aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-02-03 15:38:24 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-02-03 15:38:24 +0100
commitef35deb727190363d17d693d10f27171787cc92c (patch)
tree92f4a4c6133147716328f93b86239d5dd8fcc629 /id/server
parent4333fd60c637f2a739e3db17d00f61c68c465a8e (diff)
downloadmoa-id-spss-ef35deb727190363d17d693d10f27171787cc92c.tar.gz
moa-id-spss-ef35deb727190363d17d693d10f27171787cc92c.tar.bz2
moa-id-spss-ef35deb727190363d17d693d10f27171787cc92c.zip
Solve some merge problems
Diffstat (limited to 'id/server')
-rw-r--r--id/server/idserverlib/pom.xml43
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java72
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java148
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java263
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java182
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java66
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java187
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java81
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java50
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWService.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWType.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/AbstractPersonType.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactCorporateBodyType.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPersonDataType.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPhysicalPersonType.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CorporateBodyType.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/IdentificationType.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/InternetAddressType.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/NationalityType.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PersonDataType.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PhysicalPersonType.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TelephoneAddressType.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TypedPostalAddressType.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/AdviceType.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/SubjectType.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyInfoType.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyValueType.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/ObjectFactory.java76
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/PGPDataType.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SPKIDataType.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SignatureMethodType.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/TransformType.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/X509DataType.java16
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties1
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html789
-rw-r--r--id/server/pom.xml2
-rw-r--r--id/server/proxy/src/main/webapp/META-INF/MANIFEST.MF1
-rw-r--r--id/server/stork2-saml-engine/pom.xml6
51 files changed, 692 insertions, 1558 deletions
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index e5670f9a7..81213f721 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -25,16 +25,17 @@
</repositories>
<dependencies>
- <dependency>
- <groupId>eu.stork</groupId>
- <artifactId>SamlEngine</artifactId>
- <version>1.1.0</version>
- </dependency>
- <dependency>
- <groupId>eu.stork</groupId>
- <artifactId>oasis-dss-api</artifactId>
- <version>1.0.0-SNAPSHOT</version>
- </dependency>
+ <dependency>
+ <groupId>eu.stork</groupId>
+ <artifactId>SamlEngine</artifactId>
+ <version>1.1.0</version>
+ </dependency>
+ <dependency>
+ <groupId>eu.stork</groupId>
+ <artifactId>oasis-dss-api</artifactId>
+ <version>1.0.0-SNAPSHOT</version>
+ </dependency>
+
<dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-commons</artifactId>
@@ -60,7 +61,7 @@
<artifactId>axis</artifactId>
</dependency>
- <dependency>
+<!-- <dependency>
<groupId>com.sun</groupId>
<artifactId>webservices-tools</artifactId>
<version>2.0.1</version>
@@ -69,7 +70,7 @@
<groupId>com.sun</groupId>
<artifactId>webservices-rt</artifactId>
<version>2.0.1</version>
- </dependency>
+ </dependency> -->
<dependency>
<groupId>javax.mail</groupId>
@@ -162,7 +163,7 @@
</dependency>
<!-- <dependency> <groupId>iaik</groupId> <artifactId>moa</artifactId>
<version>1.28</version> </dependency> -->
- <dependency>
+<!-- <dependency>
<groupId>edu.internet2.middleware</groupId>
<artifactId>shibboleth-common</artifactId>
<version>1.4.0</version>
@@ -172,6 +173,18 @@
<groupId>ch.qos.logback</groupId>
</exclusion>
</exclusions>
+ </dependency> -->
+
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml</artifactId>
+ <version>2.6.0</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>xmltooling</artifactId>
+ <version>1.4.0</version>
</dependency>
<dependency>
<groupId>regexp</groupId>
@@ -228,8 +241,8 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
- <source>1.5</source>
- <target>1.5</target>
+ <source>1.6</source>
+ <target>1.6</target>
</configuration>
</plugin>
<plugin>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index e9c8dbc75..06d5b01bd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -97,6 +97,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
@@ -1269,7 +1270,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setAuthenticatedUsed(false);
session.setAuthenticated(true);
-
+
+ //set QAA Level four in case of card authentifcation
+ session.setQAALevel(PVPConstants.STORK_QAA_1_4);
+
+
String oldsessionID = session.getSessionID();
//Session is implicte stored in changeSessionID!!!
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 767172823..896feed9e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -231,6 +231,8 @@ public class AuthenticationSession implements Serializable {
private boolean ssoRequested = false;
+ private String QAALevel = null;
+
// private OAuth20SessionObject oAuth20SessionObject;
// /**
@@ -1005,20 +1007,21 @@ public class AuthenticationSession implements Serializable {
public IPersonalAttributeList getStorkAttributes() {
return this.storkAttributes;
}
-
+
/**
-// * @return the oAuth20SessionObject
-// */
-// public OAuth20SessionObject getoAuth20SessionObject() {
-// return oAuth20SessionObject;
-// }
-//
-// /**
-// * @param oAuth20SessionObject
-// * the oAuth20SessionObject to set
-// */
-// public void setoAuth20SessionObject(OAuth20SessionObject oAuth20SessionObject) {
-// this.oAuth20SessionObject = oAuth20SessionObject;
-// }
+ * @return the qAALevel
+ */
+ public String getQAALevel() {
+ return QAALevel;
+ }
+
+ /**
+ * @param qAALevel the qAALevel to set
+ */
+ public void setQAALevel(String qAALevel) {
+ QAALevel = qAALevel;
+ }
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index 7908578ef..f4212cc78 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -73,6 +73,7 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.client.SZRGWClientException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -197,6 +198,9 @@ public class GetForeignIDServlet extends AuthServlet {
IdentityLink identitylink = ilParser.parseIdentityLink();
session.setIdentityLink(identitylink);
+ //set QAA Level four in case of card authentifcation
+ session.setQAALevel(PVPConstants.STORK_QAA_1_4);
+
String samlArtifactBase64 =
AuthenticationServer.getInstance().getForeignAuthenticationData(session);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index b2224e10c..8bf437cca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -72,6 +72,7 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.SSLUtils;
@@ -218,6 +219,9 @@ public class GetMISSessionIDServlet extends AuthServlet {
session.setAuthenticatedUsed(false);
session.setAuthenticated(true);
+ //set QAA Level four in case of card authentifcation
+ session.setQAALevel(PVPConstants.STORK_QAA_1_4);
+
String oldsessionID = session.getSessionID();
//Session is implicite stored in changeSessionID!!!
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 23eb138d9..b356c6f35 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -54,9 +54,11 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -327,6 +329,18 @@ public class PEPSConnectorServlet extends AuthServlet {
// stork did the authentication step
moaSession.setAuthenticated(true);
+ //TODO: found better solution, but QAA Level in response could be not supported yet
+ try {
+ moasession.setQAALevel(authnResponse.getAssertions().get(0).
+ getAuthnStatements().get(0).getAuthnContext().
+ getAuthnContextClassRef().getAuthnContextClassRef());
+
+ } catch (Throwable e) {
+ Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
+ moasession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
+
+ }
+
//session is implicit stored in changeSessionID!!!!
String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java
deleted file mode 100644
index 80089a423..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-/**
- *
- */
-package at.gv.egovernment.moa.id.auth.stork;
-
-import org.opensaml.xml.security.credential.Credential;
-
-import eu.stork.vidp.messages.exception.SAMLException;
-
-/**
- * Interface supporting different kinds of Credentials
- *
- * @author bzwattendorfer
- *
- */
-public interface CredentialProvider {
-
- /**
- * Gets appropriate credentials
- * @return Credential object
- * @throws SAMLException
- */
- public Credential getCredential() throws SAMLException;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java
deleted file mode 100644
index cf167ba84..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java
+++ /dev/null
@@ -1,148 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.stork;
-
-import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
-
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.security.x509.BasicX509Credential;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import at.gv.egovernment.moa.util.KeyStoreUtils;
-import at.gv.egovernment.moa.util.StringUtils;
-import eu.stork.vidp.messages.exception.SAMLException;
-
-/**
- * Provides credentials from a KeyStore
- * @author bzwattendorfer
- *
- */
-public class KeyStoreCredentialProvider implements CredentialProvider {
-
- private final static Logger log = LoggerFactory.getLogger(KeyStoreCredentialProvider.class);
-
- /** KeyStore Path */
- private String keyStorePath;
-
- /** KeyStore Password */
- private String keyStorePassword;
-
- /** Specific Key Name as Credential */
- private String keyName;
-
- /** Key password */
- private String keyPassword;
-
- /**
- * Creates a KeyStoreCredentialProvider object
- * @param keyStorePath KeyStore Path
- * @param keyStorePassword KeyStore Password
- * @param keyName KeyName of the key to be retrieved
- * @param keyPassword Password for the Key
- */
- public KeyStoreCredentialProvider(String keyStorePath,
- String keyStorePassword, String keyName, String keyPassword) {
- super();
- this.keyStorePath = keyStorePath;
- this.keyStorePassword = keyStorePassword;
- this.keyName = keyName;
- this.keyPassword = keyPassword;
- }
-
-
- /**
