aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorKlaus Stranacher <kstranacher@iaik.tugraz.at>2013-09-04 23:51:25 +0200
committerKlaus Stranacher <kstranacher@iaik.tugraz.at>2013-09-04 23:51:25 +0200
commit3b7776e9020ea8affdf9fcd10b12d2da28adcd08 (patch)
tree386e05cfdac42aa997b54181e400cc4ecfea99a1 /id/server
parent0d8dfd1b3b0892164fbd9d3d13eb231adad4062b (diff)
downloadmoa-id-spss-3b7776e9020ea8affdf9fcd10b12d2da28adcd08.tar.gz
moa-id-spss-3b7776e9020ea8affdf9fcd10b12d2da28adcd08.tar.bz2
moa-id-spss-3b7776e9020ea8affdf9fcd10b12d2da28adcd08.zip
Validation signing time (auth block) against server time
Update MOA-ID sample configs (new ES Test-PEPS Url) WAI compliant template
Diffstat (limited to 'id/server')
-rw-r--r--id/server/auth/.settings/org.eclipse.wst.common.component3
-rw-r--r--id/server/auth/src/main/webapp/iframeHandyBKU.html7
-rw-r--r--id/server/auth/src/main/webapp/iframeOnlineBKU.html6
-rw-r--r--id/server/auth/src/main/webapp/index.html38
-rw-r--r--id/server/auth/src/main/webapp/template_handyBKU.html1
-rw-r--r--id/server/auth/src/main/webapp/template_localBKU.html3
-rw-r--r--id/server/auth/src/main/webapp/template_onlineBKU.html4
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml2
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml2
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml2
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java55
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties2
-rw-r--r--id/server/moa-id-commons/.classpath13
-rw-r--r--id/server/moa-id-commons/.project2
17 files changed, 106 insertions, 47 deletions
diff --git a/id/server/auth/.settings/org.eclipse.wst.common.component b/id/server/auth/.settings/org.eclipse.wst.common.component
index b4ffa88f6..9725f5b61 100644
--- a/id/server/auth/.settings/org.eclipse.wst.common.component
+++ b/id/server/auth/.settings/org.eclipse.wst.common.component
@@ -17,7 +17,8 @@
</dependent-module>
<property name="context-root" value="moa-id-auth"/>
<wb-resource deploy-path="/WEB-INF/classes" source-path="src/main/resources"/>
- <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
+ <wb-resource deploy-path="/" source-path="/target/m2e-wtp/web-resources"/>
+ <wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
<property name="java-output-path" value="/target/classes"/>
</wb-module>
</project-modules>
diff --git a/id/server/auth/src/main/webapp/iframeHandyBKU.html b/id/server/auth/src/main/webapp/iframeHandyBKU.html
index b5936679f..0f6e1e282 100644
--- a/id/server/auth/src/main/webapp/iframeHandyBKU.html
+++ b/id/server/auth/src/main/webapp/iframeHandyBKU.html
@@ -8,11 +8,11 @@
<script type="text/javascript">
// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
// z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
- var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample";
+ var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Handy Signatur an -->
<!-- z.B.: value="https://yoururl.at/moa-id-auth/template_handyBKU.html"-->
- var URL_TO_HANDYSIGNATUR_TEMPLATE = "https://localhost:8443/moa-id-auth/template_handyBKU.html";
+ var URL_TO_HANDYSIGNATUR_TEMPLATE = "[URL_TO_HANDYSIGNATUR_TEMPLATE]";
window.onload=function() {
@@ -49,8 +49,7 @@
Bitte warten...
