aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
authorkstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>2012-01-26 21:59:33 +0000
committerkstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>2012-01-26 21:59:33 +0000
commita9b2e962d2853b74d314cb9f614cab446a7134c0 (patch)
treeebf5e54d2a8321162da208f2b7dba1285dc926f9 /id
parentfd49902f62d361acb1102024c98c304fac265fa1 (diff)
downloadmoa-id-spss-a9b2e962d2853b74d314cb9f614cab446a7134c0.tar.gz
moa-id-spss-a9b2e962d2853b74d314cb9f614cab446a7134c0.tar.bz2
moa-id-spss-a9b2e962d2853b74d314cb9f614cab446a7134c0.zip
* optionalen useUTC Parameter in Konfig eingefügt (damit IssueInstant in SAML Assertion auf UTC einstellbar)
* optionalen sourceID Parameter bei MOA-ID Aufruf eingefügt (wird 1:1 in SAML Assertion übernommen) * Update Doku (useUTC, sourceID, Vollmachten-Profile) * Ablaufänderung bei Vollmachten-Modus (Signatur Zertifikat wird aus Signatur entnommen und nicht mittels eigenem Infobox-Request) git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1233 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id')
-rw-r--r--id/readme_1.5.1.txt2
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml3
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml3
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml3
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml3
-rw-r--r--id/server/doc/MOA-ID-Configuration-1.5.1.xsd9
-rw-r--r--id/server/doc/MOA_ID_1.5_Anhang.pdfbin70517 -> 296723 bytes
-rw-r--r--id/server/doc/moa_id/faqs.htm3
-rw-r--r--id/server/doc/moa_id/id-admin.htm2
-rw-r--r--id/server/doc/moa_id/id-admin_1.htm2
-rw-r--r--id/server/doc/moa_id/id-admin_2.htm10
-rw-r--r--id/server/doc/moa_id/id-admin_3.htm2
-rw-r--r--id/server/doc/moa_id/id-anwendung.htm2
-rw-r--r--id/server/doc/moa_id/id-anwendung_1.htm8
-rw-r--r--id/server/doc/moa_id/id-anwendung_2.htm3
-rw-r--r--id/server/doc/moa_id/links.htm3
-rw-r--r--id/server/doc/moa_id/moa.htm2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java59
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java112
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java62
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java30
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java19
-rw-r--r--id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java16
-rw-r--r--id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java4
-rw-r--r--id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java2
-rw-r--r--id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java2
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java2
38 files changed, 361 insertions, 141 deletions
diff --git a/id/readme_1.5.1.txt b/id/readme_1.5.1.txt
index 8cf5e7361..e742212df 100644
--- a/id/readme_1.5.1.txt
+++ b/id/readme_1.5.1.txt
@@ -17,6 +17,8 @@ gleichen Verzeichnis):
- Änderung der Konfiguration
- für Online-Vollmachten
- Fixer Target-Parameter für Online-Applikation konfigurierbar
+ - Optionaler Parameter zur Angabe der IssueInstant im UTC Format in der SAML-Assertion
+- Weiterer optionaler Parameter sourceID beim MOA-ID Aufruf
- IAIK Libraries aktualisiert:
iaik-moa: Version 1.31
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index 697cadec4..6525642f1 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -65,7 +65,8 @@
<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
<!--<Mandates>-->
- <!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+ <!-- Liste der Vollmachten-Profile, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+ <!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.-->
<!-- <Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
<!-- </Mandates>-->
</AuthComponent>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index 41103cf3c..27bf6681c 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -76,7 +76,8 @@
<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
<!--<Mandates>-->
- <!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+ <!-- Liste der Vollmachten-Profile, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+ <!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.-->
<!-- <Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
<!-- </Mandates>-->