- * Gets the credential object from the KeyStore
- */
- public Credential getCredential() throws SAMLException {
- log.trace("Retrieving credentials for signing SAML Response.");
-
- if (StringUtils.isEmpty(this.keyStorePath))
- throw new SAMLException("No keyStorePath specified");
-
- //KeyStorePassword optional
- //if (StringUtils.isEmpty(this.keyStorePassword))
- // throw new SAMLException("No keyStorePassword specified");
-
- if (StringUtils.isEmpty(this.keyName))
- throw new SAMLException("No keyName specified");
-
- //KeyStorePassword optional
- //if (StringUtils.isEmpty(this.keyPassword))
- // throw new SAMLException("No keyPassword specified");
-
- KeyStore ks;
- try {
- ks = KeyStoreUtils.loadKeyStore(this.keyStorePath, this.keyStorePassword);
- } catch (Exception e) {
- log.error("Failed to load keystore information", e);
- throw new SAMLException(e);
- }
-
- //return new KeyStoreX509CredentialAdapter(ks, keyName, keyPwd.toCharArray());
- BasicX509Credential credential = null;
- try {
- java.security.cert.X509Certificate certificate = (X509Certificate) ks.getCertificate(this.keyName);
- PrivateKey privateKey = (PrivateKey) ks.getKey(this.keyName, this.keyPassword.toCharArray());
- credential = new BasicX509Credential();
- credential.setEntityCertificate(certificate);
- credential.setPrivateKey(privateKey);
-
- } catch (Exception e) {
- log.error("Error retrieving signing credentials.", e);
- throw new SAMLException(e);
- }
-
- return credential;
-
- }
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java
deleted file mode 100644
index dcd1a8a1a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java
+++ /dev/null
@@ -1,263 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-/**
- *
- */
-package at.gv.egovernment.moa.id.auth.stork;
-
-import java.util.List;
-
-import org.joda.time.DateTime;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.Audience;
-import org.opensaml.saml2.core.AudienceRestriction;
-import org.opensaml.saml2.core.Conditions;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.SubjectConfirmationData;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-
-import at.gv.egovernment.moa.logging.Logger;
-import eu.stork.vidp.messages.saml.STORKAttribute;
-import eu.stork.vidp.messages.util.SAMLUtil;
-
-/**
- * Verifies the SAML assertion according to the STORK specification
- * @author bzwattendorfer
- *
- */
-public class PEPSConnectorAssertionVerifier implements AssertionVerifier {
-
- private static final int CLOCK_SKEW_MINUTES = 5;
-
- private static final boolean IS_USERS_CLIENT_IP_ADDRESS_TO_VERIFY = false;
-
- /* (non-Javadoc)
- * @see eu.stork.mw.peps.connector.validation.AssertionVerifier#verifyAssertion(org.opensaml.saml2.core.Assertion, java.lang.String, java.lang.String, java.lang.String)
- */
- public void verify(Assertion assertion, String reqIPAddress,
- String authnRequestID, String recipient, String audience, List<RequestedAttribute> reqAttrList) throws SecurityException {
-
- //SAML assertion need not to be signed, skipping signature validation
-
- verifySubjectConfirmation(assertion, reqIPAddress, authnRequestID, recipient);
-
- Logger.debug("SubjectConfirmationData successfully verified");
-
- verifyConditions(assertion, audience);
-
- Logger.debug("Conditions successfully verified");
- }
-
-
- private void verifySubjectConfirmation(Assertion assertion, String reqAddress, String requestID, String recipient) throws SecurityException {
- for (SubjectConfirmation sc : assertion.getSubject().getSubjectConfirmations()) {
- verifySubjectConfirmationData(sc.getSubjectConfirmationData(), reqAddress, requestID, recipient);
- }
-
- }
-
- private void verifySubjectConfirmationData(SubjectConfirmationData scData, String reqAddress, String requestID, String recipient) throws SecurityException {
- //NotBefore not allowed in SSO profile
- verifyNotOnOrAfter(scData.getNotOnOrAfter());
-
- Logger.trace("NotOnOrAfter successfully verified");
-
- if(IS_USERS_CLIENT_IP_ADDRESS_TO_VERIFY) {
- verifyClientAddress(scData, reqAddress);
- Logger.trace("User's client IP address successfully verified.");
- } else {
- Logger.warn("User's client IP address will not be verified.");
- }
-
- verifyRecipient(scData, recipient);
- Logger.trace("Recipient successfully verified");
-
- verifyInResponseTo(scData, requestID);
- Logger.trace("InResponseTo successfully verified");
-
- }
-
- private void verifyNotBefore(DateTime notBefore) throws SecurityException {
- if (notBefore.minusMinutes(CLOCK_SKEW_MINUTES).isAfterNow()) {
- String msg = "Subject/Assertion not yet valid, Timestamp: ";
- Logger.error(msg + notBefore);
- throw new SecurityException(msg);
- }
-
- Logger.trace("Subject/Assertion already valid, notBefore: " + notBefore);
-
- }
-
- private void verifyNotOnOrAfter(DateTime notOnOrAfter) throws SecurityException {
- if (notOnOrAfter.plusMinutes(CLOCK_SKEW_MINUTES).isBeforeNow()) {
- String msg = "Subject/Assertion no longer valid.";
- Logger.error(msg);
- throw new SecurityException(msg);
- }
-
- Logger.trace("Subject/Assertion still valid, notOnOrAfter: " + notOnOrAfter);
- }
-
- private void verifyClientAddress(SubjectConfirmationData scData, String reqAddress) throws SecurityException {
- if (!reqAddress.equals(scData.getAddress())) {
- String msg = "Response coming from wrong Client-Address";
- Logger.error("Response coming from wrong Client-Address " + reqAddress + ", expected " + scData.getAddress());
- throw new SecurityException(msg);
- }
-
- }
-
- private void verifyInResponseTo(SubjectConfirmationData scData, String requestID) throws SecurityException {
- if (!scData.getInResponseTo().equals(requestID)) {
- String msg = "Assertion issued for wrong request";
- Logger.error(msg);
- throw new SecurityException(msg);
- }
- }
-
- private void verifyRecipient(SubjectConfirmationData scData, String reqRecipient) throws SecurityException {
- if (!scData.getRecipient().equals(reqRecipient)) {
- String msg = "Assertion intended for another recipient";
- Logger.error("Assertion intended for recipient " + scData.getRecipient() + "but expected " + reqRecipient);
- throw new SecurityException(msg);
- }
-
- }
-
- private void verifyAudience(AudienceRestriction audienceRestriction, String reqAudience) throws SecurityException {
- for (Audience audience : audienceRestriction.getAudiences()) {
- if (audience.getAudienceURI().equals(reqAudience))
- return;
- }
- String msg = "Assertion sent to wrong audience";
- Logger.error("Assertion intended for wrong audience, expected " + reqAudience);
- throw new SecurityException(msg);
- }
-
- private void verifyOneTimeUse(String assertionID) {
- //not necessarily required to check since notBefore and notOnOrAfter are verified
- //check response Store for already existing assertion
-
- }
-
- private void verifyConditions(Assertion assertion, String reqAudience) throws SecurityException {
- Conditions conditions = assertion.getConditions();
-
- verifyNotBefore(conditions.getNotBefore());
- Logger.trace("NotBefore successfully verified");
-
- verifyNotOnOrAfter(conditions.getNotOnOrAfter());
- Logger.trace("NotOnOrAfter successfully verified");
-
- verifyAudience(conditions.getAudienceRestrictions().get(0), reqAudience);
-
- Logger.trace("Audience successfully verified");
-
- }
-
- public static void validateRequiredAttributes(
- List<RequestedAttribute> reqAttrList,
- List<Attribute> attrList)
- throws STORKException {
-
- Logger.debug("Starting required attribute validation");
-
- if (reqAttrList == null || reqAttrList.isEmpty()) {
- Logger.error("Requested Attributes list is empty.");
- throw new STORKException("No attributes have been requested");
- }
-
- if (attrList == null || attrList.isEmpty()) {
- Logger.error("STORK AttributeStatement is empty.");
- throw new STORKException("No attributes have been received");
- }
-
- Logger.trace("These attributes have been requested and received: ");
- int count = 0;
- for (RequestedAttribute reqAttr : reqAttrList) {
- Logger.trace("Requested attribute: " + reqAttr.getName() + " isRequired: " + reqAttr.isRequired());
- for(Attribute attr : attrList) {
- if (verifyRequestedAttribute(reqAttr, attr))
- count++;
- }
- }
-
- int numRequiredReqAttr = getNumberOfRequiredAttributes(reqAttrList);
- Logger.trace("Number of requested required attributes: " + numRequiredReqAttr);
- Logger.trace("Number of received required attributes: " + count);
-
- if (count != numRequiredReqAttr) {
- Logger.error("Not all required attributes have been received");
- throw new STORKException("Not all required attributes have been received");
- }
- Logger.debug("Received all required attributes!");
-
- }
-
- private static boolean verifyRequestedAttribute(RequestedAttribute reqAttr, Attribute attr) {
-
- if ((reqAttr.getName()).equals(attr.getName())) {
- if (reqAttr.isRequired() && SAMLUtil.getStatusFromAttribute(attr).equals(STORKAttribute.ALLOWED_ATTRIBUTE_STATUS_AVAIL)) {
- Logger.trace("Received required attribute " + attr.getName() + " status: " + SAMLUtil.getStatusFromAttribute(attr));
- return true;
- }
- }
- return false;
- }
-
- private static int getNumberOfRequiredAttributes(List<RequestedAttribute> reqAttrList) {
- int count = 0;
- for (RequestedAttribute reqAttr : reqAttrList)
- if (reqAttr.isRequired()) count++;
-
- return count;
- }
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java
deleted file mode 100644
index f9589950f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java
+++ /dev/null
@@ -1,182 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-/**
- *
- */
-package at.gv.egovernment.moa.id.auth.stork;
-
-import org.opensaml.xml.validation.ValidationException;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.auth.exception.ServiceException;
-import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
-import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.util.XMLUtil;
-import at.gv.egovernment.moa.logging.Logger;
-import eu.stork.mw.messages.saml.STORKResponse;
-import eu.stork.vidp.messages.exception.SAMLValidationException;
-import eu.stork.vidp.messages.util.SAMLUtil;
-
-/**
- * Verifies the SMAL response according to the STORK specification
- * @author bzwattendorfer
- *
- */
-public class PEPSConnectorResponseVerifier implements ResponseVerifier {
-
-
- /* (non-Javadoc)
- * @see eu.stork.mw.peps.connector.validation.ResponseVerifier#verify(org.opensaml.saml2.core.Response)
- */
- public void verify(STORKResponse response) throws SecurityException {
-
- verifySignature(response);
- Logger.debug("Signature of SAML response valid.");
-
- verifyStandardValidation(response);
-
- Logger.debug("SAML response format valid.");
-
- }
-
-
- private void verifySignature(STORKResponse response) throws SecurityException {
- //validate Signature
- try {
- if (response.isSigned()) {
-
- String trustProfileID = AuthConfigurationProvider.getInstance().getStorkConfig().getSignatureVerificationParameter().getTrustProfileID();
-
- Logger.trace("Starting validation of Signature references");