<form name="moaidform" method="post" id="moaidform">
<input type="hidden" name="Template" id="Template">
- <!-- <input type="hidden" name="bkuURI" value="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx"> -->
- <input type="hidden" name="bkuURI" value="https://test1.a-trust.at/https-security-layer-request/default.aspx">
+ <input type="hidden" name="bkuURI" value="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx">
<input type="hidden" name="useMandate" id="useMandate">
</form>
<hr>
diff --git a/id/server/auth/src/main/webapp/iframeOnlineBKU.html b/id/server/auth/src/main/webapp/iframeOnlineBKU.html
index 7f6efb241..3ff0dac89 100644
--- a/id/server/auth/src/main/webapp/iframeOnlineBKU.html
+++ b/id/server/auth/src/main/webapp/iframeOnlineBKU.html
@@ -8,16 +8,16 @@
<script type="text/javascript">
// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
// z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
- var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&sourceID=ABC123-_ABC123";
+ var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Online BKU an
// z.B.: "https://yoururl.at/moa-id-auth/template_onlineBKU.html"
- var URL_TO_ONLINEBKU_TEMPLATE = "https://localhost:8443/moa-id-auth/template_onlineBKU.html";
+ var URL_TO_ONLINEBKU_TEMPLATE = "[URL_TO_ONLINEBKU_TEMPLATE]";
// [MUSS] Geben Sie hier die URL zur Online BKU an
// z.B.: value="https://yoururl.at/bkuonline/https-security-layer-request"
// Hinweis: Diese URL muss auch bei den vertrauenswürdigen BKUs in der MOA-ID Konfiguration angegeben werden (siehe Element MOA-IDConfiguration/TrustedBKUs/BKUURL)
- var URL_TO_ONLINEBKU = "https://localhost:8444/bkuonline/https-security-layer-request";
+ var URL_TO_ONLINEBKU = "[URL_TO_ONLINEBKU]";
window.onload=function() {
document.getElementById('moaidform').action = MOA_ID_STARTAUTHENTICATION;
diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html
index 03123c2a7..83b4ee418 100644
--- a/id/server/auth/src/main/webapp/index.html
+++ b/id/server/auth/src/main/webapp/index.html
@@ -11,11 +11,11 @@
<script type="text/javascript">
// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
// z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
- var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample";
+ var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die lokale BKU an
// z.B.: https://yoururl.at/moa-id-auth/template_localBKU.html
- var URL_TO_LOKALBKU_TEMPLATE = "https://localhost:8443/moa-id-auth/template_localBKU.html";
+ var URL_TO_LOKALBKU_TEMPLATE = "[URL_TO_LOKALBKU_TEMPLATE]";
window.onload=function() {
@@ -109,7 +109,7 @@
var parent = el.parentNode;
var iFrameURL = "iframeOnlineBKU.html" + "?";
- iFrameURL += "useMandate=" + document.getElementById("useMandate").value + "&";
+ iFrameURL += "use=" + document.getElementById("useMandate").value + "&";
iFrameURL += "ccc=" + ccc;
var iframe = document.createElement("iframe");
@@ -156,7 +156,7 @@
<!-- Block "KARTE": Anmeldung mit lokaler BKU *ohne* Vollmacht (No-Script Variante) -->
<!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an (inkl. Template-URL, bkuURI und useMandate Parameter!) -->
<!-- z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at&Template=https://yoururl.at/moa-id-auth/template_localBKU.html&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=false -->
- <a href="https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&Template=https://localhost:8443/moa-id-auth/template_localBKU.html&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=false">
+ <a href="[MOA_ID_STARTAUTHENTICATION]&Template=[URL_TO_LOKALBKU_TEMPLATE]&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=false">
<div id="bkukarte" class="hell">
<button name="bkuButton" type="button">KARTE</button>
</div>
@@ -166,7 +166,7 @@
<!-- Block "KARTE+Vollmacht": Anmeldung mit lokaler BKU *mit* Vollmacht (No-Script Variante) -->
<!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an (inkl. Template-URL, bkuURI und useMandate Parameter!) -->
<!-- z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at&Template=https://yoururl.at/moa-id-auth/template_localBKU.html&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=true -->
- <!-- <a href="https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&Template=https://localhost:8443/moa-id-auth/template_localBKU.html&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=true">