</AuthComponent>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index 05c6387e1..eefc7cf6a 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -67,7 +67,8 @@
<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
<!-- <Mandates> -->
- <!-- Liste der Vollmachten-Identifikatoren, die festlegt mit welchen Vollmachtstyp man sich bei der Online-Applikation anmelden kann-->
+ <!-- Liste der Vollmachten-Profile, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+ <!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.-->
<!--<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
<!--</Mandates> -->
</AuthComponent>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index 1d8b50537..f9e296c62 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -77,7 +77,8 @@
<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
<!--<Mandates>-->
- <!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+ <!-- Liste der Vollmachten-Profile, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+ <!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.-->
<!-- <Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
<!-- </Mandates>-->
</AuthComponent>
diff --git a/id/server/doc/MOA-ID-Configuration-1.5.1.xsd b/id/server/doc/MOA-ID-Configuration-1.5.1.xsd
index cc562187a..d16953eab 100644
--- a/id/server/doc/MOA-ID-Configuration-1.5.1.xsd
+++ b/id/server/doc/MOA-ID-Configuration-1.5.1.xsd
@@ -89,10 +89,16 @@
<xsd:element name="MOA-IDConfiguration">
<xsd:complexType>
<xsd:sequence>
- <xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
+ <xsd:element name="AuthComponent" minOccurs="0">
<xsd:annotation>
<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>
</xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="AuthComponentType">
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
</xsd:element>
<xsd:element name="ProxyComponent" minOccurs="0">
<xsd:annotation>
@@ -467,6 +473,7 @@
<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
<xsd:attribute name="provideFullMandatorData" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="useUTC" type="xsd:boolean" use="optional" default="false"/>
<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
</xsd:complexType>
</xsd:element>
diff --git a/id/server/doc/MOA_ID_1.5_Anhang.pdf b/id/server/doc/MOA_ID_1.5_Anhang.pdf
index 454ff933a..f2e5057c7 100644
--- a/id/server/doc/MOA_ID_1.5_Anhang.pdf
+++ b/id/server/doc/MOA_ID_1.5_Anhang.pdf
Binary files differ
diff --git a/id/server/doc/moa_id/faqs.htm b/id/server/doc/moa_id/faqs.htm
index 0b9ef0415..814d0c9f7 100644
--- a/id/server/doc/moa_id/faqs.htm
+++ b/id/server/doc/moa_id/faqs.htm
@@ -207,8 +207,7 @@ MOA ist eine Entwicklung des Bundesrechenzentrums BRZ in Zusammenarbeit mit A-Tr
</td>
<td valign="top" width="460">
<hr />
-<div style="font-size:8pt; color:#909090">&copy; 2003 <!-- Development Center, BRZ GmbH --></div>
-</td></tr></table>
+<div style="font-size:8pt; color:#909090">&copy; 2012</div></td></tr></table>
<br />
diff --git a/id/server/doc/moa_id/id-admin.htm b/id/server/doc/moa_id/id-admin.htm
index 7192f02e2..7d014299e 100644
--- a/id/server/doc/moa_id/id-admin.htm
+++ b/id/server/doc/moa_id/id-admin.htm
@@ -311,7 +311,7 @@ Die Versionsangaben beziehen sich auf die Versionen, mit denen die MOA ID Webapp
<td width="170" valign="top"><br /></td>
<td valign="top">
<hr />
-<div style="font-size:8pt; color:#909090">&copy; 2004</div>
+<div style="font-size:8pt; color:#909090">&copy; 2012</div>
</td></tr></table>
<br />
diff --git a/id/server/doc/moa_id/id-admin_1.htm b/id/server/doc/moa_id/id-admin_1.htm
index 9b18fcdbe..08a1acc73 100644
--- a/id/server/doc/moa_id/id-admin_1.htm
+++ b/id/server/doc/moa_id/id-admin_1.htm
@@ -539,7 +539,7 @@ Wenn nun versucht wird, eine Transaktion mit einer ung&uumlltigen SessionID fort
<td width="170" valign="top"><br /></td>
<td valign="top">
<hr />
-<div style="font-size:8pt; color:#909090">&copy; 2010</div>
+<div style="font-size:8pt; color:#909090">&copy; 2012</div>
</td></tr></table>
<br />
diff --git a/id/server/doc/moa_id/id-admin_2.htm b/id/server/doc/moa_id/id-admin_2.htm
index ea4874edd..8a217bfcc 100644
--- a/id/server/doc/moa_id/id-admin_2.htm
+++ b/id/server/doc/moa_id/id-admin_2.htm
@@ -613,8 +613,9 @@ Hinweis: Um den Online-Vollmachten Modus f&uuml;r eine Online Applikation zu akt
Anmeldedaten aufzunehmen.