- try {
- SAMLUtil.validateSignatureReferences(response);
- } catch (ValidationException e) {
- Logger.error("Validation of XML Signature refrences failed: " + e.getMessage());
- throw new SecurityException(e);
- }
- Logger.debug("XML Signature references are OK.");
-
- Logger.debug("Invoking MOA-SP with TrustProfileID: " + trustProfileID);
-
- // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
- Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
- .build(XMLUtil.printXML(response.getDOM()).getBytes(), trustProfileID);
-
- Logger.trace("VerifyXMLSignatureRequest for MOA-SP succesfully built");
-
- Logger.trace("Calling MOA-SP");
- // invokes the call
- Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
- .verifyXMLSignature(domVerifyXMLSignatureRequest);
-
- // parses the <VerifyXMLSignatureResponse>
- VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
- domVerifyXMLSignatureResponse).parseData();
-
- Logger.trace("Received VerifyXMLSignatureResponse from MOA-SP");
-
- if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) {
- String msg = "Signature of SAMLResponse not valid";
- Logger.error(msg);
- throw new SecurityException(msg);
- }
-
- Logger.debug("Signature of SAML response successfully verified");
-
- if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) {
- String msg = "Certificate of SAMLResponse not valid";
- Logger.error(msg);
- throw new SecurityException(msg);
- }
-
- Logger.debug("Signing certificate of SAML response succesfully verified");
-
- } else {
- String msg = "SAML Response is not signed.";
- throw new SecurityException(msg);
- }
-
- } catch (ConfigurationException e) {
- String msg = "Unable to load STORK configuration for STORK SAML Response signature verification.";
- Logger.error(msg, e);
- throw new SecurityException(msg, e);
- } catch (ParseException e) {
- String msg = "Unable to parse VerifyXMLSignature Request or Response.";
- Logger.error(msg, e);
- throw new SecurityException(msg, e);
- } catch (BuildException e) {
- String msg = "Unable to parse VerifyXMLSignature Request or Response.";
- Logger.error(msg, e);
- throw new SecurityException(msg, e);
- } catch (ServiceException e) {
- String msg = "Unable to invoke MOA-SP.";
- Logger.error(msg, e);
- throw new SecurityException(msg, e);
- }
-
- }
-
- private void verifyStandardValidation(STORKResponse response) throws SecurityException {
- try {
- SAMLUtil.verifySAMLObjectStandardValidation(response, "saml2-core-schema-and-stork-validator");
- } catch (SAMLValidationException e) {
- String msg ="SAML Response received not valid.";
- throw new SecurityException(msg, e);
- }
-
- }
-
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java
deleted file mode 100644
index ea3d4101b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.stork;
-
-import eu.stork.mw.messages.saml.STORKResponse;
-
-/**
- * Interface to be implemented for SAML response verification
- * @author bzwattendorfer
- *
- */
-public interface ResponseVerifier {
-
- /**
- * Verifies a STORK response
- * @param response STORK response
- * @throws SecurityException
- */
- public void verify(STORKResponse response) throws SecurityException;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java
deleted file mode 100644
index 5dc615b6c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java
+++ /dev/null
@@ -1,187 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/**
- *
- */
-package at.gv.egovernment.moa.id.auth.stork;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.app.VelocityEngine;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.Endpoint;
-import org.opensaml.ws.transport.http.HTTPOutTransport;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.security.credential.Credential;
-
-import at.gv.egovernment.moa.logging.Logger;
-import eu.stork.mw.messages.saml.STORKAuthnRequest;
-import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
-import eu.stork.vidp.messages.exception.SAMLException;
-import eu.stork.vidp.messages.exception.SAMLValidationException;
-import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
-import eu.stork.vidp.messages.stork.RequestedAttributes;
-import eu.stork.vidp.messages.util.SAMLUtil;
-
-/**
- * Class handling all necessary functionality for STORK AuthnRequest processing
- *
- * @author bzwattendorfer
- *
- */
-public class STORKAuthnRequestProcessor {
-
- /**
- * Creates a STORK AuthnRequest
- * @param destination Destination URL
- * @param acsURL Assertion Consumer Service URL
- * @param providerName SP Provider Name
- * @param issuerValue Issuer Name
- * @param qaaLevel STORK QAALevel to be requested
- * @param requestedAttributes Requested Attributes to be requested
- * @param spSector Sp Sector
- * @param spInstitution SP Institution
- * @param spApplication SP Application
- * @param spCountry SP Country
- * @param textToBeSigned text to be included in signedDoc element
- * @param mimeType mimeType for the text to be signed in signedDoc
- * @return STORK AuthnRequest
- */
- public static STORKAuthnRequest generateSTORKAuthnRequest(
- String destination,
- String acsURL,
- String providerName,
- String issuerValue,
- QualityAuthenticationAssuranceLevel qaaLevel,
- RequestedAttributes requestedAttributes,
- String spSector,
- String spInstitution,
- String spApplication,
- String spCountry,
- String textToBeSigned,
- String mimeType) {
-
-
- STORKAuthnRequest storkAuthnRequest =
- STORKMessagesBuilder.buildSTORKAuthnRequest(
- destination,
- acsURL,
- providerName,
- issuerValue,
- qaaLevel,
- requestedAttributes,
- spSector,
- spInstitution,
- spApplication,
- spCountry);
-
- STORKMessagesBuilder.buildAndAddSignatureRequestToAuthnRequest(storkAuthnRequest, textToBeSigned, mimeType, true);
-
- Logger.debug("Added signedDoc attribute to STORK AuthnRequest");
-
- return storkAuthnRequest;
-
- }
-
- /**
- * Signs a STORK AuthnRequest
- * @param storkAuthnRequest STORK AuthRequest to sign
- * @param keyStorePath KeyStorePath to the signing key
- * @param keyStorePassword KeyStore Password
- * @param keyName Signing key name
- * @param keyPassword Signing key password
- * @return Signed STORK AuthnRequest
- * @throws SAMLException
- */
- public static STORKAuthnRequest signSTORKAuthnRequest(
- STORKAuthnRequest storkAuthnRequest,
- String keyStorePath,
- String keyStorePassword,
- String keyName,
- String keyPassword) throws SAMLException {
-
- Logger.trace("Building Credential Provider for signing process");
-
- CredentialProvider credentialProvider = new KeyStoreCredentialProvider(keyStorePath, keyStorePassword, keyName, keyPassword);
-
- Credential credential = credentialProvider.getCredential();
-
- Logger.trace("Credentials found");
-
- SAMLUtil.signSAMLObject(storkAuthnRequest, credential);
-
- return storkAuthnRequest;
- }
-
- /**
- * Validates a STORK AuthnRequest
- * @param storkAuthnRequest STORK AuthnRequest to validate
- * @throws SAMLValidationException
- */
- public static void validateSTORKAuthnRequest(STORKAuthnRequest storkAuthnRequest) throws SAMLValidationException {
-
- SAMLUtil.verifySAMLObjectStandardValidation(storkAuthnRequest, "saml2-core-schema-and-stork-validator");
-
- }
-
- /**
- * Sends a STORK AuthnRequest (Endpoint taken out of AuthnRequest)
- * @param request HttpServletRequest
- * @param response HttpServletResponse
- * @param storkAuthnRequest STORK AuthnRequest to send
- * @throws Exception
- */
- public static void sendSTORKAuthnRequest(HttpServletRequest request, HttpServletResponse response, STORKAuthnRequest storkAuthnRequest) throws Exception {
-
- Logger.trace("Create endpoint...");
- Endpoint endpoint = STORKMessagesBuilder.buildSAMLObject(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
- endpoint.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
- endpoint.setLocation(storkAuthnRequest.getDestination());
-
-
- Logger.trace("Prepare SAMLMessageContext...");
- HTTPOutTransport outTransport = new HttpServletResponseAdapter(response, request.isSecure());
- BasicSAMLMessageContext<?, STORKAuthnRequest, ?> samlMessageContext = new BasicSAMLMessageContext();
- samlMessageContext.setOutboundMessageTransport(outTransport);
- samlMessageContext.setPeerEntityEndpoint(endpoint);
-
- Logger.trace("Set STORK SAML AuthnRequest to SAMLMessageContext...");
- samlMessageContext.setOutboundSAMLMessage(storkAuthnRequest);
-
- Logger.trace("Initialize VelocityEngine...");
-
- VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
-
-// HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/templates/saml2-post-binding.vm");
- HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/saml2-post-binding-moa.vm");
-
- Logger.trace("HTTP-Post encode SAMLMessageContext...");
- encoder.encode(samlMessageContext);
- }
-
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 1fa7e5eb2..1804b5fd5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -63,6 +63,7 @@ import javax.xml.bind.JAXBContext;
import javax.xml.bind.Unmarshaller;
import org.hibernate.cfg.Configuration;
+import org.opensaml.DefaultBootstrap;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
@@ -363,9 +364,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
//Initialize OpenSAML for STORK
-// Logger.info("Starting initialization of OpenSAML...");
-// STORKBootstrap.bootstrap();
-// Logger.debug("OpenSAML successfully initialized");
+ Logger.info("Starting initialization of OpenSAML...");
+ DefaultBootstrap.bootstrap();
+ Logger.debug("OpenSAML successfully initialized");
String legacyconfig = props.getProperty("configuration.xml.legacy");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 998e28f6a..7a38e2afd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -273,7 +273,12 @@ public boolean isOnlyMandateAllowed() {
* @return true, if is we should show stork login
*/
public boolean isShowStorkLogin() {
- return oa_auth.getOASTORK().isStorkLogonEnabled();
+ try {
+ return oa_auth.getOASTORK().isStorkLogonEnabled();
+
+ } catch (NullPointerException e) {
+ return false;
+ }
}
public Map<String, String> getFormCustomizaten() {
@@ -322,7 +327,12 @@ public Map<String, String> getFormCustomizaten() {
}
public Integer getQaaLevel() {
- return oa_auth.getOASTORK().getQaa();
+
+ if (oa_auth.getOASTORK() != null && oa_auth.getOASTORK().getQaa() != null)
+ return oa_auth.getOASTORK().getQaa();
+
+ else
+ return 4;
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index 5b4843752..0172cce2d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x;
public interface PVPConstants {
+ public static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/citizenQAALevel/";
public static final String STORK_QAA_1_1 = "http://www.stork.gov.eu/1.0/citizenQAALevel/1";
public static final String STORK_QAA_1_2 = "http://www.stork.gov.eu/1.0/citizenQAALevel/2";
