diff options
author | Klaus Stranacher <kstranacher@iaik.tugraz.at> | 2013-09-04 23:51:25 +0200 |
---|---|---|
committer | Klaus Stranacher <kstranacher@iaik.tugraz.at> | 2013-09-04 23:51:25 +0200 |
commit | 3b7776e9020ea8affdf9fcd10b12d2da28adcd08 (patch) | |
tree | 386e05cfdac42aa997b54181e400cc4ecfea99a1 /id/server | |
parent | 0d8dfd1b3b0892164fbd9d3d13eb231adad4062b (diff) | |
download | moa-id-spss-3b7776e9020ea8affdf9fcd10b12d2da28adcd08.tar.gz moa-id-spss-3b7776e9020ea8affdf9fcd10b12d2da28adcd08.tar.bz2 moa-id-spss-3b7776e9020ea8affdf9fcd10b12d2da28adcd08.zip |
Validation signing time (auth block) against server time
Update MOA-ID sample configs (new ES Test-PEPS Url)
WAI compliant template
Diffstat (limited to 'id/server')
17 files changed, 106 insertions, 47 deletions
diff --git a/id/server/auth/.settings/org.eclipse.wst.common.component b/id/server/auth/.settings/org.eclipse.wst.common.component index b4ffa88f6..9725f5b61 100644 --- a/id/server/auth/.settings/org.eclipse.wst.common.component +++ b/id/server/auth/.settings/org.eclipse.wst.common.component @@ -17,7 +17,8 @@ </dependent-module> <property name="context-root" value="moa-id-auth"/> <wb-resource deploy-path="/WEB-INF/classes" source-path="src/main/resources"/> - <wb-resource deploy-path="/" source-path="/src/main/webapp"/> + <wb-resource deploy-path="/" source-path="/target/m2e-wtp/web-resources"/> + <wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/> <property name="java-output-path" value="/target/classes"/> </wb-module> </project-modules> diff --git a/id/server/auth/src/main/webapp/iframeHandyBKU.html b/id/server/auth/src/main/webapp/iframeHandyBKU.html index b5936679f..0f6e1e282 100644 --- a/id/server/auth/src/main/webapp/iframeHandyBKU.html +++ b/id/server/auth/src/main/webapp/iframeHandyBKU.html @@ -8,11 +8,11 @@ <script type="text/javascript">
// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
// z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
- var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample";
+ var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Handy Signatur an -->
<!-- z.B.: value="https://yoururl.at/moa-id-auth/template_handyBKU.html"-->
- var URL_TO_HANDYSIGNATUR_TEMPLATE = "https://localhost:8443/moa-id-auth/template_handyBKU.html";
+ var URL_TO_HANDYSIGNATUR_TEMPLATE = "[URL_TO_HANDYSIGNATUR_TEMPLATE]";
window.onload=function() {
@@ -49,8 +49,7 @@ Bitte warten...
<form name="moaidform" method="post" id="moaidform">
<input type="hidden" name="Template" id="Template">
- <!-- <input type="hidden" name="bkuURI" value="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx"> -->
- <input type="hidden" name="bkuURI" value="https://test1.a-trust.at/https-security-layer-request/default.aspx">
+ <input type="hidden" name="bkuURI" value="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx">
<input type="hidden" name="useMandate" id="useMandate">
</form>
<hr>
diff --git a/id/server/auth/src/main/webapp/iframeOnlineBKU.html b/id/server/auth/src/main/webapp/iframeOnlineBKU.html index 7f6efb241..3ff0dac89 100644 --- a/id/server/auth/src/main/webapp/iframeOnlineBKU.html +++ b/id/server/auth/src/main/webapp/iframeOnlineBKU.html @@ -8,16 +8,16 @@ <script type="text/javascript">
// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
// z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
- var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&sourceID=ABC123-_ABC123";
+ var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Online BKU an
// z.B.: "https://yoururl.at/moa-id-auth/template_onlineBKU.html"
- var URL_TO_ONLINEBKU_TEMPLATE = "https://localhost:8443/moa-id-auth/template_onlineBKU.html";
+ var URL_TO_ONLINEBKU_TEMPLATE = "[URL_TO_ONLINEBKU_TEMPLATE]";
// [MUSS] Geben Sie hier die URL zur Online BKU an
// z.B.: value="https://yoururl.at/bkuonline/https-security-layer-request"
// Hinweis: Diese URL muss auch bei den vertrauenswürdigen BKUs in der MOA-ID Konfiguration angegeben werden (siehe Element MOA-IDConfiguration/TrustedBKUs/BKUURL)
- var URL_TO_ONLINEBKU = "https://localhost:8444/bkuonline/https-security-layer-request";