+ <!-- <a href="[MOA_ID_STARTAUTHENTICATION]&Template=[URL_TO_LOKALBKU_TEMPLATE]&bkuURI=https://127.0.0.1:3496/https-security-layer-request&useMandate=true">
<div id="bkukarte" class="hell">
<button name="bkuButton" type="button">KARTE+<br>Vollmacht</button>
</div>
@@ -176,7 +176,7 @@
<!-- Block "HANDY": Anmeldung mit Handysignatur *ohne* Vollmacht (No-Script Variante) -->
<!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an (inkl. Template-URL, bkuURI und useMandate Parameter!) -->
<!-- z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at&Template=https://yoururl.at/moa-id-auth/template_handyBKU.html&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=false -->
- <a href="https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&Template=https://localhost:8443/moa-id-auth/template_localBKU.html&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=false">
+ <a href="[MOA_ID_STARTAUTHENTICATION]&Template=[URL_TO_HANDYSIGNATUR_TEMPLATE]&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=false">
<div id="bkuhandy" class="hell">
<button name="bkuButton" type="button">HANDY</button>
</div>
@@ -185,7 +185,7 @@
<!-- Block "HANDY+Vollnacht": Anmeldung mit Handysignatur *mit* Vollmacht (No-Script Variante) -->
<!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an (inkl. Template-URL, bkuURI und useMandate Parameter!) -->
<!-- z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at&Template=https://yoururl.at/moa-id-auth/template_handyBKU.html&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=true -->
- <!-- <a href="https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&Template=https://localhost:8443/moa-id-auth/template_localBKU.html&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=true">
+ <!-- <a href="[MOA_ID_STARTAUTHENTICATION]&Template=[URL_TO_HANDYSIGNATUR_TEMPLATE]&bkuURI=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&useMandate=true">
<div id="bkuhandy" class="hell">
<button name="bkuButton" type="button">HANDY</button>
</div>
@@ -202,7 +202,7 @@
</div>
<div id="stork" class="hell" align="center">
<p>
- <form name="storkForm" method="POST" action="https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample&Template=https://localhost:8443/moa-id-auth/template_localBKU.html&bkuURI=https://127.0.0.1:3496/https-security-layer-request">
+ <form name="storkForm" method="POST" action="[MOA_ID_STARTAUTHENTICATION]&Template=[URL_TO_LOKALBKU_TEMPLATE]&bkuURI=https://127.0.0.1:3496/https-security-layer-request">
<select name="CCC" size="1" style="width:120px">
<option value="BE">België/Belgique</option>
<option value="EE">Eesti</option>
@@ -224,22 +224,24 @@
</noscript>
<script>
- <!-- [OPTIONAL] Um die Online BKU auszublenden, kommentieren sie folgende drei Zeilen aus aus -->
+ <!-- [OPTIONAL] Um die Anmeldung mit Vollmachten auszublenden, kommentieren Sie folgende fünf Zeilen aus -->
+ document.write("<div id=\"mandate\">");
+ document.write("<input tabindex=\"1\" type=\"checkbox\" name=\"Mandate\" style=\"vertical-align: middle; margin-right: 5px;\" id=\"mandateCheckBox\">");
+ document.write("<label>in Vertretung anmelden</label>");
+ document.write(" <a href=\"info_mandates.html\" target=\"_blank\" class=\"infobutton\" style=\"color:#FFF\">i</a>");
+ document.write("</div> ");
+
+ <!-- [OPTIONAL] Um die Online BKU auszublenden, kommentieren sie folgende drei Zeilen aus aus -->
document.write("<div id=\"bkukarte\" class=\"hell\">");
- document.write("<button name=\"bkuButton\" type=\"button\" onClick=\"bkuOnlineClicked();\">KARTE</button>");
+ document.write("<button name=\"bkuButton\" type=\"button\" onClick=\"bkuOnlineClicked();\" tabindex=\"2\">KARTE</button>");
document.write("</div>");
<!-- [OPTIONAL] Um die Handysignatur auszublenden, kommentieren sie folgende drei Zeilen aus aus -->
document.write("<div id=\"bkuhandy\" class=\"hell\">");
- document.write("<button name=\"bkuButton\" type=\"button\" onClick=\"bkuHandyClicked();\">HANDY</button>");
+ document.write("<button name=\"bkuButton\" type=\"button\" onClick=\"bkuHandyClicked();\" tabindex=\"3\">HANDY</button>");
document.write("</div>");
- <!-- [OPTIONAL] Um die Anmeldung mit Vollmachten auszublenden, kommentieren Sie folgende fünf Zeilen aus -->
- document.write("<div id=\"mandate\">");
- document.write("<input type=\"checkbox\" name=\"Mandate\" style=\"vertical-align: middle; margin-right: 5px;\" id=\"mandateCheckBox\">");