public static final String STORK_QAA_1_3 = "http://www.stork.gov.eu/1.0/citizenQAALevel/3";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index 28299871c..7c9cc6259 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.jcp.xml.dsig.internal.dom.DOMURIDereferencer;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.common.xml.SAMLConstants;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 17f76d35a..bc90da8df 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -74,6 +74,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedExcept
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.id.util.QAALevelVerifier;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
@@ -89,45 +90,59 @@ public class PVP2AssertionBuilder implements PVPConstants {
AuthnContextClassRef authnContextClassRef = SAML2Utils
.createSAMLObject(AuthnContextClassRef.class);
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(
+ peerEntity.getEntityID());
+
if (reqAuthnContext == null) {
authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
- } else {
+ }
- boolean stork_qaa_1_4_found = false;
+ boolean stork_qaa_1_4_found = false;
+
+ List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
+ .getAuthnContextClassRefs();
- List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
- .getAuthnContextClassRefs();
+ if (reqAuthnContextClassRefIt.size() == 0) {
+
+ QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(),
+ STORK_QAA_1_4);
- if (reqAuthnContextClassRefIt.size() == 0) {
- stork_qaa_1_4_found = true;
- authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
-
- } else {
- for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
- String qaa_uri = authnClassRef.getAuthnContextClassRef();
- if (qaa_uri.trim().equals(STORK_QAA_1_4)
- || qaa_uri.trim().equals(STORK_QAA_1_3)
- || qaa_uri.trim().equals(STORK_QAA_1_2)
- || qaa_uri.trim().equals(STORK_QAA_1_1)) {
-
- if (authSession.isForeigner()) {
- //TODO: insert QAA check
-
- stork_qaa_1_4_found = false;
-
- } else {
- stork_qaa_1_4_found = true;
- authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
- }
- break;
+ stork_qaa_1_4_found = true;
+ authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
+
+ } else {
+ for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
+ String qaa_uri = authnClassRef.getAuthnContextClassRef();
+ if (qaa_uri.trim().equals(STORK_QAA_1_4)
+ || qaa_uri.trim().equals(STORK_QAA_1_3)
+ || qaa_uri.trim().equals(STORK_QAA_1_2)
+ || qaa_uri.trim().equals(STORK_QAA_1_1)) {
+
+ if (authSession.isForeigner()) {
+ QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(),
+ STORK_QAA_PREFIX + oaParam.getQaaLevel());
+
+ stork_qaa_1_4_found = true;
+ authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());
+
+ } else {
+
+ QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(),
+ qaa_uri.trim());
+
+ stork_qaa_1_4_found = true;
+ authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());
+
}
+ break;
}
}
-
- if (!stork_qaa_1_4_found) {
- throw new QAANotSupportedException(STORK_QAA_1_4);
- }
+ }
+
+ if (!stork_qaa_1_4_found) {
+ throw new QAANotSupportedException(STORK_QAA_1_4);
}
// reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs()
@@ -209,12 +224,6 @@ public class PVP2AssertionBuilder implements PVPConstants {
* null, true); } }
*/
- // TODO: LOAD oaParam from request and not from MOASession in case of
- // SSO
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(
- peerEntity.getEntityID());
-
AuthenticationData authData = AuthenticationServer
.buildAuthenticationData(authSession, oaParam,
oaParam.getTarget());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java
index 523063c6e..f3d815e7d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java
@@ -31,6 +31,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.util.MiscUtil;
public class BirthdateAttributeBuilder implements IPVPAttributeBuilder {
@@ -44,11 +45,19 @@ public class BirthdateAttributeBuilder implements IPVPAttributeBuilder {
IAttributeGenerator<ATT> g) throws AttributeException {
try {
DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
- Date date = identityLinkFormat.parse(authSession.getIdentityLink().getDateOfBirth());
- DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN);
- String dateString = pvpDateFormat.format(date);
- return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString);
+ if (MiscUtil.isNotEmpty(authSession.getIdentityLink().getDateOfBirth())) {
+ Date date = identityLinkFormat.parse(authSession.getIdentityLink().getDateOfBirth());
+ DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN);
+ String dateString = pvpDateFormat.format(date);
+
+ return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString);
+
+ } else {
+ //build empty attribute if no Birthday date is found (STORK2)
+ return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME);
+
+ }
//return buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index d318792f1..f4b48ece3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -22,14 +22,11 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
-import java.io.IOException;
import java.util.ArrayList;
-import java.util.Date;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.xml.transform.TransformerException;
import org.joda.time.DateTime;
import org.opensaml.Configuration;
@@ -40,12 +37,10 @@ import org.opensaml.saml2.core.EncryptedAssertion;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.impl.EncryptedAssertionBuilder;
import org.opensaml.saml2.encryption.Encrypter;
import org.opensaml.saml2.encryption.Encrypter.KeyPlacement;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.security.MetadataCredentialResolver;
import org.opensaml.security.MetadataCriteria;
@@ -54,17 +49,13 @@ import org.opensaml.xml.encryption.EncryptionConstants;
import org.opensaml.xml.encryption.EncryptionException;
import org.opensaml.xml.encryption.EncryptionParameters;
import org.opensaml.xml.encryption.KeyEncryptionParameters;
-import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.criteria.EntityIDCriteria;
import org.opensaml.xml.security.criteria.UsageCriteria;
import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
-import org.opensaml.xml.security.x509.BasicX509Credential;
import org.opensaml.xml.security.x509.X509Credential;
-import org.opensaml.xml.signature.KeyInfo;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -80,7 +71,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedEx
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.PrettyPrinter;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
index 1963115da..e3e25b1a9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
@@ -37,7 +37,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.KeyStoreUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
public class CredentialProvider {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
index d398ca533..f0ae6f446 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
@@ -113,10 +113,12 @@ public class MetadataSignatureFilter implements MetadataFilter {
throw new MOAIDException("Root element of metadata file has to be signed", null);
}
processEntitiesDescriptor(entitiesDescriptor);
- } /*else if (metadata instanceof EntityDescriptor) {
+
+ } else if (metadata instanceof EntityDescriptor) {
EntityDescriptor entityDescriptor = (EntityDescriptor) metadata;
processEntityDescriptorr(entityDescriptor);
- } */else {
+
+ } else {
throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
index e48c7bb98..67a91f6e1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
@@ -34,36 +34,36 @@ import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
import org.opensaml.xml.signature.SignatureTrustEngine;
import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
-import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine;
+//import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver;
+//import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver;
public class TrustEngineFactory {
- public static SignatureTrustEngine getSignatureTrustEngine() {
- try {
- MetadataPKIXValidationInformationResolver mdResolver = new MetadataPKIXValidationInformationResolver(
- MOAMetadataProvider.getInstance());
-
- List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
- keyInfoProvider.add(new DSAKeyValueProvider());
- keyInfoProvider.add(new RSAKeyValueProvider());
- keyInfoProvider.add(new InlineX509DataProvider());
-
- KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
- keyInfoProvider);
-
- PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine(
- mdResolver, keyInfoResolver);
-
- return engine;
-
- } catch (Exception e) {
- e.printStackTrace();
- return null;
- }
- }
+// public static SignatureTrustEngine getSignatureTrustEngine() {
+// try {
+// MetadataPKIXValidationInformationResolver mdResolver = new MetadataPKIXValidationInformationResolver(
+// MOAMetadataProvider.getInstance());
+//
+// List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
+// keyInfoProvider.add(new DSAKeyValueProvider());
+// keyInfoProvider.add(new RSAKeyValueProvider());
+// keyInfoProvider.add(new InlineX509DataProvider());
+//
+// KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
+// keyInfoProvider);
+//
+// PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine(
+// mdResolver, keyInfoResolver);
+//
+// return engine;
+//
+// } catch (Exception e) {
+// e.printStackTrace();
+// return null;
+// }
+// }
public static SignatureTrustEngine getSignatureKnownKeysTrustEngine() {
MetadataCredentialResolver resolver;
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWService.java b/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWService.java
index 77969010f..9562d1c42 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWService.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWService.java
@@ -14,7 +14,7 @@ import javax.xml.ws.WebServiceFeature;
/**
* This class was generated by the JAX-WS RI.
* JAX-WS RI 2.2.4-b01
- * Generated source version: 2.2
+ * Generated source version: 2.1
*
*/
@WebServiceClient(name = "SZRGWService", targetNamespace = "http://reference.e-government.gv.at/namespace/szrgw/20070807/wsdl", wsdlLocation = "file:/D:/Projekte/svn/online-vollmachten/egovutils/src/main/resources/wsdl/szrgw/szrgw.wsdl")
@@ -42,26 +42,10 @@ public class SZRGWService
super(__getWsdlLocation(), SZRGWSERVICE_QNAME);
}
- public SZRGWService(WebServiceFeature... features) {
- super(__getWsdlLocation(), SZRGWSERVICE_QNAME, features);
- }
-
- public SZRGWService(URL wsdlLocation) {
- super(wsdlLocation, SZRGWSERVICE_QNAME);
- }
-
- public SZRGWService(URL wsdlLocation, WebServiceFeature... features) {
- super(wsdlLocation, SZRGWSERVICE_QNAME, features);
- }
-
public SZRGWService(URL wsdlLocation, QName serviceName) {
super(wsdlLocation, serviceName);
}
- public SZRGWService(URL wsdlLocation, QName serviceName, WebServiceFeature... features) {
- super(wsdlLocation, serviceName, features);
- }
-
/**
*
* @return
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWType.java b/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWType.java
index 01ca437c9..9f0a8bd6d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWType.java
@@ -14,7 +14,7 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
/**
* This class was generated by the JAX-WS RI.