+ var URL_TO_ONLINEBKU = "[URL_TO_ONLINEBKU]";
window.onload=function() {
document.getElementById('moaidform').action = MOA_ID_STARTAUTHENTICATION;
diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html index 03123c2a7..83b4ee418 100644 --- a/id/server/auth/src/main/webapp/index.html +++ b/id/server/auth/src/main/webapp/index.html @@ -11,11 +11,11 @@ <script type="text/javascript">
// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
// z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
- var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample";
+ var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die lokale BKU an
// z.B.: https://yoururl.at/moa-id-auth/template_localBKU.html
- var URL_TO_LOKALBKU_TEMPLATE = "https://localhost:8443/moa-id-auth/template_localBKU.html";
+ var URL_TO_LOKALBKU_TEMPLATE = "[URL_TO_LOKALBKU_TEMPLATE]";
window.onload=function() {
@@ -109,7 +109,7 @@ var parent = el.parentNode;
var iFrameURL = "iframeOnlineBKU.html" + "?";
- iFrameURL += "useMandate=" + document.getElementById("useMandate").value + "&";
+ iFrameURL += "use=" + document.getElementById("useMandate").value + "&";
iFrameURL += "ccc=" + ccc;
var iframe = document.createElement("iframe");
@@ -156,7 +156,7 @@ <!-- Block "KARTE": Anmeldung mit lokaler BKU *ohne* Vollmacht (No-Script Variante) -->
<!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an (inkl. Template-URL, bkuURI und useMandate Parameter!) -->
<!-- z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at&Template=https://yoururl.at/moa-id-auth/template_localBKU.html&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=false -->
- <a href="https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&Template=https://localhost:8443/moa-id-auth/template_localBKU.html&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=false">
+ <a href="[MOA_ID_STARTAUTHENTICATION]&Template=[URL_TO_LOKALBKU_TEMPLATE]&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=false">
<div id="bkukarte" class="hell">
<button name="bkuButton" type="button">KARTE</button>
</div>
@@ -166,7 +166,7 @@ <!-- Block "KARTE+Vollmacht": Anmeldung mit lokaler BKU *mit* Vollmacht (No-Script Variante) -->
<!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an (inkl. Template-URL, bkuURI und useMandate Parameter!) -->
<!-- z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at&Template=https://yoururl.at/moa-id-auth/template_localBKU.html&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=true -->
- <!-- <a href="https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&Template=https://localhost:8443/moa-id-auth/template_localBKU.html&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=true">
+ <!-- <a href="[MOA_ID_STARTAUTHENTICATION]&Template=[URL_TO_LOKALBKU_TEMPLATE]&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=true">
<div id="bkukarte" class="hell">
<button name="bkuButton" type="button">KARTE+<br>Vollmacht</button>
</div>
@@ -176,7 +176,7 @@ <!-- Block "HANDY": Anmeldung mit Handysignatur *ohne* Vollmacht (No-Script Variante) -->
<!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an (inkl. Template-URL, bkuURI und useMandate Parameter!) -->
<!-- z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at&Template=https://yoururl.at/moa-id-auth/template_handyBKU.html&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=false -->
- <a href="https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&Template=https://localhost:8443/moa-id-auth/template_localBKU.html&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=false">
+ <a href="[MOA_ID_STARTAUTHENTICATION]&Template=[URL_TO_HANDYSIGNATUR_TEMPLATE]&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=false">
<div id="bkuhandy" class="hell">
<button name="bkuButton" type="button">HANDY</button>
</div>
@@ -185,7 +185,7 @@ <!-- Block "HANDY+Vollnacht": Anmeldung mit Handysignatur *mit* Vollmacht (No-Script Variante) -->
<!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an (inkl. Template-URL, bkuURI und useMandate Parameter!) -->