- document.write("<label>in Vertretung anmelden</label>");
- document.write(" <a href=\"info_mandates.html\" target=\"_blank\" class=\"infobutton\" style=\"color:#FFF\">i</a>");
- document.write("</div> ");
+
<!-- [OPTIONAL] Um die Anmeldung von ausländischen Identitäten auszublenden, kommentieren Sie folgende Zeilen aus -->
document.write("<div id=\"leftcontent\" style=\"margin-bottom:10px\">");
@@ -272,7 +274,7 @@
-
+s
<div id="localBKU" style="display:none" class="hell">
<hr>
<form method="post" id="moaidform">
diff --git a/id/server/auth/src/main/webapp/template_handyBKU.html b/id/server/auth/src/main/webapp/template_handyBKU.html
index 27834cd91..0ad73a6f3 100644
--- a/id/server/auth/src/main/webapp/template_handyBKU.html
+++ b/id/server/auth/src/main/webapp/template_handyBKU.html
@@ -12,6 +12,7 @@
</head>
<body onLoad="onAnmeldeSubmit()">
<form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
+ Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier:
<input class="button" type="submit" value="Starte Anmeldung" name="Senden">
<input type="hidden" name="XMLRequest" value="<XMLRequest>">
<input type="hidden" name="DataURL" value="<DataURL>">
diff --git a/id/server/auth/src/main/webapp/template_localBKU.html b/id/server/auth/src/main/webapp/template_localBKU.html
index 64275391a..f197d2c5c 100644
--- a/id/server/auth/src/main/webapp/template_localBKU.html
+++ b/id/server/auth/src/main/webapp/template_localBKU.html
@@ -11,7 +11,8 @@
</script>
</head>
<body onLoad="onAnmeldeSubmit()">
- <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
+ <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
+ Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier:
<input class="button" type="submit" value="Starte Anmeldung" name="Senden">
<input type="hidden" name="XMLRequest" value="<XMLRequest>">
<input type="hidden" name="DataURL" value="<DataURL>">
diff --git a/id/server/auth/src/main/webapp/template_onlineBKU.html b/id/server/auth/src/main/webapp/template_onlineBKU.html
index 77f7d076a..565955538 100644
--- a/id/server/auth/src/main/webapp/template_onlineBKU.html
+++ b/id/server/auth/src/main/webapp/template_onlineBKU.html
@@ -11,7 +11,8 @@
</script>
</head>
<body onLoad="onAnmeldeSubmit()">
- <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
+ <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
+ Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier:
<input class="button" type="hidden" value="Starte Anmeldung" name="Senden">
<input type="hidden" name="XMLRequest" value="<XMLRequest>">
<input type="hidden" name="DataURL" value="<DataURL>">
@@ -23,7 +24,6 @@
<!-- [OPTIONAL] Aendern Sie hier die Hintergrundfarbe der Online-BKU -->
<input type="hidden" name="appletBackgroundColor" value="#DDDDDD">
- <input type="hidden" name="redirectTarget" value="_top">
</form>
<form name="CustomizedInfoForm" action="<BKU>" method="post">
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index a8a9b95da..b70b8f3f6 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -51,7 +51,7 @@
</C-PEPS>
<!-- Test C-PEPS -->
<!--
- <C-PEPS countryCode="ES" URL="https://88.84.94.24/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="ES" URL="https://prespanishpeps.redsara.es/PEPS/ColleagueRequest"/>
<C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS2/ColleagueRequest"/>
<C-PEPS countryCode="PT" URL="https://eu-id.teste.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/>
<C-PEPS countryCode="SI" URL="https://peps-test.mju.gov.si/PEPS/ColleagueRequest">
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index 204fe6df9..c7da561e4 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -52,7 +52,7 @@
</C-PEPS>
<!-- Test C-PEPS -->
<!--
- <C-PEPS countryCode="ES" URL="https://88.84.94.24/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="ES" URL="https://prespanishpeps.redsara.es/PEPS/ColleagueRequests"/>
<C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS2/ColleagueRequest"/>
<C-PEPS countryCode="PT" URL="https://eu-id.teste.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/>
<C-PEPS countryCode="SI" URL="https://peps-test.mju.gov.si/PEPS/ColleagueRequest">
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index 6f5a68d8b..f034a262e 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -53,7 +53,7 @@
</C-PEPS>
<!-- Test C-PEPS -->
<!--
- <C-PEPS countryCode="ES" URL="https://88.84.94.24/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="ES" URL="https://prespanishpeps.redsara.es/PEPS/ColleagueRequest"/>