* JAX-WS RI 2.2.4-b01
- * Generated source version: 2.2
+ * Generated source version: 2.1
*
*/
@WebService(name = "SZRGWType", targetNamespace = "http://reference.e-government.gv.at/namespace/szrgw/20070807/wsdl")
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/AbstractPersonType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/AbstractPersonType.java
index eb9ff0739..ebcee3d1d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/AbstractPersonType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/AbstractPersonType.java
@@ -62,7 +62,7 @@ public class AbstractPersonType {
@XmlElement(name = "Identification")
protected List<IdentificationType> identification;
- @XmlElementRef(name = "AbstractSimpleIdentification", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class, required = false)
+ @XmlElementRef(name = "AbstractSimpleIdentification", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class)
protected List<JAXBElement<? extends AbstractSimpleIdentificationType>> abstractSimpleIdentification;
@XmlAttribute(name = "Id")
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@@ -120,14 +120,14 @@ public class AbstractPersonType {
* <p>
* Objects of the following type(s) are allowed in the list
* {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >}
- * {@link JAXBElement }{@code <}{@link Firmenbuchnummer }{@code >}
* {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >}
- * {@link JAXBElement }{@code <}{@link ZMRzahl }{@code >}
* {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >}
- * {@link JAXBElement }{@code <}{@link ERJPZahl }{@code >}
- * {@link JAXBElement }{@code <}{@link Vereinsnummer }{@code >}
* {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >}
+ * {@link JAXBElement }{@code <}{@link ZMRzahl }{@code >}
* {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >}
+ * {@link JAXBElement }{@code <}{@link Vereinsnummer }{@code >}
+ * {@link JAXBElement }{@code <}{@link Firmenbuchnummer }{@code >}
+ * {@link JAXBElement }{@code <}{@link ERJPZahl }{@code >}
*
*
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactCorporateBodyType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactCorporateBodyType.java
index 0a542e073..bd7d32493 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactCorporateBodyType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactCorporateBodyType.java
@@ -188,8 +188,8 @@ public class CompactCorporateBodyType
*
* <p>
* Objects of the following type(s) are allowed in the list
- * {@link Element }
* {@link Object }
+ * {@link Element }
*
*
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPersonDataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPersonDataType.java
index 1aa6acbf4..aad9fa004 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPersonDataType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPersonDataType.java
@@ -63,7 +63,7 @@ public class CompactPersonDataType
@XmlElementRef(name = "Person", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class)
protected JAXBElement<? extends AbstractPersonType> person;
- @XmlElementRef(name = "Address", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class, required = false)
+ @XmlElementRef(name = "Address", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class)
protected List<JAXBElement<? extends AbstractAddressType>> address;
@XmlElement(name = "Signature", namespace = "http://www.w3.org/2000/09/xmldsig#")
protected List<SignatureType> signature;
@@ -75,11 +75,11 @@ public class CompactPersonDataType
*
* @return
* possible object is
- * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}
- * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}
- * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >}
* {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >}
+ * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >}
+ * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}
* {@link JAXBElement }{@code <}{@link CompactCorporateBodyType }{@code >}
+ * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}
*
*/
public JAXBElement<? extends AbstractPersonType> getPerson() {
@@ -91,11 +91,11 @@ public class CompactPersonDataType
*
* @param value
* allowed object is
- * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}
- * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}
- * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >}
* {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >}
+ * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >}
+ * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}
* {@link JAXBElement }{@code <}{@link CompactCorporateBodyType }{@code >}
+ * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}
*
*/
public void setPerson(JAXBElement<? extends AbstractPersonType> value) {
@@ -120,12 +120,12 @@ public class CompactPersonDataType
*
* <p>
* Objects of the following type(s) are allowed in the list
+ * {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >}
+ * {@link JAXBElement }{@code <}{@link CompactPostalAddressType }{@code >}
* {@link JAXBElement }{@code <}{@link InternetAddressType }{@code >}
* {@link JAXBElement }{@code <}{@link TelephoneAddressType }{@code >}
* {@link JAXBElement }{@code <}{@link AbstractAddressType }{@code >}
* {@link JAXBElement }{@code <}{@link TypedPostalAddressType }{@code >}
- * {@link JAXBElement }{@code <}{@link CompactPostalAddressType }{@code >}
- * {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >}
*
*
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPhysicalPersonType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPhysicalPersonType.java
index 94e97ea12..1e37799b0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPhysicalPersonType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPhysicalPersonType.java
@@ -240,8 +240,8 @@ public class CompactPhysicalPersonType
*
* <p>
* Objects of the following type(s) are allowed in the list
- * {@link Element }
* {@link Object }
+ * {@link Element }
*
*
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CorporateBodyType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CorporateBodyType.java
index 19d957d80..6596ae3ac 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CorporateBodyType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CorporateBodyType.java
@@ -256,8 +256,8 @@ public class CorporateBodyType
*
* <p>
* Objects of the following type(s) are allowed in the list
- * {@link Element }
* {@link Object }
+ * {@link Element }
*
*
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/IdentificationType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/IdentificationType.java
index f22d6858a..df20e777f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/IdentificationType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/IdentificationType.java
@@ -172,8 +172,8 @@ public class IdentificationType {
*
* <p>
* Objects of the following type(s) are allowed in the list
- * {@link Element }
* {@link Object }
+ * {@link Element }
*
*
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/InternetAddressType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/InternetAddressType.java
index 2afa51544..90dfd4110 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/InternetAddressType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/InternetAddressType.java
@@ -121,8 +121,8 @@ public class InternetAddressType
*
* <p>
* Objects of the following type(s) are allowed in the list
- * {@link Element }
* {@link Object }
+ * {@link Element }
*
*
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/NationalityType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/NationalityType.java
index 4a426fc93..ebc563acb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/NationalityType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/NationalityType.java
@@ -52,10 +52,10 @@ import org.w3c.dom.Element;
public class NationalityType {
@XmlElementRefs({
- @XmlElementRef(name = "ISOCode3", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class),
- @XmlElementRef(name = "CountryNameEN", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class),
@XmlElementRef(name = "CountryNameFR", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class),
- @XmlElementRef(name = "CountryNameDE", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class)
+ @XmlElementRef(name = "CountryNameEN", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class),
+ @XmlElementRef(name = "CountryNameDE", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class),
+ @XmlElementRef(name = "ISOCode3", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class)
})
@XmlMixed
@XmlAnyElement(lax = true)
@@ -79,13 +79,13 @@ public class NationalityType {
*
* <p>
* Objects of the following type(s) are allowed in the list
- * {@link Element }
* {@link JAXBElement }{@code <}{@link String }{@code >}
* {@link JAXBElement }{@code <}{@link String }{@code >}
- * {@link Object }
* {@link String }
* {@link JAXBElement }{@code <}{@link String }{@code >}
* {@link JAXBElement }{@code <}{@link String }{@code >}
+ * {@link Element }
+ * {@link Object }
*
*
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PersonDataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PersonDataType.java
index cefaa3bbd..699519798 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PersonDataType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PersonDataType.java
@@ -63,7 +63,7 @@ public class PersonDataType
@XmlElementRef(name = "Person", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class)
protected JAXBElement<? extends AbstractPersonType> person;
- @XmlElementRef(name = "Address", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class, required = false)
+ @XmlElementRef(name = "Address", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class)
protected List<JAXBElement<? extends AbstractAddressType>> address;
@XmlElement(name = "Signature", namespace = "http://www.w3.org/2000/09/xmldsig#")
protected List<SignatureType> signature;
@@ -75,11 +75,11 @@ public class PersonDataType
*
* @return
* possible object is
- * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}
- * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}
- * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >}
* {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >}
+ * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >}
+ * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}
* {@link JAXBElement }{@code <}{@link CompactCorporateBodyType }{@code >}
+ * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}
*
*/
public JAXBElement<? extends AbstractPersonType> getPerson() {
@@ -91,11 +91,11 @@ public class PersonDataType
*
* @param value
* allowed object is
- * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}
- * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}
- * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >}
* {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >}
+ * {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >}
+ * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}
* {@link JAXBElement }{@code <}{@link CompactCorporateBodyType }{@code >}
+ * {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}
*
*/
public void setPerson(JAXBElement<? extends AbstractPersonType> value) {
@@ -120,12 +120,12 @@ public class PersonDataType
*
* <p>
* Objects of the following type(s) are allowed in the list
+ * {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >}
+ * {@link JAXBElement }{@code <}{@link CompactPostalAddressType }{@code >}
* {@link JAXBElement }{@code <}{@link InternetAddressType }{@code >}
* {@link JAXBElement }{@code <}{@link TelephoneAddressType }{@code >}
