.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME).getValue().get(0);
prFamilyName.getFirstChild().setNodeValue(familyName);
// - set first name
Node prGivenName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH);
if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_CURRENTGIVENNAME))
- throw new eIDASAttributeException("currentGivenName is missing");
+ throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME);
String givenName = eIDASAttributes.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME).getValue().get(0);
prGivenName.getFirstChild().setNodeValue(givenName);
// - set date of birth
Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH);
if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_DATEOFBIRTH))
- throw new eIDASAttributeException("dateOfBirth is missing");
+ throw new eIDASAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH);
String dateOfBirth = eIDASAttributes.get(Constants.eIDAS_ATTR_DATEOFBIRTH).getValue().get(0);
dateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(new SimpleDateFormat("yyyyMMdd").parse(dateOfBirth));
prDateOfBirth.getFirstChild().setNodeValue(dateOfBirth);
@@ -149,15 +145,18 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
//store MOA-session to database
authenticatedSessionStorage.storeSession(moasession);
-
- } catch (ParseException | MOAIDException | MOADatabaseException | ParserConfigurationException | SAXException | IOException e) {
- throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
-
+
} catch (eIDASAttributeException e) {
throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e);
-
- }
-
+
+ } catch (MOAIDException | MOADatabaseException e) {
+ throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
+
+ } catch (Exception e) {
+ Logger.error("IdentityLink generation for foreign person FAILED.", e);
+ throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
+
+ }
}
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 2156720e8..30c206025 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -22,7 +22,6 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
-import java.io.IOException;
import java.io.StringWriter;
import java.util.Collection;
@@ -36,19 +35,22 @@ import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
import org.springframework.stereotype.Component;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import com.google.common.net.MediaType;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.stork.CPEPS;
-import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
import eu.eidas.auth.commons.EIDASAuthnRequest;
import eu.eidas.auth.commons.EIDASUtil;
@@ -85,18 +87,24 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
if (StringUtils.isEmpty(citizenCountryCode)) {
// illegal state; task should not have been executed without a selected country
- throw new AuthenticationException("stork.22", new Object[] { pendingReq.getRequestID() });
+ throw new AuthenticationException("eIDAS.03", new Object[] { "" });
}
CPEPS cpeps = authConfig.getStorkConfig().getCPEPS(citizenCountryCode);
if(null == cpeps) {
Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode});
- throw new AuthenticationException("Unknown PEPS for citizen country '{}'", new Object[] {citizenCountryCode});
+ throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode});
}
Logger.debug("Found eIDaS Node/C-PEPS configuration for citizen of country: " + citizenCountryCode);
String destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim();
+
+ //TODO: switch to entityID
+ revisionsLogger.logEvent(oaConfig, pendingReq,
+ MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED,
+ metadataUrl);
+
// assemble requested attributes
Collection<StorkAttribute> attributesFromConfig = oaConfig.getRequestedSTORKAttributes();
@@ -132,7 +140,12 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
authnRequest.setEidasNameidFormat(EIDASAuthnRequest.NAMEID_FORMAT_UNSPECIFIED);
authnRequest.setEidasLoA(EidasLoaLevels.LOW.stringValue());
authnRequest.setEidasLoACompareType(EidasLoaCompareType.MINIMUM.stringValue());
- authnRequest.setSPType(SPType.DEFAULT_VALUE);
+
+ //set correct SPType for this online application
+ if (oaConfig.getBusinessService())
+ authnRequest.setSPType("private");
+ else
+ authnRequest.setSPType(SPType.DEFAULT_VALUE);
engine.initRequestedAttributes(pAttList);
authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
@@ -165,27 +178,32 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
Logger.debug("Template merge done");
Logger.debug("Sending html content: " + writer.getBuffer().toString());
-
- response.setContentType("text/html;charset=UTF-8");
+
+ response.setContentType(MediaType.HTML_UTF_8.toString());
response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
- } catch (IOException e) {
- Logger.error("Velocity IO error: " + e.getMessage());
- throw new MOAIDException("stork.15", null); // TODO
+ revisionsLogger.logEvent(oaConfig, pendingReq,
+ MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED,
+ authnRequest.getSamlId());
+
} catch (Exception e) {
Logger.error("Velocity general error: " + e.getMessage());
- throw new MOAIDException("stork.15", null); // TODO
+ throw new MOAIDException("eIDAS.02", new Object[]{e.getMessage()}, e);
+
}
}catch (EIDASSAMLEngineException e){
- Logger.error("eIDAS AuthnRequest generation FAILED.", e);
throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.",
- new EIDASEngineException("Could not generate token for Saml Request", e));
+ new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e));
- } catch (EIDASEngineException | MOAIDException e) {
+ } catch (MOAIDException e) {
throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", e);
- }
+ } catch (Exception e) {
+ Logger.error("eIDAS AuthnRequest generation FAILED.", e);
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+
+ }
}
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 9858d6004..fae06031a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -3,16 +3,19 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.opensaml.saml2.core.StatusCode;
import org.springframework.stereotype.Component;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASResponseNotSuccessException;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
@@ -57,7 +60,15 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
//TODO: check if additional decryption operation is required
}
-
+
+ //check response StatusCode
+ if (!samlResp.getStatusCode().equals(StatusCode.SUCCESS_URI)) {
+ Logger.info("Receice eIDAS Response with StatusCode:" + samlResp.getStatusCode()
+ + " Subcode:" + samlResp.getSubStatusCode() + " Msg:" + samlResp.getMessage());
+ throw new eIDASResponseNotSuccessException("eIDAS.11", new Object[]{samlResp.getMessage()});
+
+ }
+
//MOA-ID specific response validation
//TODO: implement MOA-ID specific response validation
@@ -79,13 +90,29 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
//store MOA-session to database
authenticatedSessionStorage.storeSession(moasession);
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
+ MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED,
+ samlResp.getSamlId());
+
}catch (EIDASSAMLEngineException e) {
Logger.error("eIDAS AuthnRequest generation FAILED.", e);
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
+ MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
+ throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.",
+ new EIDASEngineException("eIDAS.09", new Object[]{e.getMessage()}, e));
+
+ } catch (MOADatabaseException e) {
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
+ MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.",
- new EIDASEngineException("Could not validate eIDAS response", e));
+ new MOAIDException("init.04", new Object[]{""}, e));
- } catch (EIDASEngineException | MOAIDException | MOADatabaseException e) {
- throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e);
+ } catch (Exception e) {
+ Logger.error("eIDAS Response processing FAILED.", e);
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
+ MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
+ throw new TaskExecutionException(pendingReq, e.getMessage(),
+ new MOAIDException("eIDAS.10", new Object[]{e.getMessage()}, e));
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 8e46f0ef1..eeb8305cf 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -26,9 +26,11 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDAsExtensionProcessor;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
import at.gv.egovernment.moa.logging.Logger;
import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.core.ExtensionProcessorI;
import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
import eu.eidas.samlengineconfig.CertificateConfigurationManager;
@@ -51,16 +53,20 @@ public class SAMLEngineUtils {
EIDASSAMLEngine engine = EIDASSAMLEngine.createSAMLEngine(Constants.eIDAS_SAML_ENGINE_NAME,
configManager);
- //set Metadata managment to eIDAS SAMLengine
+ //set metadata management to eIDAS SAMLengine
engine.setMetadataProcessor(
new MOAeIDASMetadataProviderDecorator(
MOAeIDASChainingMetadataProvider.getInstance()));
+
+ //set MOA specific extension processor
+ ExtensionProcessorI extensionProcessor = new MOAeIDAsExtensionProcessor();
+ engine.setExtensionProcessor(extensionProcessor);
eIDASEngine = engine;
} catch (EIDASSAMLEngineException e) {
Logger.error("eIDAS SAMLengine initialization FAILED!", e);
- throw new EIDASEngineException("eIDAS SAMLengine initialization FAILED!", e);
+ throw new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e);
}
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
index 3c33b8d58..563c3a18c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
@@ -26,6 +26,8 @@ public class EIDASData extends RequestImpl {
/** The ip address of the requester. */
private String remoteIPAddress;
+ private String remoteRelayState;
+
@Override
public Collection<String> getRequestedAttributes() {
// TODO Auto-generated method stub
@@ -85,4 +87,22 @@ public class EIDASData extends RequestImpl {
public void setRemoteAddress(String remoteIP) {
remoteIPAddress = remoteIP;
}
+
+ /**
+ * Gets the remote relay state.
+ *
+ * @return the remote relay state
+ */
+ public String getRemoteRelayState() {
+ return remoteRelayState;
+ }
+
+ /**
+ * Sets the remote relay state.
+ *
+ * @param relayState the new remote relay state
+ */
+ public void setRemoteRelayState(String relayState) {
+ remoteRelayState = relayState;
+ }
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 1e3b0f507..24134f1d9 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -23,40 +23,66 @@
package at.gv.egovernment.moa.id.protocols.eidas;
import java.io.IOException;
+import java.io.StringWriter;
+import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.springframework.http.MediaType;
+import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAuthnRequestProcessingException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAuthnRequestValidationException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import eu.eidas.auth.commons.EIDASAuthnRequest;
+import eu.eidas.auth.commons.EIDASAuthnResponse;
import eu.eidas.auth.commons.EIDASUtil;
import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.metadata.MetadataUtil;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
/**
- * eIDAS Protocol Support for outbound authentication
+ * eIDAS Protocol Support for outbound authentication and metadata generation
*
* @author tlenz
*/
+@Controller
public class EIDASProtocol extends AbstractAuthProtocolModulController {
public static final String NAME = EIDASProtocol.class.getName();
public static final String PATH = "eidas";
+ public EIDASProtocol() {
+ super();
+ Logger.debug("Registering servlet " + getClass().getName() +
+ " with mappings '" + Constants.eIDAS_HTTP_ENDPOINT_METADATA +
+ "' and '" + Constants.eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST +
+ "' and '" + Constants.eIDAS_HTTP_ENDPOINT_IDP_POST +"'.");
+
+ }
+
public String getName() {
return NAME;
}
@@ -130,7 +156,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
First request step - send it to BKU selection for user authentication. After the user credentials
and other info are obtained, in the second step the request will be processed and the user redirected
*/
- public void preProcess(HttpServletRequest request, HttpServletResponse response, EIDASData pendingReq) throws MOAIDException {
+ private void preProcess(HttpServletRequest request, HttpServletResponse response, EIDASData pendingReq) throws MOAIDException {
Logger.info("received an eIDaS request");
@@ -152,6 +178,10 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
// - memorize remote ip
pendingReq.setRemoteAddress(request.getRemoteAddr());
+ // - memorize relaystate
+ String relayState = request.getParameter("RelayState");
+ pendingReq.setRemoteRelayState(relayState);
+
// - memorize country code of target country
pendingReq.setGenericDataToSession(
RequestImpl.eIDAS_GENERIC_REQ_DATA_COUNTRY, samlReq.getCountry());
@@ -163,24 +193,142 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
samlReq.setPersonalAttributeList(pendingReq.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
pendingReq.setEidasRequest(samlReq);
+ //validate destination against metadata
+ String reqDestination = samlReq.getDestination();
+ if (MiscUtil.isNotEmpty(reqDestination)) {
+ boolean isValid = false;
+ List<AssertionConsumerService> allowedAssertionConsumerUrl = new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance())
+ .getSPSSODescriptor(samlReq.getIssuer()).getAssertionConsumerServices();
+
+ for (AssertionConsumerService el : allowedAssertionConsumerUrl) {
+ if (reqDestination.equals(el.getLocation()))
+ isValid = true;
+
+ }
+
+ if (!isValid) {
+ Logger.info("eIDAS AuthnRequest contains a not valid 'Destination' attribute");
+ throw new eIDASAuthnRequestValidationException("stork.01",
+ new Object[]{"eIDAS AuthnRequest contains a not valid 'Destination' attribute"});
+ }
+
+ }
+
+
// - memorize OA url
pendingReq.setOAURL(samlReq.getIssuer());
// - memorize OA config
- OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(pendingReq.getOAURL());
+ IOAAuthParameters oaConfig = authConfig.getOnlineApplicationParameter(pendingReq.getOAURL());
if (oaConfig == null)
- throw new AuthenticationException("stork.12", new Object[]{pendingReq.getOAURL()});
+ throw new eIDASAuthnRequestProcessingException("eIDAS.08", new Object[]{pendingReq.getOAURL()});
+
pendingReq.setOnlineApplicationConfiguration(oaConfig);
+ String spType = samlReq.getSPType();
+ if (MiscUtil.isEmpty(spType)) {
+ Logger.info("Load SPType from metadata ... IS NOT IMPLEMENTED YET!!!");
+ //TODO: maybe implement this if required
+
+ }
+
+ Logger.debug("eIDAS request has SPType:" + spType);
+
+ } catch (MOAIDException e) {
+ Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());
+ throw e;
+
+ } catch (EIDASSAMLEngineException e) {
+ Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());
+ throw new eIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
+
} catch(Exception e) {
- Logger.error("error in preprocessing step", e);
- throw new MOAIDException("error in preprocessing step", null);
+ Logger.warn("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage(), e);
+ throw new eIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
}
}
- public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable {
- return false;
+ public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest pendingReq) throws Throwable {
+ if (pendingReq != null && pendingReq instanceof EIDASData) {
+ EIDASData eidasReq = (EIDASData) pendingReq;
+ if (eidasReq.getEidasRequest() == null) {
+ Logger.info("Can not build eIDAS ErrorResponse. No eIDAS AuthnRequest found.");