<C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS2/ColleagueRequest"/>
<C-PEPS countryCode="PT" URL="https://eu-id.teste.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/>
<C-PEPS countryCode="SI" URL="https://peps-test.mju.gov.si/PEPS/ColleagueRequest">
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index f9ab3469b..f3c0877a6 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -53,7 +53,7 @@
</C-PEPS>
<!-- Test C-PEPS -->
<!--
- <C-PEPS countryCode="ES" URL="https://88.84.94.24/PEPS/ColleagueRequest"/>
+ <C-PEPS countryCode="ES" URL="https://prespanishpeps.redsara.es/PEPS/ColleagueRequests"/>
<C-PEPS countryCode="IT" URL="https://it-peps-stork.polito.it/PEPS2/ColleagueRequest"/>
<C-PEPS countryCode="PT" URL="https://eu-id.teste.cartaodecidadao.gov.pt/PEPS/ColleagueRequest"/>
<C-PEPS countryCode="SI" URL="https://peps-test.mju.gov.si/PEPS/ColleagueRequest">
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
index 6004f251f..1624a59c0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
@@ -25,10 +25,13 @@
package at.gv.egovernment.moa.id.auth.parser;
import java.io.ByteArrayInputStream;
+import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.List;
+import javax.xml.transform.TransformerException;
+
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.w3c.dom.traversal.NodeIterator;
@@ -157,6 +160,7 @@ public class CreateXMLSignatureResponseParser {
Element dsigSignatureNode = (Element) list.item(0);
Element dsigSignatureElement = (Element) dsigSignatureNode;
+
cResp.setDsigSignature(dsigSignatureElement);
}
catch (Throwable t) {
@@ -201,6 +205,11 @@ public class CreateXMLSignatureResponseParser {
SAMLAttribute[] result = new SAMLAttribute[samlAttributes.size()];
samlAttributes.toArray(result);
cResp.setSamlAttributes(result);
+
+ NodeList list = sigResponse_.getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature");
+ Element dsigSignatureNode = (Element) list.item(0);
+ cResp.setDsigSignature(dsigSignatureNode);
+
}
catch (Throwable t) {
throw new ParseException("parser.01", new Object[] { t.toString()}, t);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
index 4ddad2429..2c957603b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
@@ -151,6 +151,8 @@ public class VerifyXMLSignatureResponseParser {
VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse();
try {
+
+ String s = DOMUtils.serializeNode(verifyXMLSignatureResponse);
respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,""));
Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH);
respData.setQualifiedCertificate(e!=null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index d0fb1f87f..b2ef2d000 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -24,9 +24,14 @@
package at.gv.egovernment.moa.id.auth.validator;
+import java.util.Calendar;
+import java.util.GregorianCalendar;
import java.util.Iterator;
import java.util.List;
+import javax.xml.bind.DatatypeConverter;
+
+import org.jaxen.SimpleNamespaceContext;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
@@ -59,11 +64,25 @@ public class CreateXMLSignatureResponseValidator {
/** Xpath expression to the dsig:Signature element */
private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature";
- //private static final String XADES_SIGNINGTIME_PATH = Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime";
-
+ private static final String XADES_1_1_1_SIGNINGTIME_PATH = "//" + Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime";
+ private static final String XADES_1_3_2_SIGNINGTIME_PATH = "//" + Constants.XADES_1_3_2_NS_PREFIX + ":SigningTime";
+
+
+ private static final long MAX_DIFFERENCE_IN_MILLISECONDS = 600000; // 10min
+
/** Singleton instance. <code>null</code>, if none has been created. */
private static CreateXMLSignatureResponseValidator instance;
+ private static SimpleNamespaceContext NS_CONTEXT;
+ static {
+ NS_CONTEXT = new SimpleNamespaceContext();
+ NS_CONTEXT.addNamespace(Constants.XADES_1_1_1_NS_PREFIX, Constants.XADES_1_1_1_NS_URI);
+ NS_CONTEXT.addNamespace(Constants.XADES_1_2_2_NS_PREFIX, Constants.XADES_1_2_2_NS_URI);
+ NS_CONTEXT.addNamespace(Constants.XADES_1_3_2_NS_PREFIX, Constants.XADES_1_3_2_NS_URI);
+ NS_CONTEXT.addNamespace(Constants.XADES_1_4_1_NS_PREFIX, Constants.XADES_1_4_1_NS_URI);
+ }
+
+
/**
* Constructor for a singleton CreateXMLSignatureResponseValidator.