* {@link JAXBElement }{@code <}{@link AbstractAddressType }{@code >}
* {@link JAXBElement }{@code <}{@link TypedPostalAddressType }{@code >}
- * {@link JAXBElement }{@code <}{@link CompactPostalAddressType }{@code >}
- * {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >}
*
*
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PhysicalPersonType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PhysicalPersonType.java
index f2727635e..4c5a5e34f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PhysicalPersonType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PhysicalPersonType.java
@@ -484,8 +484,8 @@ public class PhysicalPersonType
*
* <p>
* Objects of the following type(s) are allowed in the list
- * {@link Element }
* {@link Object }
+ * {@link Element }
*
*
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TelephoneAddressType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TelephoneAddressType.java
index eb7640237..2e8e7e6e3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TelephoneAddressType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TelephoneAddressType.java
@@ -125,8 +125,8 @@ public class TelephoneAddressType
*
* <p>
* Objects of the following type(s) are allowed in the list
- * {@link Element }
* {@link Object }
+ * {@link Element }
*
*
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TypedPostalAddressType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TypedPostalAddressType.java
index c85e2ec69..0b53e5e6a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TypedPostalAddressType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TypedPostalAddressType.java
@@ -120,8 +120,8 @@ public class TypedPostalAddressType
*
* <p>
* Objects of the following type(s) are allowed in the list
- * {@link Element }
* {@link Object }
+ * {@link Element }
*
*
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/AdviceType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/AdviceType.java
index e8ec84ccf..fb556ea95 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/AdviceType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/AdviceType.java
@@ -41,8 +41,8 @@ import org.w3c.dom.Element;
public class AdviceType {
@XmlElementRefs({
- @XmlElementRef(name = "Assertion", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class, required = false),
- @XmlElementRef(name = "AssertionIDReference", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class, required = false)
+ @XmlElementRef(name = "Assertion", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class),
+ @XmlElementRef(name = "AssertionIDReference", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class)
})
@XmlAnyElement(lax = true)
protected List<Object> assertionIDReferenceOrAssertionOrAny;
@@ -65,10 +65,10 @@ public class AdviceType {
*
* <p>
* Objects of the following type(s) are allowed in the list
+ * {@link JAXBElement }{@code <}{@link String }{@code >}
* {@link Element }
* {@link JAXBElement }{@code <}{@link AssertionType }{@code >}
* {@link Object }
- * {@link JAXBElement }{@code <}{@link String }{@code >}
*
*
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/SubjectType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/SubjectType.java
index 6845e807a..89b61c35c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/SubjectType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/SubjectType.java
@@ -41,8 +41,8 @@ import javax.xml.bind.annotation.XmlType;
public class SubjectType {
@XmlElementRefs({
- @XmlElementRef(name = "NameIdentifier", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class, required = false),
- @XmlElementRef(name = "SubjectConfirmation", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class, required = false)
+ @XmlElementRef(name = "NameIdentifier", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class),
+ @XmlElementRef(name = "SubjectConfirmation", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class)
})
protected List<JAXBElement<?>> content;
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyInfoType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyInfoType.java
index 1f980f6df..c6845af5e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyInfoType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyInfoType.java
@@ -53,13 +53,13 @@ import org.w3c.dom.Element;
public class KeyInfoType {
@XmlElementRefs({
- @XmlElementRef(name = "MgmtData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
- @XmlElementRef(name = "PGPData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
- @XmlElementRef(name = "X509Data", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
- @XmlElementRef(name = "RetrievalMethod", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
- @XmlElementRef(name = "KeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
- @XmlElementRef(name = "SPKIData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
- @XmlElementRef(name = "KeyName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false)
+ @XmlElementRef(name = "PGPData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "X509Data", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "KeyName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "RetrievalMethod", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "SPKIData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "MgmtData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "KeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)
})
@XmlMixed
@XmlAnyElement(lax = true)
@@ -88,16 +88,16 @@ public class KeyInfoType {
*
* <p>
* Objects of the following type(s) are allowed in the list
- * {@link Element }
- * {@link JAXBElement }{@code <}{@link String }{@code >}
* {@link JAXBElement }{@code <}{@link PGPDataType }{@code >}
* {@link JAXBElement }{@code <}{@link X509DataType }{@code >}
+ * {@link JAXBElement }{@code <}{@link String }{@code >}
* {@link JAXBElement }{@code <}{@link RetrievalMethodType }{@code >}
- * {@link Object }
- * {@link JAXBElement }{@code <}{@link KeyValueType }{@code >}
* {@link String }
* {@link JAXBElement }{@code <}{@link SPKIDataType }{@code >}
+ * {@link Element }
+ * {@link JAXBElement }{@code <}{@link KeyValueType }{@code >}
* {@link JAXBElement }{@code <}{@link String }{@code >}
+ * {@link Object }
*
*
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyValueType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyValueType.java
index 55001162c..68693eace 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyValueType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyValueType.java
@@ -42,8 +42,8 @@ import org.w3c.dom.Element;
public class KeyValueType {
@XmlElementRefs({
- @XmlElementRef(name = "RSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
- @XmlElementRef(name = "DSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false)
+ @XmlElementRef(name = "RSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "DSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)
})
@XmlMixed
@XmlAnyElement(lax = true)
@@ -68,10 +68,10 @@ public class KeyValueType {
* <p>
* Objects of the following type(s) are allowed in the list
* {@link JAXBElement }{@code <}{@link RSAKeyValueType }{@code >}
- * {@link Element }
+ * {@link JAXBElement }{@code <}{@link DSAKeyValueType }{@code >}
* {@link String }
+ * {@link Element }
* {@link Object }
- * {@link JAXBElement }{@code <}{@link DSAKeyValueType }{@code >}
*
*
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/ObjectFactory.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/ObjectFactory.java
index a32d3badc..167a019bd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/ObjectFactory.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/ObjectFactory.java
@@ -25,6 +25,7 @@ import javax.xml.namespace.QName;
@XmlRegistry
public class ObjectFactory {
+ private final static QName _SignatureMethodTypeHMACOutputLength_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "HMACOutputLength");
private final static QName _PGPData_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPData");
private final static QName _SPKIData_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SPKIData");
private final static QName _CanonicalizationMethod_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "CanonicalizationMethod");
@@ -49,16 +50,15 @@ public class ObjectFactory {
private final static QName _Transform_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "Transform");
private final static QName _DigestValue_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "DigestValue");
private final static QName _KeyValue_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "KeyValue");
- private final static QName _TransformTypeXPath_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "XPath");
+ private final static QName _PGPDataTypePGPKeyID_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyID");
+ private final static QName _PGPDataTypePGPKeyPacket_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyPacket");
+ private final static QName _SPKIDataTypeSPKISexp_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SPKISexp");
private final static QName _X509DataTypeX509IssuerSerial_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509IssuerSerial");
private final static QName _X509DataTypeX509Certificate_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509Certificate");
private final static QName _X509DataTypeX509SKI_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509SKI");
private final static QName _X509DataTypeX509SubjectName_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509SubjectName");
private final static QName _X509DataTypeX509CRL_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509CRL");
- private final static QName _SignatureMethodTypeHMACOutputLength_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "HMACOutputLength");
- private final static QName _SPKIDataTypeSPKISexp_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SPKISexp");
- private final static QName _PGPDataTypePGPKeyID_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyID");
- private final static QName _PGPDataTypePGPKeyPacket_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyPacket");
+ private final static QName _TransformTypeXPath_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "XPath");
/**
* Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: at.gv.util.xsd.xmldsig
@@ -244,6 +244,15 @@ public class ObjectFactory {
}
/**
+ * Create an instance of {@link JAXBElement }{@code <}{@link BigInteger }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "HMACOutputLength", scope = SignatureMethodType.class)
+ public JAXBElement<BigInteger> createSignatureMethodTypeHMACOutputLength(BigInteger value) {
+ return new JAXBElement<BigInteger>(_SignatureMethodTypeHMACOutputLength_QNAME, BigInteger.class, SignatureMethodType.class, value);
+ }
+
+ /**
* Create an instance of {@link JAXBElement }{@code <}{@link PGPDataType }{@code >}}
*
*/
@@ -463,9 +472,27 @@ public class ObjectFactory {
* Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
*
*/
- @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "XPath", scope = TransformType.class)
- public JAXBElement<String> createTransformTypeXPath(String value) {
- return new JAXBElement<String>(_TransformTypeXPath_QNAME, String.class, TransformType.class, value);
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyID", scope = PGPDataType.class)
+ public JAXBElement<String> createPGPDataTypePGPKeyID(String value) {
+ return new JAXBElement<String>(_PGPDataTypePGPKeyID_QNAME, String.class, PGPDataType.class, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyPacket", scope = PGPDataType.class)