<!-- z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at&Template=https://yoururl.at/moa-id-auth/template_handyBKU.html&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=true -->
- <!-- <a href="https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&Template=https://localhost:8443/moa-id-auth/template_localBKU.html&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=true">
+ <!-- <a href="[MOA_ID_STARTAUTHENTICATION]&Template=[URL_TO_HANDYSIGNATUR_TEMPLATE]&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=true">
<div id="bkuhandy" class="hell">
<button name="bkuButton" type="button">HANDY</button>
</div>
@@ -202,7 +202,7 @@ </div>
<div id="stork" class="hell" align="center">
<p>
- <form name="storkForm" method="POST" action="https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&Template=https://localhost:8443/moa-id-auth/template_localBKU.html&bkuURI=https://127.0.0.1:3496/https-security-layer-request">
+ <form name="storkForm" method="POST" action="[MOA_ID_STARTAUTHENTICATION]&Template=[URL_TO_LOKALBKU_TEMPLATE]&bkuURI=https://127.0.0.1:3496/https-security-layer-request">
<select name="CCC" size="1" style="width:120px">
<option value="BE">België/Belgique</option>
<option value="EE">Eesti</option>
@@ -224,22 +224,24 @@ </noscript>
<script>
- <!-- [OPTIONAL] Um die Online BKU auszublenden, kommentieren sie folgende drei Zeilen aus aus -->
+ <!-- [OPTIONAL] Um die Anmeldung mit Vollmachten auszublenden, kommentieren Sie folgende fünf Zeilen aus -->
+ document.write("<div id=\"mandate\">");
+ document.write("<input tabindex=\"1\" type=\"checkbox\" name=\"Mandate\" style=\"vertical-align: middle; margin-right: 5px;\" id=\"mandateCheckBox\">");
+ document.write("<label>in Vertretung anmelden</label>");
+ document.write(" <a href=\"info_mandates.html\" target=\"_blank\" class=\"infobutton\" style=\"color:#FFF\">i</a>");
+ document.write("</div> ");
+
+ <!-- [OPTIONAL] Um die Online BKU auszublenden, kommentieren sie folgende drei Zeilen aus aus -->
document.write("<div id=\"bkukarte\" class=\"hell\">");
- document.write("<button name=\"bkuButton\" type=\"button\" onClick=\"bkuOnlineClicked();\">KARTE</button>");
+ document.write("<button name=\"bkuButton\" type=\"button\" onClick=\"bkuOnlineClicked();\" tabindex=\"2\">KARTE</button>");
document.write("</div>");
<!-- [OPTIONAL] Um die Handysignatur auszublenden, kommentieren sie folgende drei Zeilen aus aus -->
document.write("<div id=\"bkuhandy\" class=\"hell\">");
- document.write("<button name=\"bkuButton\" type=\"button\" onClick=\"bkuHandyClicked();\">HANDY</button>");
+ document.write("<button name=\"bkuButton\" type=\"button\" onClick=\"bkuHandyClicked();\" tabindex=\"3\">HANDY</button>");
document.write("</div>");
- <!-- [OPTIONAL] Um die Anmeldung mit Vollmachten auszublenden, kommentieren Sie folgende fünf Zeilen aus -->
- document.write("<div id=\"mandate\">");
- document.write("<input type=\"checkbox\" name=\"Mandate\" style=\"vertical-align: middle; margin-right: 5px;\" id=\"mandateCheckBox\">");
- document.write("<label>in Vertretung anmelden</label>");
- document.write(" <a href=\"info_mandates.html\" target=\"_blank\" class=\"infobutton\" style=\"color:#FFF\">i</a>");
- document.write("</div> ");
+
<!-- [OPTIONAL] Um die Anmeldung von ausländischen Identitäten auszublenden, kommentieren Sie folgende Zeilen aus -->
document.write("<div id=\"leftcontent\" style=\"margin-bottom:10px\">");
@@ -272,7 +274,7 @@ -
+s
<div id="localBKU" style="display:none" class="hell">
<hr>
<form method="post" id="moaidform">
diff --git a/id/server/auth/src/main/webapp/template_handyBKU.html b/id/server/auth/src/main/webapp/template_handyBKU.html index 27834cd91..0ad73a6f3 100644 --- a/id/server/auth/src/main/webapp/template_handyBKU.html +++ b/id/server/auth/src/main/webapp/template_handyBKU.html @@ -12,6 +12,7 @@ </head>
<body onLoad="onAnmeldeSubmit()">
<form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
+ Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier:
<input class="button" type="submit" value="Starte Anmeldung" name="Senden">