+ return false;
+ }
+
+ try {
+ EIDASAuthnResponse eIDASResp = new EIDASAuthnResponse();
+ eIDASResp.setIssuer(pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
+
+ if (e instanceof eIDASException) {
+ eIDASResp.setStatusCode(((eIDASException) e).getStatusCodeFirstLevel());
+ eIDASResp.setSubStatusCode(((eIDASException) e).getStatusCodeSecondLevel());
+ eIDASResp.setMessage(e.getMessage());
+
+ } else if (e instanceof MOAIDException ) {
+ eIDASResp.setStatusCode(StatusCode.RESPONDER_URI);
+ eIDASResp.setSubStatusCode(StatusCode.AUTHN_FAILED_URI);
+ eIDASResp.setMessage(e.getMessage());
+
+ } else {
+ eIDASResp.setStatusCode(StatusCode.RESPONDER_URI);
+ eIDASResp.setSubStatusCode(StatusCode.AUTHN_FAILED_URI);
+ eIDASResp.setMessage(e.getMessage());
+
+ }
+
+
+ EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+
+ if(null == eidasReq.getEidasRequest().getAssertionConsumerServiceURL()) {
+ String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
+ new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()),
+ engine,
+ eidasReq.getEidasRequest());
+ eidasReq.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
+
+ }
+ //get eIDAS SAML-engine
+
+ eIDASResp = engine.generateEIDASAuthnResponseFail(eidasReq.getEidasRequest(), eIDASResp,
+ eidasReq.getRemoteAddress(), true);
+
+ String token = EIDASUtil.encodeSAMLToken(eIDASResp.getTokenSaml());
+
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+ Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+ VelocityContext context = new VelocityContext();
+
+ context.put("RelayState", eidasReq.getRemoteRelayState());
+
+ context.put("SAMLResponse", token);
+ Logger.debug("SAMLResponse original: " + token);
+
+ Logger.debug("Putting assertion consumer url as action: " + eidasReq.getEidasRequest().getAssertionConsumerServiceURL());
+ context.put("action", eidasReq.getEidasRequest().getAssertionConsumerServiceURL());
+ Logger.trace("Starting template merge");
+ StringWriter writer = new StringWriter();
+
+ Logger.trace("Doing template merge");
+ template.merge(context, writer);
+ Logger.trace("Template merge done");
+
+ Logger.trace("Sending html content : " + new String(writer.getBuffer()));
+
+ response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
+ response.setContentType(MediaType.TEXT_HTML.getType());
+
+ return true;
+
+ } catch (Exception e1 ) {
+ Logger.error("Generate eIDAS Error-Response failed.", e);
+
+ }
+
+ }
+
+ return false;
}
public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index 4e34902e2..b4db5c83d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -16,22 +16,29 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.eidas;
+import java.util.List;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.slf4j.Logger;
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.Organization;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Service;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.logging.Logger;
import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.metadata.Contact;
import eu.eidas.auth.engine.metadata.MetadataConfigParams;
import eu.eidas.auth.engine.metadata.MetadataGenerator;
import eu.eidas.engine.exceptions.SAMLEngineException;
@@ -42,7 +49,6 @@ import eu.eidas.engine.exceptions.SAMLEngineException;
*/
@Service("EidasMetaDataRequest")
public class EidasMetaDataRequest implements IAction {
- private Logger logger = org.slf4j.LoggerFactory.getLogger(EidasMetaDataRequest.class);
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
@@ -52,9 +58,7 @@ public class EidasMetaDataRequest implements IAction {
HttpServletRequest httpReq, HttpServletResponse httpResp,
IAuthData authData) throws MOAIDException {
- try {
- logger.debug("EidasMetaDataServlet GET");
-
+ try {
String pubURLPrefix = req.getAuthURL();
String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
@@ -62,13 +66,15 @@ public class EidasMetaDataRequest implements IAction {
String sp_return_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_SP_POST;
String metaData = generateMetadata(metadata_url, sp_return_url);
- logger.trace(metaData);
+ Logger.trace(metaData);
- httpResp.setContentType(MediaType.TEXT_XML.getType());
+ httpResp.setContentType(MediaType.APPLICATION_XML.getType());
httpResp.getWriter().print(metaData);
httpResp.flushBuffer();
- } catch (Exception e) {
- e.printStackTrace();
+ } catch (Exception e) {
+ Logger.error("eIDAS Metadata generation FAILED.", e);
+ throw new MOAIDException("eIDAS.05", new Object[]{e.getMessage()}, e);
+
}
@@ -103,15 +109,53 @@ public class EidasMetaDataRequest implements IAction {
MetadataConfigParams mcp=new MetadataConfigParams();
generator.setConfigParams(mcp);
generator.initialize(engine);
- mcp.setEntityID(metadata_url);
-
+
+ mcp.setEntityID(metadata_url);
+ mcp.setAssertionConsumerUrl(sp_return_url);
+
+
+ //TODO: make it configurable
+ mcp.setAuthnRequestsSigned(true);
+ mcp.setWantAssertionsSigned(true);
+ mcp.setAssuranceLevel("http://eidas.europa.eu/LoA/substantial");
+
+ //must be set in request, because it could be different for every online-application
+ //mcp.setSpType(SPType.DEFAULT_VALUE);
+
+ mcp.setDigestMethods(Constants.METADATA_ALLOWED_ALG_DIGIST);
+ mcp.setSigningMethods(Constants.METADATA_ALLOWED_ALG_SIGN);
+ mcp.setEncryptionAlgorithms(Constants.METADATA_ALLOWED_ALG_ENCRYPT);
+
+ //add organisation information from PVP metadata information
+ Organization pvpOrganisation = null;
+ try {
+ pvpOrganisation = PVPConfiguration.getInstance().getIDPOrganisation();
+ Contact technicalContact = new Contact();
+
+ List<ContactPerson> contacts = PVPConfiguration.getInstance().getIDPContacts();
+ if (contacts != null && contacts.size() >= 1) {
+ technicalContact.setEmail(contacts.get(0).getEmailAddresses().get(0).getAddress());
+ technicalContact.setGivenName(contacts.get(0).getGivenName().getName());
+ technicalContact.setSurName(contacts.get(0).getSurName().getName());
+ technicalContact.setPhone(contacts.get(0).getTelephoneNumbers().get(0).getNumber());
+ mcp.setTechnicalContact(technicalContact );
+
+ }
+
+ if (pvpOrganisation != null) {
+ mcp.setNodeUrl(pvpOrganisation.getURLs().get(0).getURL().getLocalString());
+ mcp.setCountryName("Austria");
+ technicalContact.setCompany(pvpOrganisation.getDisplayNames().get(0).getName().getLocalString());
+ }
+
+ } catch (ConfigurationException | NullPointerException e) {
+ Logger.warn("Can not load Organisation or Contact from Configuration", e);
+
+ }
+
generator.addSPRole();
- String returnUrl = sp_return_url;
- mcp.setAssertionConsumerUrl(returnUrl);
-
generator.addIDPRole();
- mcp.setAssuranceLevel("http://eidas.europa.eu/LoA/substantial"); // TODO make configurable
-
+
metadata = generator.generateMetadata();
return metadata;
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index 5f3f89aee..9943cc5fb 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -37,17 +37,17 @@ import org.springframework.http.MediaType;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
import eu.eidas.auth.commons.EIDASAuthnResponse;
import eu.eidas.auth.commons.EIDASStatusCode;
@@ -122,19 +122,21 @@ public class eIDASAuthenticationRequest implements IAction {
// but we need to set the appropriate request issuer
engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer());
- // check if we have the destination available, supply it if not
+
if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) {
String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()),
engine,
eidasRequest.getEidasRequest());
eidasRequest.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
+
}
response = engine.generateEIDASAuthnResponse(eidasRequest.getEidasRequest(), response, eidasRequest.getRemoteAddress(), true);
token = EIDASUtil.encodeSAMLToken(response.getTokenSaml());
+
} catch(Exception e) {
e.printStackTrace();
}
@@ -146,7 +148,9 @@ public class eIDASAuthenticationRequest implements IAction {
VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
VelocityContext context = new VelocityContext();
-
+
+ context.put("RelayState", eidasRequest.getRemoteRelayState());
+
context.put("SAMLResponse", token);
Logger.debug("SAMLResponse original: " + token);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
index a3f5042a1..5d79d082a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
@@ -9,6 +9,11 @@
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+ <bean id="eIDASSignalServlet"
+ class="at.gv.egovernment.moa.id.auth.modules.eidas.eIDASSignalServlet"/>
+
+ <bean id="EIDASProtocol"
+ class="at.gv.egovernment.moa.id.protocols.eidas.EIDASProtocol"/>
<!-- Authentication Process Tasks -->
<bean id="GenerateAuthnRequestTask"
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
index b50d1cf4e..7ca4590bb 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
@@ -44,6 +44,8 @@ public class ELGAMandatesAuthConstants {
public static final String ENDPOINT_REDIRECT = "/sp/elga_mandate/redirect";
public static final String ENDPOINT_METADATA = "/sp/elga_mandate/metadata";
+ public static final String TEMPLATE_MANDATE_SERVICE_SELECTION = "/mandate-service-selection.html";
+
//configuration properties
public static final String CONFIG_PROPS_PREFIX = "modules.elga_mandate.";
@@ -96,6 +98,13 @@ public class ELGAMandatesAuthConstants {
public static final String CONFIG_DEFAULT_QAA_STORK_LEVEL = "http://www.stork.gov.eu/1.0/citizenQAALevel/4";
public static final String CONFIG_DEFAULT_QAA_SECCLASS_LEVEL = "http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3";
+ public static final String SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE = "rc";
+ public static final String SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE_URI = "http://egiz.gv.at/namespace/subjectconformationdate/elga";
+ public static final String SUBJECTCONFORMATIONDATE_ELEMENT_ROOT = SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE + ":Representative";
+ public static final String SUBJECTCONFORMATIONDATE_ELEMENT_FAMILYNAME = SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE + ":FamilyName";
+ public static final String SUBJECTCONFORMATIONDATE_ELEMENT_GIVENNAME = SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE + ":GivenName";
+ public static final String SUBJECTCONFORMATIONDATE_ELEMENT_DATEOFBIRTH = SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE + ":DateOfBirth";
+
public static List<String> getRequiredAttributeNames() {
List<String> list = new ArrayList<String>();
for (Pair<String, String> el : REQUIRED_PVP_ATTRIBUTES)
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
index 7f7af704c..c2efe5bfc 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
@@ -23,7 +23,12 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates;
*/
+import org.springframework.beans.factory.annotation.Autowired;
+
import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.util.MiscUtil;
/**
* This authentication module extens the default citizen
@@ -33,6 +38,8 @@ import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModu
*/
public class ELGAMandatesAuthModuleImpl extends DefaultCitizenCardAuthModuleImpl {
+ @Autowired private AuthConfiguration authConfig;
+
private int priority = 0;
/* (non-Javadoc)
@@ -42,13 +49,23 @@ public class ELGAMandatesAuthModuleImpl extends DefaultCitizenCardAuthModuleImpl
public int getPriority() {
return priority;
}
-
+
@Override
- public String getProcessName() {
- return "DefaultAuthenticationWithELGAMandates";
+ public String selectProcess(ExecutionContext context) {
+ String selectedProcessID = super.selectProcess(context);
+
+ //check if BKU authentication is selected and ELGA-MandateService is configurated
+ if (MiscUtil.isNotEmpty(selectedProcessID)) {
+ if (MiscUtil.isNotEmpty(authConfig.getBasicMOAIDConfiguration(
+ ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID)))
+ return "DefaultAuthenticationWithELGAMandates";
+
+ }
+
+ return selectedProcessID;
}
-
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
*/
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
index a64fc8bf7..5743590f9 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
@@ -35,7 +35,7 @@ import org.opensaml.xml.security.credential.Credential;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.data.Pair;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
@@ -223,7 +223,8 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon
*/
@Override
public String getSPSLOPostBindingURL() {
- return authURL + ELGAMandatesAuthConstants.ENDPOINT_POST;
+ //return authURL + ELGAMandatesAuthConstants.ENDPOINT_POST;
+ return null;
}
/* (non-Javadoc)
@@ -231,7 +232,8 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon
*/
@Override
public String getSPSLORedirectBindingURL() {
- return authURL + ELGAMandatesAuthConstants.ENDPOINT_REDIRECT;
+ //return authURL + ELGAMandatesAuthConstants.ENDPOINT_REDIRECT;
+ return null;
}
/* (non-Javadoc)
@@ -288,4 +290,24 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon
public String getSPNameForLogging() {
return ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING;
}
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAssertionSigned()
+ */
+ @Override
+ public boolean wantAssertionSigned() {
+ return true;
+
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned()
+ */
+ @Override
+ public boolean wantAuthnRequestSigned() {
+ return true;
+
+ }
}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
index 320c4fdc6..b67d263fc 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
@@ -22,13 +22,26 @@
*/
package at.gv.egovernment.moa.id.auth.modules.elgamandates.config;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.opensaml.Configuration;
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml2.core.SubjectConfirmationData;
import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.security.credential.Credential;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
/**
* @author tlenz
@@ -36,14 +49,15 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderCo
*/
public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequestBuilderConfiguruation {
- private boolean isPassive;
- private String SPEntityID;
- private String QAA_Level;
- private EntityDescriptor idpEntity;
- private Credential signCred;
- private String subjectNameID;
- private String subjectNameIDQualifier;
- private String requestID;
+ private boolean isPassive = false;
+ private String SPEntityID = null;
+ private String QAA_Level = null;
+ private EntityDescriptor idpEntity = null;
+ private Credential signCred = null;
+ private String subjectNameID = null;
+ private String subjectNameIDQualifier = null;
+ private String requestID = null;
+ private Element subjectConformationDate = null;
/* (non-Javadoc)
@@ -216,8 +230,74 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest
public void setSubjectNameIDQualifier(String subjectNameIDQualifier) {
this.subjectNameIDQualifier = subjectNameIDQualifier;
}
-
-
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationMethode()
+ */
+ @Override
+ public String getSubjectConformationMethode() {
+ return SubjectConfirmation.METHOD_BEARER;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationDate()
+ */
+ @Override
+ public Element getSubjectConformationDate() {
+ return subjectConformationDate;
+ }
+
+ /**
+ * @param subjectConformationDate the subjectConformationDate to set
+ */
+ public void setSubjectConformationDate(String givenName, String familyName, String dateOfBirth) {
+ try {
+ Logger.trace("Build 'SubjectConfirmationData' for ELGA Mandate-Service request ...");
+ //build empty 'SubjectConfirmationData' element
+ SubjectConfirmationData subjectConformDate = SAML2Utils.createSAMLObject(SubjectConfirmationData.class);
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ DocumentBuilder builder = dbf.newDocumentBuilder();