+ public JAXBElement<String> createPGPDataTypePGPKeyPacket(String value) {
+ return new JAXBElement<String>(_PGPDataTypePGPKeyPacket_QNAME, String.class, PGPDataType.class, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+ *
+ */
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SPKISexp", scope = SPKIDataType.class)
+ public JAXBElement<String> createSPKIDataTypeSPKISexp(String value) {
+ return new JAXBElement<String>(_SPKIDataTypeSPKISexp_QNAME, String.class, SPKIDataType.class, value);
}
/**
@@ -514,39 +541,12 @@ public class ObjectFactory {
}
/**
- * Create an instance of {@link JAXBElement }{@code <}{@link BigInteger }{@code >}}
- *
- */
- @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "HMACOutputLength", scope = SignatureMethodType.class)
- public JAXBElement<BigInteger> createSignatureMethodTypeHMACOutputLength(BigInteger value) {
- return new JAXBElement<BigInteger>(_SignatureMethodTypeHMACOutputLength_QNAME, BigInteger.class, SignatureMethodType.class, value);
- }
-
- /**
- * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
- *
- */
- @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SPKISexp", scope = SPKIDataType.class)
- public JAXBElement<String> createSPKIDataTypeSPKISexp(String value) {
- return new JAXBElement<String>(_SPKIDataTypeSPKISexp_QNAME, String.class, SPKIDataType.class, value);
- }
-
- /**
* Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
*
*/
- @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyID", scope = PGPDataType.class)
- public JAXBElement<String> createPGPDataTypePGPKeyID(String value) {
- return new JAXBElement<String>(_PGPDataTypePGPKeyID_QNAME, String.class, PGPDataType.class, value);
- }
-
- /**
- * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
- *
- */
- @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyPacket", scope = PGPDataType.class)
- public JAXBElement<String> createPGPDataTypePGPKeyPacket(String value) {
- return new JAXBElement<String>(_PGPDataTypePGPKeyPacket_QNAME, String.class, PGPDataType.class, value);
+ @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "XPath", scope = TransformType.class)
+ public JAXBElement<String> createTransformTypeXPath(String value) {
+ return new JAXBElement<String>(_TransformTypeXPath_QNAME, String.class, TransformType.class, value);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/PGPDataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/PGPDataType.java
index e45501db6..add2d8886 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/PGPDataType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/PGPDataType.java
@@ -47,8 +47,8 @@ import org.w3c.dom.Element;
public class PGPDataType {
@XmlElementRefs({
- @XmlElementRef(name = "PGPKeyPacket", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
- @XmlElementRef(name = "PGPKeyID", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false)
+ @XmlElementRef(name = "PGPKeyPacket", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "PGPKeyID", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)
})
@XmlAnyElement(lax = true)
protected List<Object> content;
@@ -81,10 +81,10 @@ public class PGPDataType {
*
* <p>
* Objects of the following type(s) are allowed in the list
- * {@link Element }
- * {@link Object }
* {@link JAXBElement }{@code <}{@link String }{@code >}
+ * {@link Element }
* {@link JAXBElement }{@code <}{@link String }{@code >}
+ * {@link Object }
*
*
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SPKIDataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SPKIDataType.java
index f829d355d..e6a187e9b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SPKIDataType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SPKIDataType.java
@@ -60,8 +60,8 @@ public class SPKIDataType {
*
* <p>
* Objects of the following type(s) are allowed in the list
- * {@link Element }
* {@link JAXBElement }{@code <}{@link String }{@code >}
+ * {@link Element }
* {@link Object }
*
*
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SignatureMethodType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SignatureMethodType.java
index 70695afdf..1a463591b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SignatureMethodType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SignatureMethodType.java
@@ -42,7 +42,7 @@ import javax.xml.bind.annotation.XmlType;
})
public class SignatureMethodType {
- @XmlElementRef(name = "HMACOutputLength", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false)
+ @XmlElementRef(name = "HMACOutputLength", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)
@XmlMixed
@XmlAnyElement(lax = true)
protected List<Object> content;
@@ -68,9 +68,9 @@ public class SignatureMethodType {
*
* <p>
* Objects of the following type(s) are allowed in the list
+ * {@link JAXBElement }{@code <}{@link BigInteger }{@code >}
* {@link String }
* {@link Object }
- * {@link JAXBElement }{@code <}{@link BigInteger }{@code >}
*
*
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/TransformType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/TransformType.java
index 2b96c553e..e92465a4c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/TransformType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/TransformType.java
@@ -42,7 +42,7 @@ import org.w3c.dom.Element;
})
public class TransformType {
- @XmlElementRef(name = "XPath", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false)
+ @XmlElementRef(name = "XPath", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)
@XmlMixed
@XmlAnyElement(lax = true)
protected List<Object> content;
@@ -68,9 +68,9 @@ public class TransformType {
*
* <p>
* Objects of the following type(s) are allowed in the list
+ * {@link String }
* {@link JAXBElement }{@code <}{@link String }{@code >}
* {@link Element }
- * {@link String }
* {@link Object }
*
*
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/X509DataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/X509DataType.java
index e3148b2d0..c70b72293 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/X509DataType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/X509DataType.java
@@ -46,11 +46,11 @@ import org.w3c.dom.Element;
public class X509DataType {
@XmlElementRefs({
- @XmlElementRef(name = "X509CRL", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
- @XmlElementRef(name = "X509Certificate", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
- @XmlElementRef(name = "X509SKI", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
- @XmlElementRef(name = "X509IssuerSerial", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
- @XmlElementRef(name = "X509SubjectName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false)
+ @XmlElementRef(name = "X509SKI", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "X509CRL", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "X509Certificate", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "X509IssuerSerial", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+ @XmlElementRef(name = "X509SubjectName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)
})
@XmlAnyElement(lax = true)
protected List<Object> x509IssuerSerialOrX509SKIOrX509SubjectName;
@@ -73,13 +73,13 @@ public class X509DataType {
*
* <p>
* Objects of the following type(s) are allowed in the list
- * {@link Element }
- * {@link JAXBElement }{@code <}{@link X509IssuerSerialType }{@code >}
* {@link JAXBElement }{@code <}{@link String }{@code >}
+ * {@link JAXBElement }{@code <}{@link X509IssuerSerialType }{@code >}
* {@link JAXBElement }{@code <}{@link String }{@code >}
- * {@link Object }
+ * {@link Element }
* {@link JAXBElement }{@code <}{@link String }{@code >}
* {@link JAXBElement }{@code <}{@link String }{@code >}
+ * {@link Object }
*
*
*/
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index dc698782a..a6c0601e4 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -220,6 +220,7 @@ pvp2.13=Interner Server Fehler
pvp2.14=SAML Anfrage verweigert
pvp2.15=Keine Metadateninformation gefunden
pvp2.16=Fehler beim verschl\u00FCsseln der PVP2 Assertion
+pvp2.17=Der QAA Level {0} entspricht nicht dem angeforderten QAA Level {1}
oauth20.01=Fehlerhafte redirect url
oauth20.02=Fehlender Parameter "{0}"
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
index 3eff06daf..9d6ad4085 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
@@ -3,333 +3,318 @@
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
-<!-- MOA-ID 2.x BKUSelection Layout CSS -->
-<style type="text/css">
-@media screen and (min-width: 650px) {
- body {
- margin: 0;
- padding: 0;
- color: #000;
- background-color: #fff;
- text-align: center;
- background-color: #6B7B8B;
- }
- #localBKU p {
- font-size: 0.7em;
- }
- #localBKU input {
- font-size: 0.7em;
- /*border-radius: 5px;*/
- }
- #bkuselectionarea input[type=button] {
- font-size: 0.85em;
- /*border-radius: 7px;*/
- margin-bottom: 25px;
- min-width: 80px;
- }
- #mandateLogin {
- font-size: 0.85em;
- }
- #bku_header h2 {
- font-size: 0.8em;
- }
- #page {
- display: block;
- border: 2px solid rgb(0, 0, 0);
- width: 650px;
- height: 440px;
- margin: 0 auto;
- margin-top: 5%;
- position: relative;
- border-radius: 25px;
- background: rgb(255, 255, 255);
- }
- #page1 {
- text-align: center;
- }
- #main {
- /* clear:both; */
- position: relative;
- margin: 0 auto;
- width: 250px;
- text-align: center;
- }
- .OA_header {
- /* background-color: white;*/
- font-size: 20pt;
- margin-bottom: 25px;
- margin-top: 25px;
- }
- #leftcontent {
- /*float:left; */
- width: 250px;
- margin-bottom: 25px;
- text-align: left;
- border: 1px solid rgb(0, 0, 0);
- }
- #selectArea {
- font-size: 15px;
- padding-bottom: 65px;
- }
- #leftcontent {
- width: 300px;
- margin-top: 30px;
- }
- #bku_header {
- height: 5%;
- padding-bottom: 3px;
- padding-top: 3px;
- }
- #bkulogin {
- overflow: hidden;
- min-width: 190px;
- min-height: 180px;
- /*height: 260px;*/
- }
- h2#tabheader {
- font-size: 1.1em;
- padding-left: 2%;
- padding-right: 2%;
- position: relative;
- }
- .setAssertionButton_full {
- background: #efefef;
- cursor: pointer;
- margin-top: 15px;
- width: 100px;
- height: 30px
- }
- #leftbutton {
- width: 30%;
- float: left;
- margin-left: 40px;
- }
- #rightbutton {
- width: 30%;
- float: right;
- margin-right: 45px;
- text-align: right;
- }
- button {
- height: 25px;
- width: 75px;
- margin-bottom: 10px;
- }
- #validation {
- position: absolute;
- bottom: 0px;
- margin-left: 270px;
- padding-bottom: 10px;
- }
-}
+ <!-- MOA-ID 2.x BKUSelection Layout CSS -->
+ <style type="text/css">
+ @media screen and (min-width: 650px) {
+
+ body {
+ margin:0;
+ padding:0;
+ color : #000;
+ background-color : #fff;
+ text-align: center;
+ background-color: #6B7B8B;
+ }
+
+ #localBKU p {
+ font-size: 0.7em;
+ }
+
+ #localBKU input{
+ font-size: 0.7em;
+ /*border-radius: 5px;*/
+ }
+
+ #bkuselectionarea input[type=button] {
+ font-size: 0.85em;
+ /*border-radius: 7px;*/
+ margin-bottom: 25px;
+ min-width: 80px;
+ }
+
+ #mandateLogin {
+ font-size: 0.85em;
+ }
+
+ #bku_header h2 {
+ font-size: 0.8em;
+ }
+
+
+ #page {
+ display: block;
+ border: 2px solid rgb(0,0,0);
+ width: 650px;
+ height: 460px;
+ margin: 0 auto;
+ margin-top: 5%;
+ position: relative;
+ border-radius: 25px;
+ background: rgb(255,255,255);
+ }
+
+ #page1 {
+ text-align: center;
+ }
+
+ #main {
+ /* clear:both; */
+ position:relative;
+ margin: 0 auto;
+ width: 250px;
+ text-align: center;
+ }
+
+ .OA_header {
+ /* background-color: white;*/
+ font-size: 20pt;
+ margin-bottom: 25px;
+ margin-top: 25px;
+ }
+
+ #leftcontent {
+ /*float:left; */