Alle Attribute sind optional und haben den Default-Wert
<tt>false</tt>. <br>
- Das Attribut <tt id="provideStammzahlOA2">provideFullMandatorData</tt> bestimmt ob bei einer Vollmachten-Anmeldung die vollst&auml;ndigen Vollmacht in der SAML Assertion mitgegeben wird oder nur die Basisdaten wie Name, Geburtsdatum und bPK des Vertreters (bzw. Organwalter/PV) sowie Name, Geburtsdatum und bPK (bzw. Name und Stammzahl bei juristischen Personen) des Vertretenen in der Assertion &uuml;bermittelt. Bei <tt id="provideStammzahlOA3">provideFullMandatorData=false</tt> werden nur die Basisdaten &uuml;bermittelt (Defaulteinstellung). Bei <tt id="provideStammzahlOA4">provideFullMandatorData=true</tt> wird zus&auml;tzlich die gesamte Vollmacht &uuml;bergeben. </p>
-<p><b>Anmerkung</b>: Das Attribut <tt>provideStammzahl</tt> steht in keinem
+ Das Attribut <tt id="provideStammzahlOA2">provideFullMandatorData</tt> bestimmt ob bei einer Vollmachten-Anmeldung die vollst&auml;ndigen Vollmacht in der SAML Assertion mitgegeben wird oder nur die Basisdaten wie Name, Geburtsdatum und bPK des Vertreters (bzw. Organwalter/PV) sowie Name, Geburtsdatum und bPK (bzw. Name und Stammzahl bei juristischen Personen) des Vertretenen in der Assertion &uuml;bermittelt. Bei <tt id="provideStammzahlOA3">provideFullMandatorData=false</tt> werden nur die Basisdaten &uuml;bermittelt (Defaulteinstellung). Bei <tt id="provideStammzahlOA4">provideFullMandatorData=true</tt> wird zus&auml;tzlich die gesamte Vollmacht &uuml;bergeben.<br>
+ Das Attribut <tt id="provideStammzahlOA5">useUTC</tt> bestimmt ob IssueInstant in der SAML Assertion als UTC (2012-01-26T18:38:35Z, <tt id="provideStammzahlOA8">useUTC=true</tt>) oder dem Default-Format (z.B.: 2012-01-26T19:38:35+01:00, <tt id="provideStammzahlOA9">useUTC=false</tt>) angegeben wird. </p>
+ <p><b>Anmerkung</b>: Das Attribut <tt>provideStammzahl</tt> steht in keinem
Zusammenhang zum gleichnamigen Attribut
<a href="#provideStammzahlVI">VerifyInfoboxes/@provideStammzahl</a>,
das angibt ob die Stammzahl an eine <i>Pr&uuml;fapplikation</i> weitergegeben
@@ -921,7 +922,8 @@ Hinweis: Um den Online-Vollmachten Modus f&uuml;r eine Online Applikation zu akt
<br />
Mit Hilfe dieses Elements werden die Online-Vollmachten f&uuml;r die Online-Applikation aktiviert.
Als Kindelement muss <tt>Profiles</tt> angegeben werden. Dieses Element beinhaltet eine (Komma-separierte)
- Liste von Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann.<br/>
+ Liste von Vollmachten-Profilen, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann.
+ Unter <a href="https://vollmachten.stammzahlenregister.gv.at/mis/" target="_blank">https://vollmachten.stammzahlenregister.gv.at/mis/</a> finden Sie eine Liste der unterstützen Vollmachten-Profile.<br/>
Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfiguriert werden - siehe <a href="#AuthComponent_OnlineMandates">hier</a>
</p>
@@ -1453,7 +1455,7 @@ Im Falle einer fehlerhaften neuen Konfiguration wird die urspr&uuml;ngliche Konf
<td width="170" valign="top"><br /></td>
<td valign="top">
<hr />
-<div style="font-size:8pt; color:#909090">&copy; 2010</div>
+<div style="font-size:8pt; color:#909090">&copy; 2012</div>
</td></tr></table>
<br />
diff --git a/id/server/doc/moa_id/id-admin_3.htm b/id/server/doc/moa_id/id-admin_3.htm
index 8b1c74e7c..5b95feca8 100644
--- a/id/server/doc/moa_id/id-admin_3.htm
+++ b/id/server/doc/moa_id/id-admin_3.htm
@@ -194,7 +194,7 @@ Um das Logging in die Datenbank Log4j bekannt zu machen, muss die Log4j-Konfigur
<td width="170" valign="top"><br /></td>
<td valign="top">
<hr />