+ Document doc = builder.newDocument();
+
+ Marshaller out = Configuration.getMarshallerFactory()
+ .getMarshaller(subjectConformDate);
+ out.marshall(subjectConformDate, doc);
+
+ //build root element for personal information
+ Element rootDom = doc.createElementNS(
+ ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE_URI,
+ ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_ROOT);
+ rootDom.setPrefix(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE);
+ rootDom.setAttributeNS("http://www.w3.org/2000/xmlns/",
+ "xmlns:" + ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE,
+ ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE_URI);
+
+ //build personal information
+ Element familyNameDom = doc.createElement(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_FAMILYNAME);
+ Element givenNameDom = doc.createElement(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_GIVENNAME);
+ Element dateOfBirthDom = doc.createElement(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_DATEOFBIRTH);
+ familyNameDom.setTextContent(familyName);
+ givenNameDom.setTextContent(givenName);
+ dateOfBirthDom.setTextContent(dateOfBirth);
+
+ //add personal information to 'SubjectConfirmationData' element
+ doc.getFirstChild().appendChild(rootDom);
+ rootDom.appendChild(givenNameDom);
+ rootDom.appendChild(familyNameDom);
+ rootDom.appendChild(dateOfBirthDom);
+
+ this.subjectConformationDate = doc.getDocumentElement();
+ Logger.trace("'SubjectConfirmationData' for ELGA Mandate-Service is complete");
+
+ } catch (ParserConfigurationException | MarshallingException e) {
+ Logger.error("Can not generate 'SubjectConformationDate' for "
+ + ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING);
+
+ }
+
+
+ }
+
}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
index 3fa43d0a3..5720e4827 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
@@ -32,11 +32,13 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import com.google.common.net.MediaType;
+
import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesMetadataConfiguration;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
import at.gv.egovernment.moa.id.auth.servlet.AbstractController;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
import at.gv.egovernment.moa.id.util.HTTPUtils;
@@ -80,7 +82,7 @@ public class ELGAMandateMetadataController extends AbstractController {
String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
//write response
- resp.setContentType("text/xml");
+ resp.setContentType(MediaType.XML_UTF_8.toString());
resp.getOutputStream().write(xmlMetadata.getBytes("UTF-8"));
resp.getOutputStream().close();
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/exceptions/ELGAMetadataException.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/exceptions/ELGAMetadataException.java
index 6b7c13804..d27353809 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/exceptions/ELGAMetadataException.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/exceptions/ELGAMetadataException.java
@@ -22,7 +22,7 @@
*/
package at.gv.egovernment.moa.id.auth.modules.elgamandates.exceptions;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
/**
* @author tlenz
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java
deleted file mode 100644
index 03711aa40..000000000
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks;
-
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.stereotype.Component;
-
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
-import at.gv.egovernment.moa.id.auth.modules.internal.tasks.InitializeBKUAuthenticationTask;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-@Component("ELGAInitializeBKUAuthenticationTask")
-public class ELGAInitializeBKUAuthenticationTask extends InitializeBKUAuthenticationTask {
-
- @Override
- public void execute(ExecutionContext executionContext,
- HttpServletRequest request, HttpServletResponse response)
- throws TaskExecutionException {
-
- try {
- //perform Default-BKU authentication initialization
- internalInitializeWithoutPersist(executionContext, request, response);
-
- //perform ELGA Mandate-Service specific parts
- Logger.debug("Perfom ELGA-Mandate specific parts of initialisation.");
- Boolean misMandateUsed = (Boolean) executionContext.get(MOAIDAuthConstants.PARAM_USEMISMANDATE);
-
- boolean elgaMandateUsed = false;
- Object elgaMandateUsedObj = executionContext.get(MOAIDAuthConstants.PARAM_USEELGAMANDATE);
- if (elgaMandateUsedObj == null ||
- !(elgaMandateUsedObj instanceof String || elgaMandateUsedObj instanceof Boolean)) {
- Logger.error("Use ELGA-MandateService flag has a wrong type.");
- throw new MOAIDException("auth.12", new Object[]{"Start-BKU Authentication","useELGAMandate"});
-
- } else {
- if (elgaMandateUsedObj instanceof String)
- elgaMandateUsed = Boolean.parseBoolean((String) elgaMandateUsedObj);
- else
- elgaMandateUsed = (boolean) elgaMandateUsedObj;
-
- }
-
- //check if both mandate Services are requested
- if ( (misMandateUsed != null && misMandateUsed) &&
- elgaMandateUsed ) {
- Logger.error("Can not use MIS-MandateService and ELGA-MandateService twince");
- throw new MOAIDException("validator.73", null);
-
- }
-
-
- if (elgaMandateUsed) {
- //check mandateProfiles against ELGA-MandateService configuration
- if (!checkServiceProviderAgainstELGAModulConfigration()) {
- Logger.info("Service-Provider: " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix()
- + " does not fulfill requirements to use ELGA-MandateService.");
- throw new MOAIDException("service.10", new Object[]{
- ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
- "No valid mandate-profile defined"});
-
- }
-
- //remove MIS-Mandate flag and set useMandate flag to MOASession
- Logger.debug("Authentication process select ELGA-MandateService.");
- executionContext.remove(MOAIDAuthConstants.PARAM_USEMISMANDATE);
- moasession.setUseMandates(elgaMandateUsed);
- }
-
- //disable SSO if it is requested
- if (pendingReq.needSingleSignOnFunctionality() && moasession.isMandateUsed()) {
- Logger.info("ELGA-MandateService does not allow Single Sign-On. SSO get disabled for this request.");
- pendingReq.setNeedSingleSignOnFunctionality(false);
-
-
- }
-
- //store MOASession and pendingRequest
- requestStoreage.storePendingRequest(pendingReq);
- authenticatedSessionStorage.storeSession(moasession);
-
- } catch (MOADatabaseException | MOAIDException e) {
- Logger.info("Initialize BKUAuthentication with ELGA Mandates FAILED. Reason:" + e.getMessage());
- throw new TaskExecutionException(pendingReq, e.getMessage(), e);
-
- }
- }
-
- /**
- * Check Service-Provider mandate-profiles against allowed mandate-profiles for ELGA MandateService.
- *
- * @return true, if ELGA mandateservice is allowed, otherwise false
- */
- private boolean checkServiceProviderAgainstELGAModulConfigration() {
- String allowedMandateTypesCSV =
- authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES);
- List<String> allowedMandateTypes = KeyValueUtils.getListOfCSVValues(allowedMandateTypesCSV);
- List<String> spMandateProfiles = pendingReq.getOnlineApplicationConfiguration().getMandateProfiles();
-
- boolean isELGAMandateServiceAllowed = false;
- if (spMandateProfiles != null) {
- for (String el : allowedMandateTypes) {
- if (spMandateProfiles.contains(el))
- isELGAMandateServiceAllowed = true;
-
- }
- }
-
- return isELGAMandateServiceAllowed;
- }
-}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java
new file mode 100644
index 000000000..f05446771
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java
@@ -0,0 +1,126 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.stereotype.Component;
+
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("EvaluateMandateServiceTask")
+public class EvaluateMandateServiceTask extends AbstractAuthServletTask {
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+ throws TaskExecutionException {
+ try {
+ boolean useMIS = getUserConfermationFromRequest(request, MOAIDAuthConstants.PARAM_USEMISMANDATE);
+ boolean useELGA = getUserConfermationFromRequest(request, MOAIDAuthConstants.PARAM_USEELGAMANDATE);
+
+ //check if both mandate Services are requested
+ if ( useMIS && useELGA ) {
+ Logger.error("Can not use MIS-MandateService and ELGA-MandateService twince");
+ throw new MOAIDException("validator.73", null);
+
+ }
+
+ //select next process step
+ if (useELGA) {
+ //validate service-provider again
+ if (!ELGAMandateUtils.checkServiceProviderAgainstELGAModulConfigration(authConfig, pendingReq)) {
+ Logger.info("Service-Provider: " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix()
+ + " does not fulfill requirements to use ELGA-MandateService.");
+ throw new MOAIDException("service.10", new Object[]{
+ ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
+ "No valid mandate-profile defined"});
+
+ }
+
+ executionContext.put(MOAIDAuthConstants.PARAM_USEELGAMANDATE, useELGA);
+ Logger.debug("ELGA Mandate-Service is selected. Initialize service communication ... ");
+
+ } else if(useMIS) {
+ executionContext.put(MOAIDAuthConstants.PARAM_USEMISMANDATE, useMIS);
+ Logger.debug("MIS Mandate-Service is selected. Initialize service communication ... ");
+
+
+ } else {
+ //mark pending-request as aborted
+ Logger.info("No Mandate-Service is selected. Abort authentication process ... ");
+ pendingReq.setAbortedByUser(true);
+ pendingReq.setAuthenticated(false);
+
+ //store pending-request
+ requestStoreage.storePendingRequest(pendingReq);
+
+ //redirect to protocol finalization
+ performRedirectToProtocolFinialization(pendingReq, response);
+
+ }
+
+ } catch (MOAIDException e) {
+ Logger.info("Evaluation of Mandate-Service selection FAILED. Reason:" + e.getMessage());
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+
+ } catch (Exception e) {
+ Logger.info("Mandate-Service selection evaluation: General Exception. Msg:" + e.getMessage());
+ throw new TaskExecutionException(pendingReq, "ELGA mandate-service: General Exception.", e);
+
+ }
+
+ }
+
+ private boolean getUserConfermationFromRequest(HttpServletRequest httpReq, String paramName) throws WrongParametersException {
+ String paramString = httpReq.getParameter(paramName);
+ paramString = StringEscapeUtils.escapeHtml(paramString);
+ if (!ParamValidatorUtils.isValidUseMandate(paramString))
+ throw new WrongParametersException("Mandate-Service selection-evaluation", paramName, null);
+
+ if (MiscUtil.isNotEmpty(paramString))
+ return Boolean.parseBoolean(paramString);
+
+ else
+ return false;
+
+ }
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
index f976793b8..07bde7762 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
@@ -38,6 +38,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
@@ -148,15 +149,21 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
//load MOASession object
defaultTaskInitialization(request, executionContext);
+
+ /**
+ * Mandate Reference-Value is generated from ELGA MandateServie -->
+ * MOA-ID generated reference value is not equal to reference-value from ELGA MandateService
+ * But MOA-ID refernece-value is also validated in 'inResponseTo' attribute from ELGA MandateService response
+ */
//validate receive mandate reference-value
- String responseRefValue = extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME);
- if (!moasession.getMandateReferenceValue().equals(responseRefValue)) {
- Logger.warn("PVP Response from ELGA mandate-service contains a not valid MandateReferenceValue.");
- throw new AssertionValidationExeption("sp.pvp2.07",
- new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
- PVPConstants.MANDATE_REFERENCE_VALUE_FRIENDLY_NAME});
-
- }
+// String responseRefValue = extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME);
+// if (!moasession.getMandateReferenceValue().equals(responseRefValue)) {
+// Logger.warn("PVP Response from ELGA mandate-service contains a not valid MandateReferenceValue.");
+// throw new AssertionValidationExeption("sp.pvp2.07",
+// new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
+// PVPConstants.MANDATE_REFERENCE_VALUE_FRIENDLY_NAME});
+//
+// }
Logger.debug("Validation of PVP Response from ELGA mandate-service is complete.");
@@ -171,7 +178,19 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
authenticatedSessionStorage.storeSession(moasession);
//write revisions log entry
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED);
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED,
+ extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME));
+
+ //write mandate info's to revisions log
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_TYPE,
+ extractor.getSingleAttributeValue(PVPConstants.MANDATE_TYPE_NAME));
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE,
+ MOAReversionLogger.NAT_PERSON);
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH,
+ revisionsLogger.buildPersonInformationHash(
+ extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME),
+ extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME),
+ extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME)));
Logger.info("Receive a valid assertion from ELGA mandate-service " + msg.getEntityID());
@@ -179,12 +198,20 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
String samlRequest = request.getParameter("SAMLRequest");
Logger.warn("Receive INVALID PVP Response from ELGA mandate-service: " + samlRequest, e);
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED);
- throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from ELGA mandate-service", e);
+ throw new TaskExecutionException(pendingReq,
+ "Receive INVALID PVP Response from ELGA mandate-service",
+ new AuthnResponseValidationException("sp.pvp2.12",
+ new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()},
+ e));
} catch (IOException | MarshallingException | TransformerException e) {
Logger.warn("Processing PVP response from ELGA mandate-service FAILED.", e);
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED);
- throw new TaskExecutionException(pendingReq, "Processing PVP response from ELGA mandate-service FAILED.", e);
+ throw new TaskExecutionException(pendingReq,
+ "Processing PVP response from ELGA mandate-service FAILED.",
+ new AuthnResponseValidationException("sp.pvp2.12",
+ new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()},
+ e));
} catch (CredentialsNotAvailableException e) {
Logger.error("ELGA mandate-service: PVP response decrytion FAILED. No credential found.", e);
@@ -195,7 +222,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
Logger.info("ELGA mandate-service: PVP response validation FAILED. Msg:" + e.getMessage());
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getMessageId());
throw new TaskExecutionException(pendingReq, "ELGA mandate-service: PVP response validation FAILED.", e);
-
+
} catch (Exception e) {
Logger.info("ELGA mandate-service: General Exception. Msg:" + e.getMessage());
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED);
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
index d25921167..fd918c7f4 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -36,7 +36,6 @@ import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
@@ -44,7 +43,8 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesReq
import at.gv.egovernment.moa.id.auth.modules.elgamandates.exceptions.ELGAMetadataException;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder;
@@ -82,6 +82,16 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
}
+ //load metadata with metadataURL, as backup
+ String metadataURL = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATAURL);
+ if (MiscUtil.isNotEmpty(metadataURL)) {
+ Logger.warn("Use not recommended metadata-provider initialization!"