+ width:250px;
+ margin-bottom: 25px;
+ text-align: left;
+ border: 1px solid rgb(0,0,0);
+ }
+
+ #selectArea {
+ font-size: 15px;
+ padding-bottom: 65px;
+ }
+
+ #leftcontent {
+ width: 300px;
+ margin-top: 30px;
+ }
+
+ #bku_header {
+ height: 5%;
+ padding-bottom: 3px;
+ padding-top: 3px;
+ }
+
+ #bkulogin {
+ overflow:hidden;
+ min-width: 190px;
+ min-height: 180px;
+ /*height: 260px;*/
+ }
+
+ h2#tabheader{
+ font-size: 1.1em;
+ padding-left: 2%;
+ padding-right: 2%;
+ position: relative;
+ }
+
+ #stork h2 {
+ font-size: 1.0em;
+ margin-bottom: 2%;
+ }
+
+ .setAssertionButton_full {
+ background: #efefef;
+ cursor: pointer;
+ margin-top: 15px;
+ width: 100px;
+ height: 30px
+ }
+
+ #leftbutton {
+ width: 30%;
+ float:left;
+ margin-left: 40px;
+ }
+
+ #rightbutton {
+ width: 30%;
+ float:right;
+ margin-right: 45px;
+ text-align: right;
+ }
+
+ button {
+ height: 25px;
+ width: 75px;
+ margin-bottom: 10px;
+ }
+
+ #validation {
+ position: absolute;
+ bottom: 0px;
+ margin-left: 270px;
+ padding-bottom: 10px;
+ }
+
+ }
-@media screen and (max-width: 205px) {
- #localBKU p {
- font-size: 0.6em;
- }
- #localBKU input {
- font-size: 0.6em;
- min-width: 60px;
- /* max-width: 65px; */
- min-height: 1.0em;
- /* border-radius: 5px; */
- }
- #bkuselectionarea input[type=button] {
- font-size: 0.7em;
- min-width: 55px;
- /*min-height: 1.1em;
+ @media screen and (max-width: 205px) {
+ #localBKU p {
+ font-size: 0.6em;
+ }
+
+ #localBKU input {
+ font-size: 0.6em;
+ min-width: 60px;
+ /* max-width: 65px; */
+ min-height: 1.0em;
+ /* border-radius: 5px; */
+ }
+
+ #bkuselectionarea input[type=button] {
+ font-size: 0.7em;
+ min-width: 55px;
+ /*min-height: 1.1em;
border-radius: 5px;*/
- margin-bottom: 2%
- }
- #mandateLogin {
- font-size: 0.65em;
- }
- #bku_header h2 {
- font-size: 0.8em;
- margin-top: -0.4em;
- padding-top: 0.4em;
- }
- #bkulogin {
- min-height: 150px;
- }
-}
+ margin-bottom: 2%
+ }
+
+ #mandateLogin {
+ font-size: 0.65em;
+ }
+
+ #bku_header h2 {
+ font-size: 0.8em;
+ margin-top: -0.4em;
+ padding-top: 0.4em;
+ }
+
+ #bkulogin {
+ min-height: 150px;
+ }
+ }
-@media screen and (max-width: 249px) and (min-width: 206px) {
- #localBKU p {
- font-size: 0.7em;
- }
- #localBKU input {
- font-size: 0.7em;
- min-width: 70px;
- /* max-width: 75px; */
- min-height: 0.95em;
- /* border-radius: 6px; */
- }
- #bkuselectionarea input[type=button] {
- font-size: 0.75em;
- min-width: 60px;
- /* min-height: 0.95em;
+ @media screen and (max-width: 249px) and (min-width: 206px) {
+ #localBKU p {
+ font-size: 0.7em;
+ }
+
+ #localBKU input {
+ font-size: 0.7em;
+ min-width: 70px;
+ /* max-width: 75px; */
+ min-height: 0.95em;
+ /* border-radius: 6px; */
+ }
+
+ #bkuselectionarea input[type=button] {
+ font-size: 0.75em;
+ min-width: 60px;
+ /* min-height: 0.95em;
border-radius: 6px; */
- margin-bottom: 5%
- }
- #mandateLogin {
- font-size: 0.75em;
- }
- #bku_header h2 {
- font-size: 0.9em;
- margin-top: -0.45em;
- padding-top: 0.45em;
- }
- #bkulogin {
- min-height: 180px;
- }
-}
+ margin-bottom: 5%
+ }
+
+ #mandateLogin {
+ font-size: 0.75em;
+ }
+
+ #bku_header h2 {
+ font-size: 0.9em;
+ margin-top: -0.45em;
+ padding-top: 0.45em;
+ }
+
+ #bkulogin {
+ min-height: 180px;
+ }
+ }
-@media screen and (max-width: 299px) and (min-width: 250px) {
- #localBKU p {
- font-size: 0.9em;
- }
- #localBKU input {
- font-size: 0.8em;
- min-width: 70px;
- /* max-width: 75px; */
- /* border-radius: 6px; */
- }
- #bkuselectionarea input[type=button] {
- font-size: 0.85em;
- /* min-height: 1.05em;
+ @media screen and (max-width: 299px) and (min-width: 250px) {
+ #localBKU p {
+ font-size: 0.9em;
+ }
+
+ #localBKU input {
+ font-size: 0.8em;
+ min-width: 70px;
+ /* max-width: 75px; */
+ /* border-radius: 6px; */
+ }
+
+ #bkuselectionarea input[type=button] {
+ font-size: 0.85em;
+ /* min-height: 1.05em;
border-radius: 7px; */
- margin-bottom: 10%;
- }
- #mandateLogin {
- font-size: 1em;
- }
- #bku_header h2 {
- font-size: 1.0em;
- margin-top: -0.50em;
- padding-top: 0.50em;
- }
-}
+ margin-bottom: 10%;
+ }
+
+ #mandateLogin {
+ font-size: 1em;
+ }
+
+ #bku_header h2 {
+ font-size: 1.0em;
+ margin-top: -0.50em;
+ padding-top: 0.50em;
+ }
+ }
-@media screen and (max-width: 399px) and (min-width: 300px) {
- #localBKU p {
- font-size: 0.9em;
- }
- #localBKU input {
- font-size: 0.8em;
- min-width: 70px;
- /* max-width: 75px; */
- /* border-radius: 6px; */
- }
- #bkuselectionarea input[type=button] {
- font-size: 0.9em;
- /* min-height: 1.2em;
+ @media screen and (max-width: 399px) and (min-width: 300px) {
+ #localBKU p {
+ font-size: 0.9em;
+ }
+
+ #localBKU input {
+ font-size: 0.8em;
+ min-width: 70px;
+ /* max-width: 75px; */
+ /* border-radius: 6px; */
+ }
+
+ #bkuselectionarea input[type=button] {
+ font-size: 0.9em;
+ /* min-height: 1.2em;
border-radius: 8px; */
- margin-bottom: 10%;
- max-width: 80px;
- }
- #mandateLogin {
- font-size: 1em;
- }
- #bku_header h2 {
- font-size: 1.1em;
- margin-top: -0.55em;
- padding-top: 0.55em;
- }
-}
-
-@media screen and (max-width: 649px) and (min-width: 400px) {
- #localBKU p {
- font-size: 0.9em;
- }
- #localBKU input {
- font-size: 0.8em;
- min-width: 70px;
- /* max-width: 80px; */
- /* border-radius: 6px; */
- }
- #bkuselectionarea input[type=button] {
- font-size: 1.0em;
- /* min-height: 1.3em;
+ margin-bottom: 10%;
+ max-width: 80px;
+ }
+
+ #mandateLogin {
+ font-size: 1em;
+ }
+
+ #bku_header h2 {
+ font-size: 1.1em;
+ margin-top: -0.55em;
+ padding-top: 0.55em;
+ }
+ }
+
+ @media screen and (max-width: 649px) and (min-width: 400px) {
+ #localBKU p {
+ font-size: 0.9em;
+ }
+
+ #localBKU input {
+ font-size: 0.8em;
+ min-width: 70px;
+ /* max-width: 80px; */
+ /* border-radius: 6px; */
+ }
+
+ #bkuselectionarea input[type=button] {
+ font-size: 1.0em;
+ /* min-height: 1.3em;
border-radius: 10px; */
- margin-bottom: 10%;
- max-width: 85px;
- }
- #mandateLogin {
- font-size: 1.2em;
- }
- #bku_header h2 {
- font-size: 1.3em;
- margin-top: -0.65em;
- padding-top: 0.65em;
- }
-}
+ margin-bottom: 10%;
+ max-width: 85px;
+ }
+
+ #mandateLogin {
+ font-size: 1.2em;
+ }
+
+ #bku_header h2 {
+ font-size: 1.3em;
+ margin-top: -0.65em;
+ padding-top: 0.65em;
+ }
+ }
-@media screen and (max-width: 649px) {
- body {
- margin: 0;
- padding: 0;
- color: #000;
- text-align: center;
- font-size: 100%;
- background-color: #MAIN_BACKGOUNDCOLOR#;
- }
- #page {
- visibility: hidden;
- margin-top: 0%;
- }
- #page1 {
- visibility: hidden;
- }
- #main {
- visibility: hidden;
- }
- #validation {
- visibility: hidden;
- display: none;
- }
- .OA_header {
- margin-bottom: 0px;
- margin-top: 0px;
- font-size: 0pt;
- visibility: hidden;
- }
- #leftcontent {
- visibility: visible;
- margin-bottom: 0px;
- text-align: left;
- border: none;
- vertical-align: middle;
- min-height: 173px;
- min-width: 204px;
- }
- #bku_header {
- height: 10%;
- min-height: 1.2em;
- margin-top: 1%;
- }
- h2#tabheader {
- padding-left: 2%;
- padding-right: 2%;
- position: relative;
- top: 50%;
- }
- #bkulogin {
- min-width: 190px;
- min-height: 155px;
- }
- .setAssertionButton_full {
- background: #efefef;
- cursor: pointer;
- margin-top: 15px;
- width: 70px;
- height: 25px;
- }
- input[type=button] {
- /* height: 11%; */
- width: 70%;
- }
-}
@media screen and (max-width: 649px) {
@@ -392,6 +377,11 @@
top: 50%;
}
+ #stork h2 {
+ font-size: 0.9em;
+ margin-bottom: 2%;
+ }
+
#bkulogin {
min-width: 190px;
min-height: 155px;
@@ -444,6 +434,11 @@
text-align: right;
}
+ #stork {
+ /*margin-bottom: 10px;*/
+ /* margin-top: 5px; */
+ }
+
#mandateLogin {
padding-bottom: 4%;
padding-top: 4%;
@@ -472,7 +467,7 @@
padding-left: 5%;
padding-right: 2%;
padding-bottom: 4%;
- padding-top: 4%;
+ /*padding-top: 4%;*/
position: relative;
clear: both;
}
@@ -523,83 +518,86 @@
/* box-shadow: -1px -1px 3px #222222; */
/* }
-*/
-input {
- /*border:1px solid #000;*/
- cursor: pointer;
-}
-
-#localBKU input {
- /* color: #BUTTON_COLOR#; */
- border: 0px;
- display: inline-block;
-}
-
-#localBKU input:hover,#localBKU input:focus,#localBKU input:active {
- text-decoration: underline;
-}
-
-#installJava,#BrowserNOK {
- clear: both;
- font-size: 0.8em;
- padding: 4px;
-}
-
-.selectText {
-
-}
-
-.selectTextHeader {
-
-}
-
-.sendButton {
- width: 30%;
- margin-bottom: 1%;
-}
-
-#leftcontent a {
- text-decoration: none;
- color: #000;
- /* display:block;*/
- padding: 4px;
-}
-
-#leftcontent a:hover,#leftcontent a:focus,#leftcontent a:active {
- text-decoration: underline;
- color: #000;
-}
-
-.infobutton {
- background-color: #005a00;
- color: white;
- font-family: serif;
- text-decoration: none;
- padding-top: 2px;
- padding-right: 4px;
- padding-bottom: 2px;
- padding-left: 4px;
- font-weight: bold;
-}
-
-.hell {
- background-color: #MAIN_BACKGOUNDCOLOR#;
- color: #MAIN_COLOR#;
-}
-
-.dunkel {
- background-color: #HEADER_BACKGROUNDCOLOR#;
- color: #HEADER_COLOR#;
-}
-
-.main_header {
- color: black;
- font-size: 32pt;
- position: absolute;
- right: 10%;
- top: 40px;
-}
-</style>
+*/
+ input {
+ /*border:1px solid #000;*/
+ cursor: pointer;
+ }
+
+ #localBKU input {
+/* color: #BUTTON_COLOR#; */
+ border: 0px;
+ display: inline-block;
+
+ }
+
+ #localBKU input:hover, #localBKU input:focus, #localBKU input:active {
+ text-decoration: underline;
+ }
+
+ #installJava, #BrowserNOK {
+ clear:both;
+ font-size:0.8em;
+ padding:4px;
+ }
+
+ .selectText{
+
+ }
+
+ .selectTextHeader{
+
+ }
+
+ .sendButton {
+ width: 30%;
+ margin-bottom: 1%;
+ }
+
+ #leftcontent a {
+ text-decoration:none;
+ color: #000;
+ /* display:block;*/
+ padding:4px;
+ }
+
+ #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
+ text-decoration:underline;
+ color: #000;
+ }
+
+ .infobutton {
+ background-color: #005a00;
+ color: white;
+ font-family: serif;
+ text-decoration: none;
+ padding-top: 2px;
+ padding-right: 4px;
+ padding-bottom: 2px;
+ padding-left: 4px;
+ font-weight: bold;
+ }
+
+ .hell {
+ background-color : #MAIN_BACKGOUNDCOLOR#;
+ color: #MAIN_COLOR#;
+ }
+
+ .dunkel {
+ background-color: #HEADER_BACKGROUNDCOLOR#;
+ color: #HEADER_COLOR#;
+ }
+
+ .main_header {
+ color: black;
+ font-size: 32pt;
+ position: absolute;
+ right: 10%;
+ top: 40px;
+
+ }
+
+ </style>
<!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
<script type="text/javascript">
function isIE() {
@@ -806,6 +804,7 @@ input {
</p-->
</form>
</div>
+
<div id="stork" align="center" style="#STORKVISIBLE#">
<h2 id="tabheader" class="dunkel">Home Country Selection</h2>
<p>
diff --git a/id/server/pom.xml b/id/server/pom.xml
index bc664e890..056accdad 100644
--- a/id/server/pom.xml
+++ b/id/server/pom.xml
@@ -17,8 +17,8 @@
<module>idserverlib</module>
<module>proxy</module>
<module>auth</module>
- <module>stork-saml-engine</module>
<module>moa-id-commons</module>
+ <module>stork2-saml-engine</module>
</modules>
<properties>
diff --git a/id/server/proxy/src/main/webapp/META-INF/MANIFEST.MF b/id/server/proxy/src/main/webapp/META-INF/MANIFEST.MF
index 5e9495128..58630c02e 100644
--- a/id/server/proxy/src/main/webapp/META-INF/MANIFEST.MF
+++ b/id/server/proxy/src/main/webapp/META-INF/MANIFEST.MF
@@ -1,3 +1,2 @@
Manifest-Version: 1.0
-Class-Path:
diff --git a/id/server/stork2-saml-engine/pom.xml b/id/server/stork2-saml-engine/pom.xml
index 6be0472a7..b002471db 100644
--- a/id/server/stork2-saml-engine/pom.xml
+++ b/id/server/stork2-saml-engine/pom.xml
@@ -1,5 +1,11 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>MOA.id</groupId>
+ <artifactId>moa-id</artifactId>
+ <version>1.9.98-SNAPSHOT</version>
+ </parent>
+
<modelVersion>4.0.0</modelVersion>
<groupId>eu.stork</groupId>
<artifactId>SamlEngine</artifactId>