-<div style="font-size:8pt; color:#909090">&copy; 2004</div>
+<div style="font-size:8pt; color:#909090">&copy; 2012</div>
</td></tr></table>
<br />
diff --git a/id/server/doc/moa_id/id-anwendung.htm b/id/server/doc/moa_id/id-anwendung.htm
index d5057f854..c4cab64e1 100644
--- a/id/server/doc/moa_id/id-anwendung.htm
+++ b/id/server/doc/moa_id/id-anwendung.htm
@@ -94,7 +94,7 @@ Dies kann unter Mithilfe der Webapplikation MOA-ID-PROXY geschehen, die f&uuml;r
<td width="170" valign="top"><br /></td>
<td valign="top">
<hr />
-<div style="font-size:8pt; color:#909090">&copy; 2003 <!-- Development Center, BRZ GmbH --></div>
+<div style="font-size:8pt; color:#909090">&copy; 2012</div>
</td></tr></table>
<br />
diff --git a/id/server/doc/moa_id/id-anwendung_1.htm b/id/server/doc/moa_id/id-anwendung_1.htm
index 28f7a5979..ad45ff7e1 100644
--- a/id/server/doc/moa_id/id-anwendung_1.htm
+++ b/id/server/doc/moa_id/id-anwendung_1.htm
@@ -73,7 +73,7 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
Der Aufruf erfolgt durch einen Verweis der Form: </div>
<pre>&lt;a href=&quot;https://&lt;moa-id-server-und-pfad&gt;/
StartAuthentication?Target=&lt;gesch&auml;ftsbereich&gt;
-&OA=&lt;oa-url&gt;&Template=&lt;template-url&gt;&amp;useMandate=false&quot;&gt;</pre>
+&OA=&lt;oa-url&gt;&Template=&lt;template-url&gt;&amp;useMandate=false&amp;sourceID=&lt;sourceID&gt;&quot;&gt;</pre>
<table border="1"><tbody valign="baseline">
<tr>
<td id="klein">&lt;moa-id-server-und-pfad&gt;</td><td id="klein">Server und Pfad, wo MOA-ID-AUTH installiert ist</td>
@@ -92,6 +92,10 @@ StartAuthentication?Target=&lt;gesch&auml;ftsbereich&gt;
<td id="klein">useMandate=&lt;true/false&gt;</td>
<td id="klein">optional; Gibt an ob eine Anmeldung im Online-Vollmachten-Modus durchgef&uuml;hrt werden soll (=true) oder nicht (=false);</td>
</tr>
+<tr>
+ <td id="klein2">sourceID=&lt;sourceID&gt;</td>
+ <td id="klein2">optional; Gibt eine sourceID an, die (wenn sie gesetzt ist) in der SAML-Assertion aufscheint</td>
+</tr>
</tbody>
</table>
<br/><br/>
@@ -204,7 +208,7 @@ Im folgenden Beispiel wird in den Java Truststore &quot;truststore.jks&quot; mit
<td width="170" valign="top"><br /></td>
<td valign="top">
<hr />
-<div style="font-size:8pt; color:#909090">&copy; 2004</div>
+<div style="font-size:8pt; color:#909090">&copy; 2012</div>
</td></tr></table>
<br />
diff --git a/id/server/doc/moa_id/id-anwendung_2.htm b/id/server/doc/moa_id/id-anwendung_2.htm
index df8b10aad..4e2e89d74 100644
--- a/id/server/doc/moa_id/id-anwendung_2.htm
+++ b/id/server/doc/moa_id/id-anwendung_2.htm
@@ -237,8 +237,7 @@ Falls n&ouml;tig, kann eine maßgeschneiderte Implementierung von <tt>ConnectionB
<td width="170" valign="top"><br /></td>
<td valign="top">
<hr />
-<div style="font-size:8pt; color:#909090">&copy; 2003 <!-- Development Center, BRZ GmbH --></div>
-</td></tr></table>
+<div style="font-size:8pt; color:#909090">&copy; 2012</div></td></tr></table>
<br />
diff --git a/id/server/doc/moa_id/links.htm b/id/server/doc/moa_id/links.htm
index ef6c09083..2956c6263 100644
--- a/id/server/doc/moa_id/links.htm
+++ b/id/server/doc/moa_id/links.htm
@@ -134,8 +134,7 @@ MOA ist eine Entwicklung des Bundesrechenzentrums BRZ in Zusammenarbeit mit A-Tr
<td width="170" valign="top"><br /></td>
<td valign="top">
<hr />
-<div style="font-size:8pt; color:#909090">&copy; 2010
- <!-- Development Center, BRZ GmbH --></div>
+<div style="font-size:8pt; color:#909090">&copy; 2012</div>
</td></tr></table>
<br />
diff --git a/id/server/doc/moa_id/moa.htm b/id/server/doc/moa_id/moa.htm
index 94f4a35ea..09fb1c5b6 100644
--- a/id/server/doc/moa_id/moa.htm
+++ b/id/server/doc/moa_id/moa.htm