+ + " SAML2 'Well-Known-Location' is the preferred methode.");
+ Logger.info("Initialize ELGA Mandate-Service metadata-provider with URL:" + metadataURL);
+ metadataService.initialize(metadataURL);
+
+ }
+
//load IDP SAML2 entitydescriptor
EntityDescriptor entityDesc = metadataService.getEntityDescriptor(elgaMandateServiceEntityID);
@@ -112,7 +122,15 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
}
}
-
+
+ //check if identityLink exists in moaSession DAO
+ if (moasession.getIdentityLink() == null) {
+ Logger.error("Connect ELGA Mandate-Service FAILED -> NO identityLink in moaSession DAO");
+ throw new MOAIDException("service.10",
+ new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, "NO identityLink in moaSession DAO."});
+
+ }
+
String sourcePinType = moasession.getIdentityLink().getIdentificationType();
String sourcePinValue = moasession.getIdentityLink().getIdentificationValue();
if (sourcePinType.startsWith(Constants.URN_PREFIX_BASEID)) {
@@ -132,9 +150,25 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
}
}
+ //build subjectNameID with bPK-Type Prefix
+ String bPKPrefix = null;
+ if (configTarget.startsWith(Constants.URN_PREFIX_WBPK))
+ bPKPrefix = configTarget.substring((Constants.URN_PREFIX_WBPK + "+").length());
+
+ else if (configTarget.startsWith(Constants.URN_PREFIX_CDID))
+ bPKPrefix = configTarget.substring((Constants.URN_PREFIX_CDID + "+").length());
+
+ if (bPKPrefix == null) {
+ throw new MOAIDException("service.10",
+ new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, "Configurated bPK-Type is wrong."});
+
+ }
+
//set bPK of representative as SAML2 subjectNameID
- authnReqConfig.setSubjectNameID(representativeBPK );
- authnReqConfig.setSubjectNameIDQualifier(configTarget);
+ authnReqConfig.setSubjectNameID(bPKPrefix + ":" + representativeBPK );
+
+ //is not recommended from ELGA
+ //authnReqConfig.setSubjectNameIDQualifier(configTarget);
//set MandateReferenceValue as RequestID
authnReqConfig.setRequestID(moasession.getMandateReferenceValue());
@@ -142,6 +176,12 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
PVPTargetConfiguration.DATAID_INTERFEDERATION_REQUESTID,
authnReqConfig.getRequestID());
+ //set SubjectConformationDate
+ authnReqConfig.setSubjectConformationDate(
+ moasession.getIdentityLink().getGivenName(),
+ moasession.getIdentityLink().getFamilyName(),
+ moasession.getIdentityLink().getDateOfBirth());
+
//store pending-request
requestStoreage.storePendingRequest(pendingReq);
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java
new file mode 100644
index 000000000..8d6ac1762
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
+import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils;
+import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("SelectMandateServiceTask")
+public class SelectMandateServiceTask extends AbstractAuthServletTask {
+
+ @Autowired IGUIFormBuilder guiBuilder;
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+ throws TaskExecutionException {
+ try {
+ //check if Service-Provider allows ELGA-mandates
+ if (ELGAMandateUtils.checkServiceProviderAgainstELGAModulConfigration(authConfig, pendingReq)) {
+ Logger.trace("Build GUI for mandate-service selection ...");
+
+ IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+ pendingReq,
+ ELGAMandatesAuthConstants.TEMPLATE_MANDATE_SERVICE_SELECTION,
+ GeneralProcessEngineSignalController.ENDPOINT_GENERIC);
+
+ guiBuilder.build(response, config, "Mandate-Service selection");
+
+ Logger.debug("GUI for mandate-service selection is generated. Wait for user interaction ... ");
+
+ } else {
+ //service-provider does not allow ELGA-mandates --> switch to MIS mandate-service
+ Logger.debug("Service-Provider does not allow ELGA Mandate-Service. --> Select MIS Mandate-Service as Default.");
+ executionContext.put(MOAIDAuthConstants.PARAM_USEMISMANDATE, true);
+
+ }
+
+ } catch (GUIBuildException e) {
+ Logger.warn("Can not build GUI:'Mandate-Service selection'. Msg:" + e.getMessage());
+ throw new TaskExecutionException(pendingReq,
+ "Can not build GUI. Msg:" + e.getMessage(),
+ new MOAIDException("builder.09", new Object[]{e.getMessage()}, e));
+
+ } catch (Exception e) {
+ Logger.info("Mandate-Service selection: General Exception. Msg:" + e.getMessage());
+ throw new TaskExecutionException(pendingReq, "ELGA mandate-service: General Exception.", e);
+
+ }
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
index 49f131983..c9485104b 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
@@ -37,7 +37,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
@@ -57,6 +57,19 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
private HTTPMetadataProvider metadataProvider = null;
+
+ public void initialize(String metadataURL) throws MetadataProviderException {
+ if (metadataProvider == null) {
+ internalInitialize(metadataURL);
+
+ } else {
+ Logger.info("ELGA Mandate-Service metadata-provider is already initialized.");
+
+ }
+
+ }
+
+
/* (non-Javadoc)
* @see org.opensaml.saml2.metadata.provider.MetadataProvider#requireValidMetadata()
*/
@@ -138,7 +151,7 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
@Override
public EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException {
if (metadataProvider == null)
- initialize(entityID);
+ internalInitialize(entityID);
try {
EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID);
@@ -162,7 +175,7 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
@Override
public List<RoleDescriptor> getRole(String entityID, QName roleName) throws MetadataProviderException {
if (metadataProvider == null)
- initialize(entityID);
+ internalInitialize(entityID);
return metadataProvider.getRole(entityID, roleName);
}
@@ -174,35 +187,37 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
public RoleDescriptor getRole(String entityID, QName roleName, String supportedProtocol)
throws MetadataProviderException {
if (metadataProvider == null)
- initialize(entityID);
+ internalInitialize(entityID);
return metadataProvider.getRole(entityID, roleName, supportedProtocol);
}
- private void initialize(String entityID) throws MetadataProviderException {
- Logger.info("Initialize PVP MetadataProvider to connect ELGA Mandate-Service");
+ private synchronized void internalInitialize(String metdataURL) throws MetadataProviderException {
+ if (metadataProvider == null) {
+ Logger.info("Initialize PVP MetadataProvider to connect ELGA Mandate-Service");
- String trustProfileID = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATA_TRUSTPROFILE);
- if (MiscUtil.isEmpty(trustProfileID)) {
- Logger.error("Create ELGA Mandate-Service Client FAILED: No trustProfileID to verify PVP metadata." );
- throw new MetadataProviderException("No trustProfileID to verify PVP metadata.");
- }
+ String trustProfileID = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATA_TRUSTPROFILE);
+ if (MiscUtil.isEmpty(trustProfileID)) {
+ Logger.error("Create ELGA Mandate-Service Client FAILED: No trustProfileID to verify PVP metadata." );
+ throw new MetadataProviderException("No trustProfileID to verify PVP metadata.");
+ }
- //create metadata validation filter chain
- MetadataFilterChain filter = new MetadataFilterChain();
- filter.addFilter(new SchemaValidationFilter(true));
- filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID));
+ //create metadata validation filter chain
+ MetadataFilterChain filter = new MetadataFilterChain();
+ filter.addFilter(new SchemaValidationFilter(true));
+ filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID));
- metadataProvider = createNewHTTPMetaDataProvider(entityID,
- filter,
- ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING);
+ metadataProvider = createNewHTTPMetaDataProvider(metdataURL,
+ filter,
+ ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING);
- if (metadataProvider == null) {
- Logger.error("Create ELGA Mandate-Service Client FAILED.");
- throw new MetadataProviderException("Can not initialize ELGA Mandate-Service metadaa provider.");
+ if (metadataProvider == null) {
+ Logger.error("Create ELGA Mandate-Service Client FAILED.");
+ throw new MetadataProviderException("Can not initialize ELGA Mandate-Service metadaa provider.");
- }
+ }
- metadataProvider.setRequireValidMetadata(true);
+ metadataProvider.setRequireValidMetadata(true);
+ }
}
}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java
new file mode 100644
index 000000000..03f8fa195
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils;
+
+import java.util.List;
+
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ELGAMandateUtils {
+ /**
+ * Check Service-Provider mandate-profiles against allowed mandate-profiles for ELGA MandateService.
+ *
+ * @return true, if ELGA mandateservice is allowed, otherwise false
+ */
+ public static boolean checkServiceProviderAgainstELGAModulConfigration(AuthConfiguration authConfig, IRequest pendingReq) {
+ String allowedMandateTypesCSV =
+ authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES);
+ List<String> allowedMandateTypes = KeyValueUtils.getListOfCSVValues(allowedMandateTypesCSV);
+ List<String> spMandateProfiles = pendingReq.getOnlineApplicationConfiguration().getMandateProfiles();
+
+ boolean isELGAMandateServiceAllowed = false;
+ if (spMandateProfiles != null) {
+ for (String el : allowedMandateTypes) {
+ if (spMandateProfiles.contains(el))
+ isELGAMandateServiceAllowed = true;
+
+ }
+ }
+
+ return isELGAMandateServiceAllowed;
+ }
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
index c6434b901..f5bcdb70b 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
@@ -26,7 +26,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
import at.gv.egovernment.moa.util.FileUtils;
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
index 8cd08d226..4dee1160e 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
@@ -5,7 +5,7 @@
- National authentication with Austrian Citizen Card and mobile signature with our without mandate.
- Legacy authentication for foreign citizens using MOCCA supported signature cards.
-->
- <pd:Task id="elgaInitializeBKUAuthentication" class="ELGAInitializeBKUAuthenticationTask" />
+ <pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask" />
<pd:Task id="createIdentityLinkForm" class="CreateIdentityLinkFormTask" />
<pd:Task id="verifyIdentityLink" class="VerifyIdentityLinkTask" async="true" />
<pd:Task id="verifyAuthBlock" class="VerifyAuthenticationBlockTask" async="true" />
@@ -18,6 +18,8 @@
<pd:Task id="getForeignID" class="GetForeignIDTask" async="true" />
<!-- ELGA Mandate-Service Tasks -->
+ <pd:Task id="selectMandateServiceTask" class="SelectMandateServiceTask" />
+ <pd:Task id="evaluateMandateServiceTask" class="EvaluateMandateServiceTask" async="true"/>
<pd:Task id="requestELGAMandateTask" class="RequestELGAMandateTask" />
<pd:Task id="receiveElgaMandateResponseTask" class="ReceiveElgaMandateResponseTask" async="true"/>
@@ -25,9 +27,9 @@
<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
<pd:StartEvent id="start" />
- <pd:Transition from="start" to="elgaInitializeBKUAuthentication" />
+ <pd:Transition from="start" to="initializeBKUAuthentication" />
- <pd:Transition from="elgaInitializeBKUAuthentication" to="createIdentityLinkForm" />
+ <pd:Transition from="initializeBKUAuthentication" to="createIdentityLinkForm" />
<pd:Transition from="createIdentityLinkForm" to="verifyIdentityLink" />
@@ -43,10 +45,17 @@
<pd:Transition from="verifyCertificate" to="verifyAuthBlock" conditionExpression="ctx['useMandate']" />
<pd:Transition from="verifyCertificate" to="getForeignID" />
- <pd:Transition from="verifyAuthBlock" to="prepareGetMISMandate" conditionExpression="ctx['useMISMandate']" />
- <pd:Transition from="verifyAuthBlock" to="requestELGAMandateTask" conditionExpression="ctx['useELGAMandate']" />
+ <pd:Transition from="verifyAuthBlock" to="selectMandateServiceTask" conditionExpression="ctx['useMandate']" />
<pd:Transition from="verifyAuthBlock" to="finalizeAuthentication" />
+ <pd:Transition from="selectMandateServiceTask" to="prepareGetMISMandate" conditionExpression="ctx['useMISMandate']" />
+ <pd:Transition from="selectMandateServiceTask" to="evaluateMandateServiceTask" />
+
+ <pd:Transition from="evaluateMandateServiceTask" to="prepareGetMISMandate" conditionExpression="ctx['useMISMandate']" />
+ <pd:Transition from="evaluateMandateServiceTask" to="requestELGAMandateTask" conditionExpression="ctx['useELGAMandate']" />
+ <pd:Transition from="evaluateMandateServiceTask" to="end" />
+
+
<pd:Transition from="requestELGAMandateTask" to="receiveElgaMandateResponseTask" />
<pd:Transition from="receiveElgaMandateResponseTask" to="finalizeAuthentication" />
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml
index c1abe78df..cbc4e65c1 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml
@@ -26,11 +26,15 @@
<bean id="ELGAMandateSignalController"
class="at.gv.egovernment.moa.id.auth.modules.elgamandates.controller.ELGAMandateSignalController"/>
-<!-- Federated Authentication Process Tasks -->
- <bean id="ELGAInitializeBKUAuthenticationTask"
- class="at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks.ELGAInitializeBKUAuthenticationTask"
+<!-- ELGA-MandateService communication Process Tasks -->
+ <bean id="SelectMandateServiceTask"
+ class="at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks.SelectMandateServiceTask"
scope="prototype"/>
+ <bean id="EvaluateMandateServiceTask"
+ class="at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks.EvaluateMandateServiceTask"
+ scope="prototype"/>
+
<bean id="RequestELGAMandateTask"
class="at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks.RequestELGAMandateTask"
scope="prototype"/>
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/templates/mandate-service-selection.html b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/templates/mandate-service-selection.html
new file mode 100644
index 000000000..b0be4a475
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/templates/mandate-service-selection.html
@@ -0,0 +1,76 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+ <!-- MOA-ID 2.x BKUSelection Layout CSS -->
+ <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=#ID#" />
+
+ <title>Anmeldung an Online-Applikation</title>
+</head>
+
+
+<body>
+ <div id="page">
+
+ <div id="page1" class="case selected-case" role="main">
+
+<!-- <h2 class="OA_header">Anmeldung an: #OAName#</h2> -->
+
+ <div id="main">
+ <!--div id="leftcontent" class="hell"-->
+ <div id=processContent>
+ <div id="bku_header" class="dunkel">
+ <h2 id="tabheader" class="dunkel" role="heading">
+ Anmeldeinformationen:
+ </h2>
+ </div>
+
+ <div id="selectArea" class="hell" role="application">
+ <h3>Anmeldung an: $OAName</h3>
+
+
+ <div id="processInfoArea">
+ <p>Für die Anmeldung 'in Vertretung' stehen Ihnen zwei Systeme zur Vollmachtenauswahl zur Verfügung. Bitte wählen Sie das gewünschte Service.</p>
+ </div>
+
+ <div id="processSelectionArea">
+ <div id="elgaMandateButton" class="processSelectionButtonArea">