<input type="hidden" name="XMLRequest" value="<XMLRequest>">
<input type="hidden" name="DataURL" value="<DataURL>">
diff --git a/id/server/auth/src/main/webapp/template_localBKU.html b/id/server/auth/src/main/webapp/template_localBKU.html index 64275391a..f197d2c5c 100644 --- a/id/server/auth/src/main/webapp/template_localBKU.html +++ b/id/server/auth/src/main/webapp/template_localBKU.html @@ -11,7 +11,8 @@ </script>
</head>
<body onLoad="onAnmeldeSubmit()">
- <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
+ <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
+ Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier:
<input class="button" type="submit" value="Starte Anmeldung" name="Senden">
<input type="hidden" name="XMLRequest" value="<XMLRequest>">
<input type="hidden" name="DataURL" value="<DataURL>">
diff --git a/id/server/auth/src/main/webapp/template_onlineBKU.html b/id/server/auth/src/main/webapp/template_onlineBKU.html index 77f7d076a..565955538 100644 --- a/id/server/auth/src/main/webapp/template_onlineBKU.html +++ b/id/server/auth/src/main/webapp/template_onlineBKU.html @@ -11,7 +11,8 @@ </script>
</head>
<body onLoad="onAnmeldeSubmit()">
- <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
+ <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
+ Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier:
<input class="button" type="hidden" value="Starte Anmeldung" name="Senden">
<input type="hidden" name="XMLRequest" value="<XMLRequest>">
<input type="hidden" name="DataURL" value="<DataURL>">
@@ -23,7 +24,6 @@ <!-- [OPTIONAL] Aendern Sie hier die Hintergrundfarbe der Online-BKU -->
<input type="hidden" name="appletBackgroundColor" value="#DDDDDD">
- <input type="hidden" name="redirectTarget" value="_top">
</form>
<form name="CustomizedInfoForm" action="<BKU>" method="post">
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml index a8a9b95da..b70b8f3f6 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml @@ -51,7 +51,7 @@ </C-PEPS> <!-- Test C-PEPS --> <!-- - <C-PEPS countryCode="ES" URL="https://88.84.94.24/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="ES" URL="https://prespanishpeps.redsara.es/PEPS/ColleagueRequest"/> <C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS2/ColleagueRequest"/> <C-PEPS countryCode="PT" URL="https://eu-id.teste.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/> <C-PEPS countryCode="SI" URL="https://peps-test.mju.gov.si/PEPS/ColleagueRequest"> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml index 204fe6df9..c7da561e4 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml @@ -52,7 +52,7 @@ </C-PEPS> <!-- Test C-PEPS --> <!-- - <C-PEPS countryCode="ES" URL="https://88.84.94.24/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="ES" URL="https://prespanishpeps.redsara.es/PEPS/ColleagueRequests"/> <C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS2/ColleagueRequest"/> <C-PEPS countryCode="PT" URL="https://eu-id.teste.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/> <C-PEPS countryCode="SI" URL="https://peps-test.mju.gov.si/PEPS/ColleagueRequest"> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml index 6f5a68d8b..f034a262e 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml @@ -53,7 +53,7 @@ </C-PEPS> <!-- Test C-PEPS --> <!-- - <C-PEPS countryCode="ES" URL="https://88.84.94.24/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="ES" URL="https://prespanishpeps.redsara.es/PEPS/ColleagueRequest"/> <C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS2/ColleagueRequest"/> <C-PEPS countryCode="PT" URL="https://eu-id.teste.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/> <C-PEPS countryCode="SI" URL="https://peps-test.mju.gov.si/PEPS/ColleagueRequest"> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml index f9ab3469b..f3c0877a6 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml @@ -53,7 +53,7 @@ </C-PEPS> <!-- Test C-PEPS --> <!-- - <C-PEPS countryCode="ES" URL="https://88.84.94.24/PEPS/ColleagueRequest"/> + <C-PEPS countryCode="ES" URL="https://prespanishpeps.redsara.es/PEPS/ColleagueRequests"/> <C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS2/ColleagueRequest"/> <C-PEPS countryCode="PT" URL="https://eu-id.teste.