@@ -247,7 +247,7 @@ an den Benutzer weitergeleitet und die Anfragen des Benutzers an die OA weiterge
<td width="170" valign="top"><br /></td>
<td valign="top">
<hr />
-<div style="font-size:8pt; color:#909090">&copy; 2010</div>
+<div style="font-size:8pt; color:#909090">&copy; 2012</div>
</td></tr></table>
<br />
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 68e6b950a..a68dca65a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -24,11 +24,15 @@
package at.gv.egovernment.moa.id.auth;
+import iaik.ixsil.exceptions.UtilsException;
+import iaik.ixsil.util.Utils;
import iaik.pki.PKIException;
import iaik.x509.X509Certificate;
import java.io.ByteArrayInputStream;
import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Principal;
@@ -49,7 +53,6 @@ import org.apache.xpath.XPathAPI;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.AuthenticationException;
@@ -114,7 +117,6 @@ import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.StringUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
/**
@@ -305,7 +307,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @param useMandate Indicates if mandate is used or not
* @param templateURL URL providing an HTML template for the HTML form generated
* @param templateMandteURL URL providing an HTML template for the HTML form generated (for signing in mandates mode)
- * @param scheme determines the protocol used
+ * @param scheme determines the protocol used
+ * @param sourceID
* @return HTML form
* @throws AuthenticationException
* @see GetIdentityLinkFormBuilder
@@ -320,7 +323,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String bkuURL,
String useMandate,
String sessionID,
- String scheme)
+ String scheme,
+ String sourceID)
throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {
String useMandateString = null;
@@ -381,7 +385,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
session.setAuthURL(authURL);
session.setTemplateURL(templateURL);
- session.setBusinessService(oaParam.getBusinessService());
+ session.setBusinessService(oaParam.getBusinessService());
+ if (sourceID != null)
+ session.setSourceID(sourceID);
}
// BKU URL has not been set yet, even if session already exists
if (bkuURL == null) {
@@ -510,17 +516,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
// for testing new identity link certificate
- // https://localhost:8443/moa-id-auth/StartAuthentication?Target=AR&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample
// xmlInfoboxReadResponse = null;
// try {
-// File file = new File("c:/temp/xxxMuster-new-cert_infobox.xml");
+// File file = new File("c:/temp/XXXMuster.xml");
// FileInputStream fis;
//
// fis = new FileInputStream(file);
// byte[] array = Utils.readFromInputStream(fis);
//
// xmlInfoboxReadResponse = new String(array);
-// //System.out.println(xmlInfoboxReadResponse);
+// System.out.println(xmlInfoboxReadResponse);
//
// } catch (FileNotFoundException e) {
// // TODO Auto-generated catch block
@@ -529,7 +534,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// // TODO Auto-generated catch block
// e.printStackTrace();
// }
-//
+
// parses the <InfoboxReadResponse>
@@ -687,7 +692,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// builds the AUTH-block
- String authBlock = buildAuthenticationBlock(session);
+ String authBlock = buildAuthenticationBlock(session, oaParam);
// session.setAuthBlock(authBlock);
// builds the <CreateXMLSignatureRequest>
@@ -871,14 +876,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @throws BuildException If an error occurs on serializing an extended SAML attribute
* to be appended to the AUTH-Block.