+ <form method="post" id="moaidform_yes" action="$contextPath$submitEndpoint">
+ <input type="hidden" name="useELGAMandate" value="true">
+ <input type="hidden" name="pendingid" value="$pendingReqID">
+ <input type="submit" value="Eltern-Kind Vertretung" class="processSelectionButton" role="button">
+ </form>
+ <div class="buttonDescription">
+ <p>Eltern-Kind Vertretung</p>
+ </div>
+ </div>
+ <div id="misMandateButton" class="processSelectionButtonArea">
+ <form method="post" id="moaidform_no" action="$contextPath$submitEndpoint">
+ <input type="hidden" name="useMISMandate" value="true">
+ <input type="hidden" name="pendingid" value="$pendingReqID">
+ <input type="submit" value="allgemeine Vertretung" class="processSelectionButton" role="button">
+ </form>
+ <div class="buttonDescription">
+ <p>Vollmachtenservice der Österreichischen Datenschutzbehörde <a href="https://mms.stammzahlenregister.gv.at/mms/moaid.do">(MMS Service)</a></p>
+ </div>
+ </div>
+ <div id="abortButton" class="processSelectionButtonArea">
+ <form method="post" id="moaidform_no" action="$contextPath$submitEndpoint">
+ <input type="hidden" name="pendingid" value="$pendingReqID">
+ <input type="submit" value="Abbrechen" class="processSelectionButton" role="button">
+ </form>
+ <div class="buttonDescription">
+ <p>Den Anmeldevorgang abbrechen</p>
+ </div>
+ </div>
+ </div>
+
+ </div>
+ </div>
+
+ <!--/div-->
+ </div>
+ </div>
+ </div>
+</body>
+</html>
diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml
index 4684c8032..2bd3b6b4f 100644
--- a/id/server/modules/moa-id-module-openID/pom.xml
+++ b/id/server/modules/moa-id-module-openID/pom.xml
@@ -41,13 +41,13 @@
<dependency>
<groupId>com.google.http-client</groupId>
<artifactId>google-http-client-jackson2</artifactId>
- <version>1.21.0</version>
+ <version>1.22.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client-jetty</artifactId>
- <version>1.21.0</version>
+ <version>1.22.0</version>
<scope>test</scope>
<exclusions>
<exclusion>
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
index e2ac97535..9060f35c5 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
@@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.protocols.oauth20;
import java.util.Properties;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.util.FileUtils;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 21fe4e5fa..9b19e0a4d 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -31,7 +31,7 @@ import com.google.gson.JsonObject;
import com.google.gson.JsonPrimitive;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.Pair;
import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
index e81132ca7..a43c8fce9 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
@@ -22,7 +22,7 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
index c4260db82..c6775b692 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
@@ -22,7 +22,7 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
index 6008eede1..5f32e32a2 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
@@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
import java.util.Date;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
index ad7fe68b9..04f38faf6 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
@@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
import java.util.Date;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
index 5c4fe02df..ff19a618a 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
@@ -22,7 +22,7 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
index d08a3b4f0..eda276df2 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
@@ -22,7 +22,7 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
index 10af9cc32..7de90e98e 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
@@ -22,7 +22,7 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
index 4262d6bb3..3ebadba52 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
@@ -22,7 +22,7 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
index da4f76e2d..89209b062 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
@@ -22,7 +22,7 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
index 04a6ec60b..895037b2e 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
@@ -22,7 +22,7 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java
index 307615fbd..5dc36868b 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java
@@ -22,9 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-public class OAuth20Exception extends RuntimeException {
+public class OAuth20Exception extends MOAIDException {
private static final long serialVersionUID = 1L;
@@ -33,7 +33,7 @@ public class OAuth20Exception extends RuntimeException {
private String errorCode;
public OAuth20Exception(final String errorCode, final String messageId, final Object[] parameters) {
- super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
+ super(messageId, parameters);
this.errorCode = errorCode;
this.messageId = messageId;
}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index 518a694b0..803ae388f 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -35,14 +35,14 @@ import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.Pair;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index 055d14ef3..98fcdc8dc 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -32,10 +32,10 @@ import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
@@ -187,7 +187,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
// check if client id and redirect uri are ok
try {
// OAOAUTH20 cannot be null at this point. check was done in base request
- OAAuthParameter oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL());
+ IOAAuthParameters oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL());
if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
index 4eae5ac3b..3ab283db5 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -31,10 +31,10 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
@@ -71,7 +71,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
}
this.setOAURL(oaURL);
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL);
+ IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL);
if (oaParam == null) {
throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
@@ -94,7 +94,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
this.checkAllowedParameters(request);
}
- private void checkAllowedParameters(final HttpServletRequest request) {
+ private void checkAllowedParameters(final HttpServletRequest request) throws OAuth20WrongParameterException {
Logger.debug("Going to check for allowed parameters");
this.allowedParameters.add(OAuth20Constants.PARAM_MOA_ACTION);
this.allowedParameters.add(OAuth20Constants.PARAM_MOA_MOD);
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index b29d33a8d..e6ccc67b7 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -19,9 +19,9 @@ import com.google.gson.JsonObject;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
@@ -81,7 +81,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController {
} catch (OAuth20Exception e) {
Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
- throw new InvalidProtocolRequestException(e.getMessage(), null);
+ throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e);
}
@@ -115,7 +115,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController {
} catch (OAuth20Exception e) {
Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
- throw new InvalidProtocolRequestException(e.getMessage(), null);
+ throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e);
}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
index bb0126a7b..9d78418cd 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
@@ -33,12 +33,12 @@ import com.google.gson.JsonObject;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index 75fbb4120..f35de9c58 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -30,10 +30,10 @@ import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
@@ -140,7 +140,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
// check if client id and secret are ok
try {
// OAOAUTH20 cannot be null at this point. check was done in base request
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL());
+ IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL());
if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) {
throw new OAuth20AccessDeniedException();
diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml
index 8207fc502..b15d7dc85 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/pom.xml
+++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml
@@ -46,6 +46,11 @@
<version>1.52</version>
</dependency>
+ <dependency>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-frontend-resources</artifactId>
+ </dependency>
+
</dependencies>
</project> \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java
index ce3a7856b..1a4356653 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java
@@ -58,8 +58,19 @@ public class SSOTransferConstants {
public static final String SSOCONTAINER_KEY_USERID = "userID";
public static final String SSOCONTAINER_KEY_SESSION = "session";
public static final String SSOCONTAINER_KEY_RESULTENDPOINT = "resultEndPoint";
+ public static final String SSOCONTAINER_KEY_NONCE = "nonce";
+ public static final String SSOCONTAINER_KEY_BLOB = "blob";
+ public static final String SSOCONTAINER_KEY_SIGNATURE = "signature";
+ public static final String SSOCONTAINER_KEY_UNIQUEUSERID = "bPK";
+
+ public static final String SSOCONTAINER_KEY_STATUS = "status";
public static final String FLAG_SSO_SESSION_RESTORED = "ssoRestoredFlag";
public static final long CERT_VALIDITY = 700; //2 years
+
+ public static final String PENDINGREQ_DH = "dhparams";
+ public static final String PENDINGREQ_NONCE = "nonce";
+
+
}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
index 103a03063..78cbd788d 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
@@ -28,11 +28,11 @@ import java.util.List;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.data.AuthenticationRole;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.MISMandate;
@@ -49,8 +49,9 @@ public class SSOTransferAuthenticationData implements IAuthData {
public SSOTransferAuthenticationData(AuthConfiguration authConfig, AuthenticationSession authSession) throws ConfigurationException {
this.authSession = authSession;
- String domainIdentifier = authConfig.getSSOTagetIdentifier().trim();
- isIDPPrivateService = domainIdentifier.startsWith(MOAIDAuthConstants.PREFIX_WPBK);
+ String domainIdentifier = authConfig.getSSOTagetIdentifier();
+ if (domainIdentifier != null)
+ isIDPPrivateService = domainIdentifier.startsWith(MOAIDAuthConstants.PREFIX_WPBK);
}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
index 4ba2e1a01..af180ff10 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
@@ -27,11 +27,11 @@ import java.util.Collection;
import java.util.List;
import java.util.Map;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
-import at.gv.egovernment.moa.id.config.stork.CPEPS;
-import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
-import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
+import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin;
/**
* @author tlenz
@@ -262,15 +262,6 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters {
}
/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten()
- */
- @Override
- public Map<String, String> getFormCustomizaten() {
- // TODO Auto-generated method stub
- return null;
- }
-
- /* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
*/
@Override
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
index 48ef5b526..b18425839 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -30,13 +30,9 @@ import java.io.PrintWriter;
import java.math.BigInteger;
import java.net.URL;
import java.security.InvalidKeyException;
-import java.security.KeyFactory;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
-import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.spec.InvalidKeySpecException;
@@ -46,17 +42,14 @@ import java.util.Date;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.KeyAgreement;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
-import javax.crypto.spec.SecretKeySpec;
import javax.security.cert.CertificateException;
import javax.security.cert.X509Certificate;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.velocity.VelocityContext;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
@@ -80,17 +73,18 @@ import com.google.gson.JsonParser;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
+import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair;
import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer;
-import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils;
import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
@@ -124,6 +118,7 @@ public class SSOTransferServlet{
@Autowired ITransactionStorage transactionStorage;
@Autowired IDPCredentialProvider idpCredentials;
@Autowired AuthConfiguration authConfig;
+ @Autowired IGUIFormBuilder guiBuilder;
public SSOTransferServlet() {
super();
@@ -145,8 +140,6 @@ public class SSOTransferServlet{
method = {RequestMethod.GET})
public void testTransferSSOSessionGUIWithoutAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
try {
- VelocityContext context = new VelocityContext();
-
//create first step of SSO Transfer GUI
String authURL = HTTPUtils.extractAuthURLFromRequest(req);
if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().contains(authURL)) {
@@ -155,8 +148,13 @@ public class SSOTransferServlet{
}
+ DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+ authURL,
+ DefaultGUIFormBuilderConfiguration.VIEW_SSO_SESSION_TRANSFER,
+ null);
+
internalCreateQRCodeForTransfer(resp, authURL,
- "123456", "/TestTransmitSSOSession", context);
+ "123456", "/TestTransmitSSOSession", config);
} catch (MOAIDException | MOADatabaseException e) {
e.printStackTrace();
@@ -280,7 +278,7 @@ public class SSOTransferServlet{
@RequestMapping(value = { "/TransmitSSOSession"
},
- method = {RequestMethod.GET})
+ method = {RequestMethod.GET, RequestMethod.POST})
public void transferToPhone(HttpServletRequest req, HttpServletResponse resp) throws IOException {
Logger.debug("Receive " + this.getClass().getName() + " request");
@@ -388,28 +386,32 @@ public class SSOTransferServlet{
//search SSO session
String ssoid = ssomanager.getSSOSessionID(req);
- VelocityContext context = new VelocityContext();
-
try {
+ String authURL = HTTPUtils.extractAuthURLFromRequest(req);
+ if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().
+ contains(authURL)) {
+ Logger.warn("Requested URL is not allowed.");;
+ resp.sendError(500, "Requested URL is not allowed.");
+
+ }
+
+ DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+ authURL,
+ DefaultGUIFormBuilderConfiguration.VIEW_SSO_SESSION_TRANSFER,
+ null);
+
if (ssomanager.isValidSSOSession(ssoid, null)) {
//Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR);
//create first step of SSO Transfer GUI
- String authURL = HTTPUtils.extractAuthURLFromRequest(req);
- if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().