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/> <C-PEPS countryCode="SI" URL="https://peps-test.mju.gov.si/PEPS/ColleagueRequest"> diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java index 6004f251f..1624a59c0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java @@ -25,10 +25,13 @@ package at.gv.egovernment.moa.id.auth.parser; import java.io.ByteArrayInputStream; +import java.io.IOException; import java.io.InputStream; import java.util.ArrayList; import java.util.List; +import javax.xml.transform.TransformerException; + import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.w3c.dom.traversal.NodeIterator; @@ -157,6 +160,7 @@ public class CreateXMLSignatureResponseParser { Element dsigSignatureNode = (Element) list.item(0); Element dsigSignatureElement = (Element) dsigSignatureNode; + cResp.setDsigSignature(dsigSignatureElement); } catch (Throwable t) { @@ -201,6 +205,11 @@ public class CreateXMLSignatureResponseParser { SAMLAttribute[] result = new SAMLAttribute[samlAttributes.size()]; samlAttributes.toArray(result); cResp.setSamlAttributes(result); + + NodeList list = sigResponse_.getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature"); + Element dsigSignatureNode = (Element) list.item(0); + cResp.setDsigSignature(dsigSignatureNode); + } catch (Throwable t) { throw new ParseException("parser.01", new Object[] { t.toString()}, t); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java index 4ddad2429..2c957603b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java @@ -151,6 +151,8 @@ public class VerifyXMLSignatureResponseParser { VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); try { + + String s = DOMUtils.serializeNode(verifyXMLSignatureResponse); respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,"")); Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH); respData.setQualifiedCertificate(e!=null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index d0fb1f87f..b2ef2d000 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -24,9 +24,14 @@ package at.gv.egovernment.moa.id.auth.validator; +import java.util.Calendar; +import java.util.GregorianCalendar; import java.util.Iterator; import java.util.List; +import javax.xml.bind.DatatypeConverter; + +import org.jaxen.SimpleNamespaceContext; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; @@ -59,11 +64,25 @@ public class CreateXMLSignatureResponseValidator { /** Xpath expression to the dsig:Signature element */ private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature"; - //private static final String XADES_SIGNINGTIME_PATH = Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime"; - + private static final String XADES_1_1_1_SIGNINGTIME_PATH = "//" + Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime"; + private static final String XADES_1_3_2_SIGNINGTIME_PATH = "//" + Constants.XADES_1_3_2_NS_PREFIX + ":SigningTime"; + + + private static final long MAX_DIFFERENCE_IN_MILLISECONDS = 600000; // 10min + /** Singleton instance. <code>null</code>, if none has been created. */ private static CreateXMLSignatureResponseValidator instance; + private static SimpleNamespaceContext NS_CONTEXT; + static { + NS_CONTEXT = new SimpleNamespaceContext(); + NS_CONTEXT.addNamespace(Constants.XADES_1_1_1_NS_PREFIX, Constants.XADES_1_1_1_NS_URI); + NS_CONTEXT.addNamespace(Constants.XADES_1_2_2_NS_PREFIX, Constants.XADES_1_2_2_NS_URI); + NS_CONTEXT.addNamespace(Constants.XADES_1_3_2_NS_PREFIX, Constants.XADES_1_3_2_NS_URI); + NS_CONTEXT.addNamespace(Constants.XADES_1_4_1_NS_PREFIX, Constants.XADES_1_4_1_NS_URI); + } + + /** * Constructor for a singleton CreateXMLSignatureResponseValidator. * @return an instance of CreateXMLSignatureResponseValidator @@ -550,8 +569,36 @@ public class CreateXMLSignatureResponseValidator { public void validateSigningDateTime( CreateXMLSignatureResponse csresp) throws ValidateException { - //TODO: insert Time validation!!!! - + Element dsigSignatureElement = csresp.getDsigSignature(); + if (dsigSignatureElement == null) { + throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ; + } + else { + Element signingTimeElem = (Element) XPathUtils.selectSingleNode(dsigSignatureElement, NS_CONTEXT, XADES_1_1_1_SIGNINGTIME_PATH); + if (signingTimeElem == null) { + signingTimeElem = (Element) XPathUtils.selectSingleNode(dsigSignatureElement, NS_CONTEXT, XADES_1_3_2_SIGNINGTIME_PATH); + if (signingTimeElem == null) + throw new ValidateException("validator.68", null) ; + } + + + String signingTimeStr = signingTimeElem.getTextContent(); + if (signingTimeStr == null) + throw new ValidateException("validator.68", null) ; + + Calendar signingTimeCal = DatatypeConverter.parseDate(signingTimeStr); + Calendar serverTimeCal = new GregorianCalendar(); + + long diff = Math.abs(signingTimeCal.getTimeInMillis() - serverTimeCal.getTimeInMillis()); + + if (diff > MAX_DIFFERENCE_IN_MILLISECONDS) + throw new ValidateException("validator.69", new Object[] {"mehr als " + MAX_DIFFERENCE_IN_MILLISECONDS + " Millisekunden"}) ; + + Logger.debug("Compare \"" + signingTimeCal.getTime() + "\" (SigningTime) with \"" + serverTimeCal.getTime() + "\" (server time)"); + + + } + } } diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 272f26efb..c5ebc4b0d 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -181,6 +181,8 @@ validator.65=Es ist ein Fehler bei der Formulargenerierung f�r berufliche Part validator.66=?berpr?fung der {0}-Infobox fehlgeschlagen\: berufliche Parteienvetretung ist nicht konfiguriert.
validator.67=Der Specialtext ({0}) stimmt nicht mit dem für diese Applikation hinterlegten Text ({1}) überein.
+validator.68=SigningTime im AUTH-Block konnte nicht eruiert werden.
+validator.69=SigningTime im AUTH-Block und Serverzeit weichen zu stark ab ({0}).
ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen
diff --git a/id/server/moa-id-commons/.classpath b/id/server/moa-id-commons/.classpath index 88431cf04..0e89cea3d 100644 --- a/id/server/moa-id-commons/.classpath +++ b/id/server/moa-id-commons/.classpath @@ -6,11 +6,6 @@ <attribute name="maven.pomderived" value="true"/> </attributes> </classpathentry> - <classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"> - <attributes> - <attribute name="maven.pomderived" value="true"/> - </attributes> - </classpathentry> <classpathentry kind="src" output="target/test-classes" path="src/test/java"> <attributes> <attribute name="optional" value="true"/> @@ -18,20 +13,20 @@ </attributes> </classpathentry> <classpathentry kind="src" path="target/generated-sources/xjc"/> - <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"> + <classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources/config"> <attributes> <attribute name="maven.pomderived" value="true"/> </attributes> </classpathentry> - <classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER"> + <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"> <attributes> <attribute name="maven.pomderived" value="true"/> - <attribute name="org.eclipse.jst.component.nondependency" value=""/> </attributes> </classpathentry> - <classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources"> + <classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER"> <attributes> <attribute name="maven.pomderived" value="true"/> + <attribute name="org.eclipse.jst.component.nondependency" value=""/> </attributes> </classpathentry> <classpathentry kind="output" path="target/classes"/> diff --git a/id/server/moa-id-commons/.project b/id/server/moa-id-commons/.project index 75c3e013e..a7c3725f2 100644 --- a/id/server/moa-id-commons/.project +++ b/id/server/moa-id-commons/.project @@ -28,10 +28,10 @@ </buildCommand> </buildSpec> <natures> + <nature>org.eclipse.m2e.core.maven2Nature</nature> <nature>org.eclipse.jem.workbench.JavaEMFNature</nature> <nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature> <nature>org.eclipse.jdt.core.javanature</nature> - <nature>org.eclipse.m2e.core.maven2Nature</nature> <nature>org.eclipse.wst.common.project.facet.core.nature</nature> </natures> </projectDescription> |