* @return an instance of CreateXMLSignatureResponseValidator
@@ -550,8 +569,36 @@ public class CreateXMLSignatureResponseValidator {
public void validateSigningDateTime( CreateXMLSignatureResponse csresp) throws ValidateException {
- //TODO: insert Time validation!!!!
-
+ Element dsigSignatureElement = csresp.getDsigSignature();
+ if (dsigSignatureElement == null) {
+ throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ;
+ }
+ else {
+ Element signingTimeElem = (Element) XPathUtils.selectSingleNode(dsigSignatureElement, NS_CONTEXT, XADES_1_1_1_SIGNINGTIME_PATH);
+ if (signingTimeElem == null) {
+ signingTimeElem = (Element) XPathUtils.selectSingleNode(dsigSignatureElement, NS_CONTEXT, XADES_1_3_2_SIGNINGTIME_PATH);
+ if (signingTimeElem == null)
+ throw new ValidateException("validator.68", null) ;
+ }
+
+
+ String signingTimeStr = signingTimeElem.getTextContent();
+ if (signingTimeStr == null)
+ throw new ValidateException("validator.68", null) ;
+
+ Calendar signingTimeCal = DatatypeConverter.parseDate(signingTimeStr);
+ Calendar serverTimeCal = new GregorianCalendar();
+
+ long diff = Math.abs(signingTimeCal.getTimeInMillis() - serverTimeCal.getTimeInMillis());
+
+ if (diff > MAX_DIFFERENCE_IN_MILLISECONDS)
+ throw new ValidateException("validator.69", new Object[] {"mehr als " + MAX_DIFFERENCE_IN_MILLISECONDS + " Millisekunden"}) ;
+
+ Logger.debug("Compare \"" + signingTimeCal.getTime() + "\" (SigningTime) with \"" + serverTimeCal.getTime() + "\" (server time)");
+
+
+ }
+
}
}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 272f26efb..c5ebc4b0d 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -181,6 +181,8 @@ validator.65=Es ist ein Fehler bei der Formulargenerierung f�r berufliche Part
validator.66=?berpr?fung der {0}-Infobox fehlgeschlagen\: berufliche Parteienvetretung ist nicht konfiguriert.
validator.67=Der Specialtext ({0}) stimmt nicht mit dem für diese Applikation hinterlegten Text ({1}) überein.
+validator.68=SigningTime im AUTH-Block konnte nicht eruiert werden.
+validator.69=SigningTime im AUTH-Block und Serverzeit weichen zu stark ab ({0}).
ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen
diff --git a/id/server/moa-id-commons/.classpath b/id/server/moa-id-commons/.classpath
index 88431cf04..0e89cea3d 100644
--- a/id/server/moa-id-commons/.classpath
+++ b/id/server/moa-id-commons/.classpath
@@ -6,11 +6,6 @@
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
- <classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources">
- <attributes>
- <attribute name="maven.pomderived" value="true"/>
- </attributes>
- </classpathentry>
<classpathentry kind="src" output="target/test-classes" path="src/test/java">
<attributes>
<attribute name="optional" value="true"/>
@@ -18,20 +13,20 @@
</attributes>
</classpathentry>
<classpathentry kind="src" path="target/generated-sources/xjc"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5">
+ <classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources/config">
<attributes>
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
- <classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5">
<attributes>
<attribute name="maven.pomderived" value="true"/>
- <attribute name="org.eclipse.jst.component.nondependency" value=""/>
</attributes>
</classpathentry>
- <classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources">
+ <classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
<attributes>
<attribute name="maven.pomderived" value="true"/>
+ <attribute name="org.eclipse.jst.component.nondependency" value=""/>
</attributes>
</classpathentry>
<classpathentry kind="output" path="target/classes"/>
diff --git a/id/server/moa-id-commons/.project b/id/server/moa-id-commons/.project
index 75c3e013e..a7c3725f2 100644
--- a/id/server/moa-id-commons/.project
+++ b/id/server/moa-id-commons/.project
@@ -28,10 +28,10 @@
</buildCommand>
</buildSpec>
<natures>
+ <nature>org.eclipse.m2e.core.maven2Nature</nature>
<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
<nature>org.eclipse.jdt.core.javanature</nature>
- <nature>org.eclipse.m2e.core.maven2Nature</nature>
<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
</natures>
</projectDescription>