- contains(authURL)) {
- Logger.warn("Requested URL is not allowed.");;
- resp.sendError(500, "Requested URL is not allowed.");
-
- }
-
+
String moaSessionID = authenticationSessionStorage.getMOASessionSSOID(ssoid);
if (MiscUtil.isNotEmpty(moaSessionID)) {
AuthenticationSession authSession = authenticationSessionStorage.getSession(moaSessionID);
if(authSession != null) {
internalCreateQRCodeForTransfer(resp, authURL,
authSession.getSessionID(),
- SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE, context);
+ SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE, config);
return;
}
@@ -417,9 +419,10 @@ public class SSOTransferServlet{
}
- context.put("errorMsg",
+ config.putCustomParameter("errorMsg",
"No active Single Sign-On session found! SSO Session transfer is not possible.");
- GUIUtils.printSSOTransferGUI(context, resp);
+
+ guiBuilder.build(resp, config, "SSO-Transfer-Module");
} catch (MOAIDException | MOADatabaseException e) {
e.printStackTrace();
@@ -458,7 +461,7 @@ public class SSOTransferServlet{
DHPublicKeySpec mobilePubKeySpec = new DHPublicKeySpec(mobilePubKey,
container.getDhParams().getF().getP(),
container.getDhParams().getF().getG());
- byte[] sharedSecret = getSecret(mobilePubKeySpec, container.getDhParams().getS());
+ byte[] sharedSecret = ssoTransferUtils.getSecret(mobilePubKeySpec, container.getDhParams().getS());
//build ASE256 key
MessageDigest digest = MessageDigest.getInstance("SHA-256");
@@ -470,7 +473,7 @@ public class SSOTransferServlet{
byte[] encryptedCSR = Base64Utils.decode(mobileCSRBase64, true);
Logger.debug("EncCSR:" + Base64Utils.encode(encryptedCSR) + " | Key:" + Base64Utils.encode(hashedSecret));
- byte[] decryptedCSR = enOrDeCryptCSR(encryptedCSR, hashedSecret, Cipher.DECRYPT_MODE);
+ byte[] decryptedCSR = ssoTransferUtils.enOrDeCryptCSR(encryptedCSR, hashedSecret, Cipher.DECRYPT_MODE);
Logger.debug("DecCSR:" + Base64Utils.encode(decryptedCSR));
Logger.debug("CSR decryption finished. --> Starting CSR validation and signing ...");
@@ -487,25 +490,23 @@ public class SSOTransferServlet{
Date now = new Date();
String personInformationToTransfer =
ssoTransferUtils.generateSignedAndEncryptedSSOContainer(
- container.getAuthURL(), moaSession, now);
+ container.getAuthURL(), moaSession, now, hashedSecret);
Logger.debug("PersonData:" + personInformationToTransfer);
//encrypt personal information
Logger.debug("PersonData generation finished. --> Starting personData encryption ... ");
- byte[] encPersonData = enOrDeCryptCSR(personInformationToTransfer.getBytes(), hashedSecret, Cipher.ENCRYPT_MODE);
- String encAndEncodedPersonalData = Base64Utils.encode(encPersonData);
Logger.debug("Encrypt personData finished. --> Send token to device.");
resp.setContentType("text/html;charset=UTF-8");
PrintWriter out = new PrintWriter(resp.getOutputStream());
- out.print(encAndEncodedPersonalData);
+ out.print(personInformationToTransfer);
out.flush();
return;
}
private void internalCreateQRCodeForTransfer(HttpServletResponse resp, String authURL,
- String moaSessionID, String servletEndPoint, VelocityContext context) throws Exception {
+ String moaSessionID, String servletEndPoint, DefaultGUIFormBuilderConfiguration config) throws Exception {
SSOTransferContainer container = new SSOTransferContainer();
String token = Random.nextRandom();
@@ -530,7 +531,7 @@ public class SSOTransferServlet{
BigInteger generator = new BigInteger(Base64Utils.decode(SSOTransferConstants.DH_GENERATOR_BASE64, false));
DHParameterSpec dhSpec = new DHParameterSpec(prime, generator, 1024);
- Pair<DHPublicKeySpec, PrivateKey> dhKeyIDP = createSpecificKey(dhSpec.getP(), dhSpec.getG());
+ Pair<DHPublicKeySpec, PrivateKey> dhKeyIDP = ssoTransferUtils.createSpecificKey(dhSpec.getP(), dhSpec.getG());
container.setDhParams(dhKeyIDP);
//store container
@@ -558,25 +559,15 @@ public class SSOTransferServlet{
ByteArrayOutputStream qrStream =
QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(350, 350).stream();
String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray());
- context.put("QRImage", base64EncodedImage);
+ config.putCustomParameter("QRImage", base64EncodedImage);
- context.put("successMsg", "Scan the QR-Code with your <i>SSO-Transfer App</i> to start the transfer operation.");
+ config.putCustomParameter("successMsg", "Scan the QR-Code with your <i>SSO-Transfer App</i> to start the transfer operation.");
- GUIUtils.printSSOTransferGUI(context, resp);
-
+
+ guiBuilder.build(resp, config, "SSO-Session Transfer-Module");
}
-
- public byte[] enOrDeCryptCSR(byte[] binBlob, byte[] binSecret, int mode) throws IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException {
- byte[] decrypted = null;
- SecretKeySpec skeySpec = new SecretKeySpec(binSecret, "AES");
- Cipher cipher = Cipher.getInstance("AES");
- cipher.init(mode, skeySpec);
- decrypted = cipher.doFinal(binBlob);
-
- return decrypted;
- }
-
+
private X509Certificate signCSRWithMOAKey(byte[] inputCSR) throws IOException, OperatorCreationException, PKCSException, CredentialsNotAvailableException, CertificateException {
PKCS10CertificationRequest csr = new PKCS10CertificationRequest(inputCSR);
@@ -604,20 +595,7 @@ public class SSOTransferServlet{
}
-
- private static byte[] getSecret(DHPublicKeySpec kspectrans, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException {
- KeyAgreement aKeyAgree = KeyAgreement.getInstance("DiffieHellman");
- aKeyAgree.init(privateKey);
-
- KeyFactory kfactory = KeyFactory.getInstance("DiffieHellman");
- PublicKey pub = kfactory.generatePublic(kspectrans);
- aKeyAgree.doPhase(pub, true);
-
- byte[] secretKey = aKeyAgree.generateSecret();
- return secretKey;
-
- }
-
+
private JsonObject getJSONObjectFromPostMessage(HttpServletRequest req, boolean developmentMode) {
//read POST request
StringBuffer sb = new StringBuffer();
@@ -653,20 +631,4 @@ public class SSOTransferServlet{
}
- private Pair<DHPublicKeySpec, PrivateKey> createSpecificKey(BigInteger p, BigInteger g) throws Exception {
- KeyPairGenerator kpg = KeyPairGenerator.getInstance("DiffieHellman");
-
- DHParameterSpec param = new DHParameterSpec(p, g);
- kpg.initialize(param);
- KeyPair kp = kpg.generateKeyPair();
-
- KeyFactory kfactory = KeyFactory.getInstance("DiffieHellman");
-
- Pair<DHPublicKeySpec, PrivateKey> pair = new Pair<DHPublicKeySpec, PrivateKey>(
- (DHPublicKeySpec) kfactory.getKeySpec(kp.getPublic(), DHPublicKeySpec.class), kp.getPrivate());
- return pair;
-
- }
-
-
}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
index 0b3bd892a..e92925dfb 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
@@ -33,9 +33,9 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController;
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -61,13 +61,13 @@ public class SSOTransferSignalServlet extends AbstractProcessEngineSignalControl
@Override
protected void signalProcessManagement(HttpServletRequest req, HttpServletResponse resp) throws IOException {
String pendingRequestID = StringEscapeUtils.escapeHtml(getPendingRequestId(req));
-
+ IRequest pendingReq = null;
try {
if (pendingRequestID == null) {
throw new IllegalStateException("Unable to determine MOA pending-request id.");
}
- IRequest pendingReq = requestStorage.getPendingRequest(pendingRequestID);
+ pendingReq = requestStorage.getPendingRequest(pendingRequestID);
if (pendingReq == null) {
Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
@@ -87,7 +87,7 @@ public class SSOTransferSignalServlet extends AbstractProcessEngineSignalControl
processEngine.signal(pendingReq);
} catch (Exception ex) {
- handleError(null, ex, req, resp, pendingRequestID);
+ handleError(null, ex, req, resp, pendingReq);
} finally {
//MOASessionDBUtils.closeSession();
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
index e84c60ec5..be27de9a1 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
@@ -22,21 +22,32 @@
*/
package at.gv.egovernment.moa.id.auth.modules.ssotransfer.task;
+import java.math.BigInteger;
+import java.security.PrivateKey;
+
+import javax.crypto.spec.DHParameterSpec;
+import javax.crypto.spec.DHPublicKeySpec;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.velocity.VelocityContext;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer;
import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
/**
* @author tlenz
@@ -45,6 +56,9 @@ import at.gv.egovernment.moa.logging.Logger;
@Component("InitializeRestoreSSOSessionTask")
public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask {
+ @Autowired IGUIFormBuilder guiBuilder;
+ @Autowired SSOContainerUtils ssoTransferUtils;
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
@@ -62,12 +76,31 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask {
response.sendError(500, "Requested URL is not allowed.");
}
-
- VelocityContext context = GUIUtils.buildSSOTransferGUI(authURL, pendingReq.getRequestID());
- GUIUtils.printSSOTransferGUI(context, response);
+
+ //use predefined parameters
+ BigInteger prime = new BigInteger(Base64Utils.decode(SSOTransferConstants.DH_PRIME_BASE64, false));
+ BigInteger generator = new BigInteger(Base64Utils.decode(SSOTransferConstants.DH_GENERATOR_BASE64, false));
+ DHParameterSpec dhSpec = new DHParameterSpec(prime, generator, 1024);
+
+ Pair<DHPublicKeySpec, PrivateKey> dhKeyIDP = ssoTransferUtils.createSpecificKey(dhSpec.getP(), dhSpec.getG());
+ String nonce = Random.nextLongRandom();
+
+ GUIUtils.buildSSOTransferGUI(guiBuilder, response, authURL,
+ pendingReq.getRequestID(), nonce, dhKeyIDP.getF());
+ //store DH params and nonce to pending-request
+ SSOTransferContainer container = new SSOTransferContainer();
+ container.setDhParams(dhKeyIDP);
+ pendingReq.setGenericDataToSession(SSOTransferConstants.PENDINGREQ_DH, container);
+ pendingReq.setGenericDataToSession(SSOTransferConstants.PENDINGREQ_NONCE, nonce);
+
+ //store pending-request
+ requestStoreage.storePendingRequest(pendingReq);
- } catch (WrongParametersException | AuthenticationException e) {
+ //set flag
+ executionContext.put("sessionRestoreFinished", false);
+
+ } catch (MOAIDException e) {
throw new TaskExecutionException(pendingReq, e.getMessage(), e);
} catch (Exception e) {
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
index d52e03c09..003ce8c21 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
@@ -24,33 +24,43 @@ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.task;
import java.io.BufferedReader;
import java.io.IOException;
+import java.io.PrintWriter;
+import java.math.BigInteger;
+import java.security.MessageDigest;
+import javax.crypto.Cipher;
+import javax.crypto.spec.DHPublicKeySpec;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.BooleanUtils;
-import org.apache.velocity.VelocityContext;
import org.joda.time.DateTime;
import org.opensaml.saml2.core.Response;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import com.google.common.net.MediaType;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer;
import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils;
import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.x509.X509Certificate;
/**
* @author tlenz
@@ -60,6 +70,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class RestoreSSOSessionTask extends AbstractAuthServletTask {
@Autowired SSOContainerUtils ssoTransferUtils;
+ @Autowired IGUIFormBuilder guiBuilder;
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
@@ -87,65 +98,155 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
Logger.warn("Received POST-message produce an ERROR.", e);
}
-
- //session is valid --> load MOASession object
- try {
- defaultTaskInitialization(request, executionContext);
-
- } catch (MOAIDException | MOADatabaseException e1) {
- Logger.error("Database Error! MOASession is not stored!");
- throw new TaskExecutionException(pendingReq, "Load MOASession FAILED.", e1);
-
- }
-
+
+ String nonce = pendingReq.getGenericData(SSOTransferConstants.PENDINGREQ_NONCE, String.class);
+ SSOTransferContainer container = pendingReq.getGenericData(
+ SSOTransferConstants.PENDINGREQ_DH, SSOTransferContainer.class);
+ if (container == null) {
+ throw new TaskExecutionException(pendingReq, "NO DH-Params in pending-request",
+ new MOAIDException("NO DH-Params in pending-request", null));
+
+ }
+
if (MiscUtil.isNotEmpty(receivedPostMessage)) {
Logger.debug("Receive POST-Message data. Start data-validation process ... ");
+ JsonObject responseMsg = new JsonObject();
try {
+ Logger.debug("Unformated Msg:" + receivedPostMessage);
+
JsonParser parser = new JsonParser();
- JsonObject reveivedData = (JsonObject) parser.parse(sb.toString());
- JsonObject reveivedSession = reveivedData.get("session").getAsJsonObject();
- String validTo = reveivedSession.get("validTo").getAsString();
- String entityID = reveivedSession.get("entityID").getAsString();
- String sessionBlob = reveivedSession.get("sessionBlob").getAsString();
+ JsonObject receivedData = (JsonObject) parser.parse(sb.toString());
- Logger.trace("Blob:" + sessionBlob +
- " | validTo:" + validTo +
- " | entityIS:" + entityID);
+ JsonObject receivedSession = receivedData.get(
+ SSOTransferConstants.SSOCONTAINER_KEY_SESSION).getAsJsonObject();
- if (PVPConfiguration.getInstance().getIDPPublicPath().contains(entityID)) {
- // stored SSO session data is from this IDP - start local session reconstruction
- Response ssoInformation = ssoTransferUtils.validateReceivedSSOContainer(sessionBlob, entityID);
-
- //transfer SSO Assertion into MOA-Session
- ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moasession, ssoInformation);
-
- // store MOASession into database
- try {
- authenticatedSessionStorage.storeSession(moasession);
-
- } catch (MOADatabaseException e) {
- Logger.error("Database Error! MOASession is not stored!");
- throw new MOAIDException("init.04", new Object[] {
- moasession.getSessionID()});
- }
-
- executionContext.put(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED, true);
- executionContext.put("sessionRestoreFinished", false);
-
- } else {
- Logger.info("Received SSO session-data is from IDP: " + entityID
- + ". Start inderfederation process to restore SSO session ... ");
- //change to inderfederated session reconstruction
-
- Logger.warn("Device Session Transfer with interfederation is not implemented, yet!!!!");
+ Logger.debug("Received Session-Object:"+ receivedSession.toString());
+
+ String signature = receivedData.get(
+ SSOTransferConstants.SSOCONTAINER_KEY_SIGNATURE).getAsString();
+ String mobilePubKeyBase64 = receivedData.get(
+ SSOTransferConstants.SSOCONTAINER_KEY_DH_PUBKEY).getAsString();
+
+ String respNonce = receivedSession.get(
+ SSOTransferConstants.PENDINGREQ_NONCE).getAsString();
+ String encSessionBlobBase64 = receivedSession.get(
+ SSOTransferConstants.SSOCONTAINER_KEY_BLOB).getAsString();
+
+ Logger.debug("Receive PubKey:" +mobilePubKeyBase64
+ + " | SessionBlob:" + encSessionBlobBase64
+ + " | Nonce:" + respNonce
+ + " | Signature:" + signature
+ + " | SignedData:" + receivedSession.toString());
+
+ if (MiscUtil.isEmpty(respNonce) || !respNonce.equals(nonce)) {
+ Logger.warn("Received 'nonce':" + respNonce
+ + " does not match to stored 'nonce':" + nonce);
+ throw new TaskExecutionException(pendingReq, "Received 'nonce':" + respNonce
+ + " does not match to stored 'nonce':" + nonce,
+ new MOAIDException("Received 'nonce':" + respNonce + " does not match to stored 'nonce':" + nonce, null));
+
+ }
+
+
+ //finish DH key agreement
+ BigInteger mobilePubKey = new BigInteger(Base64Utils.decode(mobilePubKeyBase64, true));
+ DHPublicKeySpec mobilePubKeySpec = new DHPublicKeySpec(mobilePubKey,
+ container.getDhParams().getF().getP(),
+ container.getDhParams().getF().getG());
+ byte[] sharedSecret = ssoTransferUtils.getSecret(mobilePubKeySpec, container.getDhParams().getS());
+
+ //build ASE256 key
+ MessageDigest digest = MessageDigest.getInstance("SHA-256");
+ digest.reset();
+ byte[] hashedSecret = digest.digest(sharedSecret);
+
+ //decrypt CSR
+ Logger.debug("Finished Diffie-Hellman key exchange. --> Starting SessionBlob decryption ...");
+ byte[] encryptedSessionBlob = Base64Utils.decode(encSessionBlobBase64, true);
+ Logger.debug("EncSessionBlob:" + Base64Utils.encode(encryptedSessionBlob) + " | Key:" + Base64Utils.encode(hashedSecret));
+
+ byte[] sessionBlobArray = ssoTransferUtils.enOrDeCryptCSR(encryptedSessionBlob, hashedSecret, Cipher.DECRYPT_MODE);
+ String sessionBlob = new String(sessionBlobArray, "UTF-8");
+ Logger.debug("DecSessionBlob:" + sessionBlob);
+
+ //parse SAML2 assertion
+ Response ssoInformation = ssoTransferUtils.validateReceivedSSOContainer(sessionBlob);
+
+ //validate signature
+ AssertionAttributeExtractor attributeExtractor = new AssertionAttributeExtractor(ssoInformation);
+ String holderOfKeyCertBase64 = attributeExtractor.getSingleAttributeValue(PVPConstants.PVP_HOLDEROFKEY_NAME);
+ byte[] holderOfKeyCertEncoded = Base64Utils.decode(holderOfKeyCertBase64, false);
+ X509Certificate holderOfKeyCert = new X509Certificate(holderOfKeyCertEncoded);
+ Logger.debug("Found HolderOfKey Certificate:" + holderOfKeyCert.getSubjectDN().toString());
+
+
+ //TODO: implement Signature validation
+
+ Logger.debug("MobileDevice is valid. --> Starting session reconstruction ...");
+
+
+ //session is valid --> load MOASession object
+ try {
+ defaultTaskInitialization(request, executionContext);
+
+ } catch (MOAIDException | MOADatabaseException e1) {
+ Logger.error("Database Error! MOASession is not stored!");
+ throw new TaskExecutionException(pendingReq, "Load MOASession FAILED.", e1);
+
+ }
+
+ //transfer SSO Assertion into MOA-Session
+ ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moasession, attributeExtractor);
+
+ // store MOASession into database
+ try {
+ authenticatedSessionStorage.storeSession(moasession);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("Database Error! MOASession is not stored!");
+ throw new MOAIDException("init.04", new Object[] {
+ moasession.getSessionID()});
+ }
+
+ executionContext.put(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED, true);
+ executionContext.put("sessionRestoreFinished", false);
+
+
+ responseMsg.addProperty(
+ SSOTransferConstants.SSOCONTAINER_KEY_STATUS,
+ "OK");
+ response.setStatus(HttpServletResponse.SC_OK);
+ response.setContentType(MediaType.HTML_UTF_8.toString());
+ PrintWriter out = new PrintWriter(response.getOutputStream());
+ out.print(responseMsg.toString());
+ out.flush();
+
+
+// Logger.info("Received SSO session-data is from IDP: " + entityID
+// + ". Start inderfederation process to restore SSO session ... ");
+// //change to inderfederated session reconstruction
+//
+// Logger.warn("Device Session Transfer with interfederation is not implemented, yet!!!!");
- }
+
} catch (Exception e) {
Logger.error("Parse reveived JSON data-object " + sb.toString() + " FAILED!", e);
- throw new TaskExecutionException(pendingReq, "JSON data is not parseable.", e);
-
+ //throw new TaskExecutionException(pendingReq, "JSON data is not parseable.", e);
+ try {
+ responseMsg.addProperty(
+ SSOTransferConstants.SSOCONTAINER_KEY_STATUS,
+ "FAILED");
+ response.setStatus(HttpServletResponse.SC_OK);
+ response.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(response.getOutputStream());
+ out.print(responseMsg.toString());
+ out.flush();
+ } catch (IOException e1) {
+ e1.printStackTrace();
+
+ }
}
} else {
@@ -160,16 +261,26 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
executionContext.put("sessionRestoreFinished", true);
} else {
+ //session is valid --> load MOASession object
+ try {
+ defaultTaskInitialization(request, executionContext);
+
+ } catch (MOAIDException | MOADatabaseException e1) {
+ Logger.error("Database Error! MOASession is not stored!");
+ throw new TaskExecutionException(pendingReq, "Load MOASession FAILED.", e1);
+
+ }
+
DateTime moaSessionCreated = new DateTime(moasession.getSessionCreated().getTime());
- if (moaSessionCreated.plusMinutes(3).isBeforeNow()) {
+ if (moaSessionCreated.plusMinutes(1).isBeforeNow()) {
Logger.warn("No SSO session-container received. Stop authentication process after time-out.");
- throw new TaskExecutionException(pendingReq, "No SSO container received from smartphone app.", null);
+ throw new TaskExecutionException(pendingReq, "No SSO container received from smartphone app.",
+ new MOAIDException("No SSO container received from smartphone app.", null));
} else {
Logger.debug("No restored SSO session found --> Wait a few minutes and check again.");
executionContext.put("sessionRestoreFinished", false);
- VelocityContext context;
try {
//create first step of SSO Transfer GUI
authURL = HTTPUtils.extractAuthURLFromRequest(request);
@@ -180,8 +291,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
}
- context = GUIUtils.buildSSOTransferGUI(authURL, pendingReq.getRequestID());
- GUIUtils.printSSOTransferGUI(context, response);
+ GUIUtils.buildSSOTransferGUI(guiBuilder, response,
+ authURL, pendingReq.getRequestID(), nonce, container.getDhParams().getF());
} catch (IOException | MOAIDException e) {
throw new TaskExecutionException(pendingReq, e.getMessage(), e);
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
index ee7a397aa..13a278d1d 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
@@ -22,31 +22,23 @@
*/
package at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils;
-import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
-import java.io.File;
-import java.io.FileInputStream;
import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.StringWriter;
-import java.net.URI;
+import javax.crypto.spec.DHPublicKeySpec;
import javax.servlet.http.HttpServletResponse;
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
-
import com.google.gson.JsonObject;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
+import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
import net.glxn.qrgen.QRCode;
import net.glxn.qrgen.image.ImageType;
@@ -54,95 +46,75 @@ import net.glxn.qrgen.image.ImageType;
* @author tlenz
*
*/
-public class GUIUtils {
- private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
- private static final String GUI_HTML_TEMPLATE = "sso_transfer_template.html";
-
+public class GUIUtils {
public static final int REFESH_TIMEOUT = 5 * 1000; //5 sec
- public static VelocityContext buildSSOTransferGUI(String authURL, String pendingReqID) throws ConfigurationException, IOException {
- String containerURL = authURL
- + SSOTransferConstants.SERVLET_SSOTRANSFER_FROM_SMARTPHONE
- + "?" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingReqID;
-
- JsonObject qrResult = new JsonObject();
- qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE,
- SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_TRANSER);
- qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL);
+ public static void buildSSOTransferGUI(
+ IGUIFormBuilder guiBuilder, HttpServletResponse httpResp,
+ String authURL, String pendingReqID) throws ConfigurationException, IOException {
+ buildSSOTransferGUI(guiBuilder, httpResp, authURL, pendingReqID, null, null);
+
+ }
- ByteArrayOutputStream qrStream =
- QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream();
- String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray());
- VelocityContext context = new VelocityContext();
- context.put("QRImage", base64EncodedImage);
-
- context.put("successMsg", "Select the SSO Session in your <i>SSO-Transfer App</i> and scan the QR-Code to start the process.");
-
- context.put("timeoutURL", containerURL);
- context.put("timeout", REFESH_TIMEOUT);
-
- return context;
+ /**
+ * @param guiBuilder
+ * @param response
+ * @param authURL
+ * @param requestID
+ * @param nonce
+ * @param dhKeyIDP
+ * @throws ConfigurationException
+ * @throws IOException
+ */
+ public static void buildSSOTransferGUI(IGUIFormBuilder guiBuilder, HttpServletResponse response, String authURL,
+ String requestID, String nonce, DHPublicKeySpec dhKeyIDP) throws ConfigurationException, IOException {
+ try {
+ String containerURL = authURL
+ + SSOTransferConstants.SERVLET_SSOTRANSFER_FROM_SMARTPHONE
+ + "?" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + requestID;
- }
-
- public static void printSSOTransferGUI(VelocityContext context, HttpServletResponse httpResp) throws MOAIDException {
- try {
- Logger.trace("Initialize VelocityEngine...");
- InputStream is = null;
- String pathLocation = null;
- try {
- String rootconfigdir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir();
- pathLocation = rootconfigdir + HTMLTEMPLATESDIR + GUI_HTML_TEMPLATE;
- File file = new File(new URI(pathLocation));
- is = new FileInputStream(file);
- evaluateTemplate(context, httpResp, is);
-
- } catch (Exception e) {
- Logger.warn("SLO Template is not found in configuration directory (" +
- pathLocation + "). Load template from project library ... ");
+
+
+ JsonObject qrResult = new JsonObject();
+ qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE,
+ SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_TRANSER);
+ qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL);
+
+ if (MiscUtil.isNotEmpty(nonce))
+ qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_NONCE, nonce);
+
+ if (dhKeyIDP != null) {
+ qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_DH_PUBKEY,
+ Base64Utils.encode(dhKeyIDP.getY().toByteArray()));
+ qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_DH_PRIME,
+ Base64Utils.encode(dhKeyIDP.getP().toByteArray()));
+ qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_DH_GENERATOR,
+ Base64Utils.encode(dhKeyIDP.getG().toByteArray()));
- try {
- pathLocation = GUI_HTML_TEMPLATE;
- is = Thread.currentThread()
- .getContextClassLoader()
- .getResourceAsStream(pathLocation);
- evaluateTemplate(context, httpResp, is);
+ }
+
+ ByteArrayOutputStream qrStream =
+ QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(350, 350).stream();
+ String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray());
- } catch (Exception e1) {
- Logger.error("Single LogOut form can not created.", e);
- throw new MOAIDException("Create Single LogOut information FAILED.", null, e);
- }
-
- } finally {
- if (is != null)
- is.close();
+ DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+ authURL,
+ DefaultGUIFormBuilderConfiguration.VIEW_SSO_SESSION_TRANSFER,
+ null);
+
+ config.putCustomParameter("QRImage", base64EncodedImage);
+ config.putCustomParameter("successMsg", "Select the SSO Session in your <i>SSO-Transfer App</i> and scan the QR-Code to start the process.");
+ config.putCustomParameter("timeoutURL", containerURL);
+ config.putCustomParameter("timeout", REFESH_TIMEOUT);
- }
+ guiBuilder.build(response, config, "SSO-Transfer-Module");
- } catch (Exception e) {
- Logger.error("Single LogOut form can not created.", e);
- throw new MOAIDException("Create Single LogOut information FAILED.", null, e);
- }
- }
-
- private static void evaluateTemplate(VelocityContext context, HttpServletResponse httpResp, InputStream is) throws Exception {
-
- VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
-
- BufferedReader reader = new BufferedReader(new InputStreamReader(is ));
-
- //set default elements to velocity context
- context.put("contextpath", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix());
-
- StringWriter writer = new StringWriter();
- //velocityEngine.evaluate(context, writer, "SLO_Template", reader);
- engine.evaluate(context, writer, "SSO Transfer Template", reader);
-
-
- httpResp.setContentType("text/html;charset=UTF-8");
- httpResp.getOutputStream().write(writer.toString().getBytes("UTF-8"));
+ } catch (GUIBuildException e) {
+ Logger.warn("Can not build GUI:'BKU-Selection'. Msg:" + e.getMessage(), e);
+ throw new ConfigurationException("builder.09", new Object[]{e.getMessage()}, e);
+
+ }
- }
-
+ }
}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
index b2ab8b119..0785f767b 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
@@ -25,14 +25,31 @@ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringWriter;
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
import java.security.cert.CertificateException;
+import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.KeyAgreement;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.DHParameterSpec;
+import javax.crypto.spec.DHPublicKeySpec;
+import javax.crypto.spec.SecretKeySpec;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -81,22 +98,24 @@ import org.w3c.dom.NodeList;
import com.google.gson.JsonObject;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair;
import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferAuthenticationData;
import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferOnlineApplication;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.MISMandate;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
@@ -110,6 +129,7 @@ import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.util.BpkUtil;
import iaik.x509.X509Certificate;
/**
@@ -148,8 +168,8 @@ public class SSOContainerUtils {
@Autowired SAMLVerificationEngineSP samlVerificationEngine;
@Autowired AuthConfiguration authConfig;
- public void parseSSOContainerToMOASessionDataObject(IRequest pendingReq, AuthenticationSession moasession, Response ssoInformation) throws AssertionAttributeExtractorExeption, ConfigurationException {
- AssertionAttributeExtractor attributeExtractor = new AssertionAttributeExtractor(ssoInformation);
+ public void parseSSOContainerToMOASessionDataObject(IRequest pendingReq, AuthenticationSession moasession, AssertionAttributeExtractor attributeExtractor) throws AssertionAttributeExtractorExeption, ConfigurationException {
+// AssertionAttributeExtractor attributeExtractor = new AssertionAttributeExtractor(ssoInformation);
//TODO: maybe change to correct URL
//set dummy BKU URLx
@@ -250,16 +270,14 @@ public class SSOContainerUtils {
}
- public Response validateReceivedSSOContainer(String signedEncryptedContainer, String entityID) throws IOException, XMLParserException, UnmarshallingException, MOAIDException {
- byte[] base64decodedContainer = Base64Utils.decode(signedEncryptedContainer, false);
-
+ public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException {
final BasicParserPool ppMgr = new BasicParserPool();
final HashMap<String, Boolean> features = new HashMap<String, Boolean>();
features.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
ppMgr.setBuilderFeatures(features);
ppMgr.setNamespaceAware(true);
- Document document = ppMgr.parse(new ByteArrayInputStream(base64decodedContainer));
+ Document document = ppMgr.parse(new ByteArrayInputStream(signedEncryptedContainer.getBytes()));
Element domElement = document.getDocumentElement();
UnmarshallerFactory saml2UnmarshallerFactory = Configuration.getUnmarshallerFactory();
@@ -297,9 +315,9 @@ public class SSOContainerUtils {
//validate PVP 2.1 assertion
samlVerificationEngine.validateAssertion(ssoContainer, false,
credentials.getIDPAssertionEncryptionCredential(),
- entityID,
- "SSO-Session Transfer module"
- );
+ ssoContainer.getIssuer().getValue(),
+ "SSO-Session Transfer module",
+ false);
return ssoContainer;
} else {
@@ -318,16 +336,15 @@ public class SSOContainerUtils {
public String generateSignedAndEncryptedSSOContainer(String authURL,
- AuthenticationSession authSession, Date date) {
+ AuthenticationSession authSession, Date date, byte[] hashedSecret) {
try {
- String entityID = authURL;
+ String entityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL);
AuthnContextClassRef authnContextClassRef = SAML2Utils
.createSAMLObject(AuthnContextClassRef.class);
authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());
NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
- String random = Random.nextRandom();
- String nameID = subjectNameID.getValue();
+ String random = Random.nextLongRandom();
try {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] hash = md.digest((random).getBytes("ISO-8859-1"));
@@ -351,7 +368,7 @@ public class SSOContainerUtils {
IAuthData authData = new SSOTransferAuthenticationData(authConfig, authSession);
Assertion assertion = PVP2AssertionBuilder.buildGenericAssertion(
- authURL,
+ entityID,
entityID,
new DateTime(date.getTime()),
authnContextClassRef,
@@ -361,34 +378,83 @@ public class SSOContainerUtils {
sessionIndex,
subjectConfirmationData.getNotOnOrAfter());
- String ssoDataBlob = buildSSOContainerObject(authURL, assertion, new DateTime(date.getTime()));
+ //build blob with signed session information
+ String ssoDataBlob = buildSSOContainerObject(entityID, assertion, new DateTime(date.getTime()));
+ Logger.debug("Unencrypted SessionBlob:" + ssoDataBlob);
+
+ //encrypt session information with ephemeral key
+ byte[] encPersonData = enOrDeCryptCSR(ssoDataBlob.getBytes(), hashedSecret, Cipher.ENCRYPT_MODE);
+ String encAndEncodedPersonalData = Base64Utils.encode(encPersonData);
+ Logger.debug("Encrypted SessionBlob:" + encAndEncodedPersonalData);
+ //build JSON response
JsonObject container = new JsonObject();
container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_SSO);
container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_VALIDTO, subjectConfirmationData.getNotOnOrAfter().toString());
container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_ENTITYID, entityID);
container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_USERID, authData.getGivenName() + " " + authData.getFamilyName());
- container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_SESSION, ssoDataBlob);
+
+ container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_SESSION, encAndEncodedPersonalData);
+ container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_UNIQUEUSERID,
+ BpkUtil.calcBPK(authData.getIdentificationValue(), "AB"));
//TODO
container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_RESULTENDPOINT, "https://demo.egiz.gv.at");
return container.toString();
- } catch (ConfigurationException | EncryptionException | CredentialsNotAvailableException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException e) {
+ } catch (ConfigurationException | EncryptionException | CredentialsNotAvailableException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | NoSuchPaddingException e) {
Logger.warn("SSO container generation FAILED.", e);
}
return null;
}
- private String buildSSOContainerObject(String authURL, Assertion assertion, DateTime date) throws ConfigurationException, EncryptionException, CredentialsNotAvailableException, SecurityException, ParserConfigurationException, MarshallingException, SignatureException, TransformerFactoryConfigurationError, TransformerException, IOException {
+ public byte[] enOrDeCryptCSR(byte[] binBlob, byte[] binSecret, int mode) throws IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException {
+ byte[] decrypted = null;
+ SecretKeySpec skeySpec = new SecretKeySpec(binSecret, "AES");
+ Cipher cipher = Cipher.getInstance("AES");
+ cipher.init(mode, skeySpec);
+ decrypted = cipher.doFinal(binBlob);
+
+ return decrypted;
+ }
+
+ public Pair<DHPublicKeySpec, PrivateKey> createSpecificKey(BigInteger p, BigInteger g) throws Exception {
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance("DiffieHellman");
+
+ DHParameterSpec param = new DHParameterSpec(p, g);
+ kpg.initialize(param);
+ KeyPair kp = kpg.generateKeyPair();
+
+ KeyFactory kfactory = KeyFactory.getInstance("DiffieHellman");
+
+ Pair<DHPublicKeySpec, PrivateKey> pair = new Pair<DHPublicKeySpec, PrivateKey>(
+ (DHPublicKeySpec) kfactory.getKeySpec(kp.getPublic(), DHPublicKeySpec.class), kp.getPrivate());
+ return pair;
+
+ }
+
+ public byte[] getSecret(DHPublicKeySpec kspectrans, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException {
+ KeyAgreement aKeyAgree = KeyAgreement.getInstance("DiffieHellman");
+ aKeyAgree.init(privateKey);
+
+ KeyFactory kfactory = KeyFactory.getInstance("DiffieHellman");
+ PublicKey pub = kfactory.generatePublic(kspectrans);
+ aKeyAgree.doPhase(pub, true);
+
+ byte[] secretKey = aKeyAgree.generateSecret();
+ return secretKey;
+
+ }
+
+ private String buildSSOContainerObject(String entityID, Assertion assertion, DateTime date) throws ConfigurationException, EncryptionException, CredentialsNotAvailableException, SecurityException, ParserConfigurationException, MarshallingException, SignatureException, TransformerFactoryConfigurationError, TransformerException, IOException {
Response authResponse = SAML2Utils.createSAMLObject(Response.class);
Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
//change to entity value from entity name to IDP EntityID (URL)
- nissuer.setValue(authURL);
+ nissuer.setValue(entityID);
nissuer.setFormat(NameID.ENTITY);
authResponse.setIssuer(nissuer);
@@ -457,7 +523,7 @@ public class SSOContainerUtils {
transformer.transform(source, sr);
sw.close();
- return Base64Utils.encode(sw.toString().getBytes());
+ return sw.toString();
}
@@ -476,7 +542,7 @@ public class SSOContainerUtils {
Logger.info("SSO-Transfer attribute " + el + " is empty!");
} catch (Exception e) {
- Logger.warn("Build SSO-Transfer attribute " + el + " FAILED.", e);
+ Logger.info("Build SSO-Transfer attribute " + el + " FAILED:" + e.getMessage());
}
}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java
index 57f4d11ad..0eb71ec92 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java
@@ -22,6 +22,10 @@
*/
package at.gv.egiz.tests;
+import com.google.gson.JsonObject;
+
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
+
/**
* @author tlenz
*
@@ -53,6 +57,19 @@ public class Tests {
+ JsonObject responseMsg = new JsonObject();
+ responseMsg.addProperty(
+ SSOTransferConstants.SSOCONTAINER_KEY_STATUS,
+ "OK");
+
+
+ JsonObject levelTwo = new JsonObject();
+ levelTwo.addProperty("test", "12345");
+
+ responseMsg.add("levelTwo", levelTwo );
+
+
+ System.out.println(responseMsg.toString());
// } catch (IOException e) {
// // TODO Auto-generated catch block
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
index 6abc60c46..49275c6eb 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
@@ -22,8 +22,8 @@
*/
package at.gv.egovernment.moa.id.auth.modules.federatedauth;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.AuthModule;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
/**
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
index 0f2c85350..c3d5e8032 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
@@ -34,7 +34,7 @@ import org.opensaml.xml.security.credential.Credential;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
@@ -263,7 +263,6 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo
*/
@Override
public List<RequestedAttribute> getSPRequiredAttributes() {
- // TODO Auto-generated method stub
return null;
}
@@ -287,4 +286,22 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo
return FederatedAuthConstants.MODULE_NAME_FOR_LOGGING;
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAssertionSigned()
+ */
+ @Override
+ public boolean wantAssertionSigned() {
+ return false;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned()
+ */
+ @Override
+ public boolean wantAuthnRequestSigned() {
+ return true;
+ }
+
}
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
index 19eae06d7..000590923 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
@@ -26,6 +26,7 @@ import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.xml.security.credential.Credential;
+import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation;
@@ -190,5 +191,21 @@ public class FederatedAuthnRequestBuilderConfiguration implements IPVPAuthnReque
return null;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationMethode()
+ */
+ @Override
+ public String getSubjectConformationMethode() {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationDate()
+ */
+ @Override
+ public Element getSubjectConformationDate() {
+ return null;
+ }
+
}
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
index c06800079..02356d74a 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
@@ -32,11 +32,13 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import com.google.common.net.MediaType;
+
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthMetadataConfiguration;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
import at.gv.egovernment.moa.id.auth.servlet.AbstractController;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
import at.gv.egovernment.moa.id.util.HTTPUtils;
@@ -80,7 +82,7 @@ public class FederatedAuthMetadataController extends AbstractController {
String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
//write response
- resp.setContentType("text/xml");
+ resp.setContentType(MediaType.XML_UTF_8.toString());
resp.getOutputStream().write(xmlMetadata.getBytes("UTF-8"));
resp.getOutputStream().close();
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
index 06664af45..d581e7e75 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
@@ -35,15 +35,14 @@ import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthnRequestBuilderConfiguration;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
@@ -82,7 +81,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
}
//load IDP configuration from MOA-ID Configuration
- OAAuthParameter idpConfig = authConfig.getOnlineApplicationParameter(idpEntityID);
+ IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(idpEntityID);
//validate IDP
if (!idpConfig.isInderfederationIDP() || !idpConfig.isInboundSSOInterfederationAllowed()) {
Logger.info("Requested interfederation IDP " + idpEntityID + " is not valid for interfederation.");
@@ -139,7 +138,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
* @param objects
* @throws AuthnRequestBuildException
*/
- private void handleAuthnRequestBuildProblem(ExecutionContext executionContext, OAAuthParameter idpConfig, String msgCode, Object[] objects) throws AuthnRequestBuildException {
+ private void handleAuthnRequestBuildProblem(ExecutionContext executionContext, IOAAuthParameters idpConfig, String msgCode, Object[] objects) throws AuthnRequestBuildException {
if (idpConfig.isPerformLocalAuthenticationOnInterfederationError()) {
Logger.info("Switch to local authentication on this IDP ... ");
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
index 01163efd6..1c3134b77 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
@@ -41,20 +41,19 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -225,7 +224,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
} catch (AssertionValidationExeption | AuthnResponseValidationException e) {
Logger.info("PVP response validation FAILED. Msg:" + e.getMessage());
if (msg != null) {
- OAAuthParameter idpConfig = authConfig.getOnlineApplicationParameter(msg.getEntityID());
+ IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(msg.getEntityID());
//remove federated IDP from SSO session if exists
ssoManager.removeInterfederatedSSOIDP(msg.getEntityID(), request);
@@ -313,7 +312,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
* @throws TaskExecutionException
* @throws Throwable
*/
- private void handleAuthnResponseValidationProblem(ExecutionContext executionContext, OAAuthParameter idpConfig, Throwable e) throws TaskExecutionException {
+ private void handleAuthnResponseValidationProblem(ExecutionContext executionContext, IOAAuthParameters idpConfig, Throwable e) throws TaskExecutionException {
if (idpConfig != null && idpConfig.isPerformLocalAuthenticationOnInterfederationError()) {
Logger.info("Switch to local authentication on this IDP ... ");
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
index 1168250ad..aac253083 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
@@ -26,7 +26,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
import at.gv.egovernment.moa.util.FileUtils;
diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml
index f54c24499..0463bf8d9 100644
--- a/id/server/modules/moa-id-modules-saml1/pom.xml
+++ b/id/server/modules/moa-id-modules-saml1/pom.xml
@@ -51,6 +51,13 @@
<scope>test</scope>
</dependency> -->
+ <dependency>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-commons</artifactId>
+ <scope>test</scope>
+ <type>test-jar</type>
+ </dependency>
+
<dependency>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-modul-citizencard_authentication</artifactId>
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index b184aa4fe..c421bf8cc 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -30,17 +30,17 @@ import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.URLEncoder;
import eu.eidas.auth.commons.IPersonalAttributeList;
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index fc5837e51..f00358d02 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -69,15 +69,17 @@ import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
+import com.google.common.net.MediaType;
+
import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
import at.gv.egovernment.moa.id.auth.servlet.AbstractController;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -136,13 +138,13 @@ public class GetAuthenticationDataService extends AbstractController implements
String respString = DOMUtils.serializeNode(soapResp, true);
- resp.setContentType("text/xml;charset=UTF-8");
+ resp.setContentType(MediaType.XML_UTF_8.toString());
context.put(CONTEXT_SOAP_ASSERTION, respString);
evaluateTemplate(context, resp, TEMPLATE_SOAP_SUCCESS);
} catch (ParserConfigurationException | SAXException | IOException | TransformerException e) {
Logger.error("SAML1 GetAuthenticationData receive a non-valid request.", e);
- resp.setContentType("text/xml;charset=UTF-8");
+ resp.setContentType(MediaType.XML_UTF_8.toString());
context.put(CONTEXT_SOAP_ISSUEINSTANT, DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()));
context.put(CONTEXT_SOAP_RESPONSEID, Random.nextRandom());
@@ -153,7 +155,7 @@ public class GetAuthenticationDataService extends AbstractController implements
} catch (SAML1AssertionResponseBuildException e) {
Logger.error("SAML1 GetAuthenticationData response build failed..", e);
- resp.setContentType("text/xml;charset=UTF-8");
+ resp.setContentType(MediaType.XML_UTF_8.toString());
context.put(CONTEXT_SOAP_ISSUEINSTANT, e.getIssueInstant());
context.put(CONTEXT_SOAP_REQUESTEID, e.getRequestID());
@@ -187,17 +189,17 @@ public class GetAuthenticationDataService extends AbstractController implements
if (wsdl_param != null) {
//print wsdl
- resp.setContentType("text/xml;charset=UTF-8");
+ resp.setContentType(MediaType.XML_UTF_8.toString());
evaluateTemplate(context, resp, TEMPLATE_WSDL);
} else if (xsd_param != null){
//print xsd
- resp.setContentType("text/xml;charset=UTF-8");
+ resp.setContentType(MediaType.XML_UTF_8.toString());
evaluateTemplate(context, resp, TEMPLATE_XSD);
} else {
//print plain info
- resp.setContentType("text/html;charset=UTF-8");
+ resp.setContentType(MediaType.XML_UTF_8.toString());
evaluateTemplate(context, resp, TEMPLATE_PLAIN_INFO);
}
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 9d0dac0f8..0ec0d95a2 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -46,7 +46,6 @@ import org.xml.sax.SAXException;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
@@ -61,13 +60,14 @@ import at.gv.egovernment.moa.id.auth.exception.ServiceException;
import at.gv.egovernment.moa.id.auth.exception.ValidateException;
import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.ITransactionStorage;
import at.gv.egovernment.moa.id.util.Random;
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 8cc894040..37d66d29b 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -37,14 +37,14 @@ import org.springframework.web.bind.annotation.RequestMethod;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -163,8 +163,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController {
//load Target only from OA config
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(oaURL);
+ IOAAuthParameters oaParam = authConfig.getOnlineApplicationParameter(oaURL);
if (oaParam == null)
throw new InvalidProtocolRequestException("auth.00",
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
index d93aebcec..42fafc01e 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
@@ -30,7 +30,7 @@ import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
-import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
+import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
index 4e5bed97c..70448ef09 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
@@ -36,8 +36,8 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.monitoring.TestManager;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
index 13fb59038..5e4183146 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
@@ -29,11 +29,11 @@ import java.util.List;
import org.hibernate.Query;
import org.hibernate.Session;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
index 824791797..7994e7a06 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
@@ -37,9 +37,8 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -71,7 +70,7 @@ public class IdentityLinkTestModule implements TestModuleInterface {
.getMoaSpIdentityLinkTrustProfileID(false));
// invokes the call
- Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
+ Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance()
.verifyXMLSignature(domVerifyXMLSignatureRequest);
// parses the <VerifyXMLSignatureResponse>
try {
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
index 3c2b143b3..b25eed520 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
@@ -27,8 +27,8 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.FileUtils;