*/
- private String buildAuthenticationBlock(AuthenticationSession session) throws BuildException {
+ private String buildAuthenticationBlock(AuthenticationSession session, OAAuthParameter oaParam) throws BuildException {
IdentityLink identityLink = session.getIdentityLink();
String issuer = identityLink.getName();
String gebDat = identityLink.getDateOfBirth();
String identificationValue = identityLink.getIdentificationValue();
String identificationType = identityLink.getIdentificationType();
- String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
+ String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), oaParam.getUseUTC());
session.setIssueInstant(issueInstant);
String authURL = session.getAuthURL();
String target = session.getTarget();
@@ -1418,6 +1423,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// parses <CreateXMLSignatureResponse>
CreateXMLSignatureResponse csresp =
new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse();
+
try {
String serializedAssertion = DOMUtils.serializeNode(csresp.getSamlAssertion());
session.setAuthBlock(serializedAssertion);
@@ -1502,12 +1508,21 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
}
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+ boolean useUTC = oaParam.getUseUTC();
// builds authentication data and stores it together with a SAML artifact
- AuthenticationData authData = buildAuthenticationData(session, vsresp);
+ AuthenticationData authData = buildAuthenticationData(session, vsresp, useUTC);
if (session.getUseMandate()) {
// mandate mode
+ //session.setAssertionAuthBlock(assertionAuthBlock)
+
+ // set signer certificate
+ session.setSignerCertificate(vsresp.getX509certificate());
+
return null;
}
else {
@@ -1521,6 +1536,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.getBkuURL(),
session.getAssertionSignerCertificateBase64(),
session.getAssertionBusinessService(),
+ session.getSourceID(),
session.getExtendedSAMLAttributesOA());
authData.setSamlAssertion(samlAssertion);
@@ -1677,6 +1693,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.getBkuURL(),
session.getAssertionSignerCertificateBase64(),
session.getAssertionBusinessService(),
+ session.getSourceID(),
session.getExtendedSAMLAttributesOA());
authData.setSamlAssertion(samlAssertion);
@@ -1772,9 +1789,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse();
- X509Certificate cert = session.getForeignSignerCertificate();
+ X509Certificate cert = session.getSignerCertificate();
vsresp.setX509certificate(cert);
- AuthenticationData authData = buildAuthenticationData(session, vsresp);
+
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+ boolean useUTC = oaParam.getUseUTC();
+ AuthenticationData authData = buildAuthenticationData(session, vsresp, useUTC);
String samlAssertion =
@@ -1786,6 +1808,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.getBkuURL(),
session.getAssertionSignerCertificateBase64(),
session.getAssertionBusinessService(),
+ session.getSourceID(),
session.getExtendedSAMLAttributesOA());
authData.setSamlAssertion(samlAssertion);
@@ -1823,7 +1846,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
*/
private AuthenticationData buildAuthenticationData(
AuthenticationSession session,
- VerifyXMLSignatureResponse verifyXMLSigResp)
+ VerifyXMLSignatureResponse verifyXMLSigResp,
+ boolean useUTC)
throws ConfigurationException, BuildException {
IdentityLink identityLink = session.getIdentityLink();
@@ -1836,7 +1860,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
authData.setMinorVersion(0);
authData.setAssertionID(Random.nextRandom());
authData.setIssuer(session.getAuthURL());
- authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance()));
+ authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC));
authData.setIdentificationType(identityLink.getIdentificationType());
authData.setGivenName(identityLink.getGivenName());
authData.setFamilyName(identityLink.getFamilyName());
@@ -1845,6 +1869,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode());
authData.setBkuURL(session.getBkuURL());
+ authData.setUseUTC(oaParam.getUseUTC());
boolean provideStammzahl = oaParam.getProvideStammzahl();
if (provideStammzahl) {
authData.setIdentificationValue(identityLink.getIdentificationValue());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 260b3fd01..f3be98ef0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -43,6 +43,8 @@ public interface MOAIDAuthConstants {
public static final String PARAM_OA = "OA";
/** servlet parameter &quot;bkuURI&quot; */
public static final String PARAM_BKU = "bkuURI";
+ /** servlet parameter &quot;sourceID&quot; */
+ public static final String PARAM_SOURCEID = "sourceID";
/** servlet parameter &quot;BKUSelectionTemplate&quot; */
public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate";
/** servlet parameter &quot;BKUSelectionTemplate&quot; */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
index 8af4e3af5..410d045f0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
@@ -57,6 +57,11 @@ public class AuthenticationAssertionBuilder {
" <saml:Attribute AttributeName=''{0}'' AttributeNamespace=''{1}''>" + NL +
" <saml:AttributeValue>{2}</saml:AttributeValue>" + NL +
" </saml:Attribute>"+ NL;
+
+ protected static String SAML_ATTRIBUTE_NO_NAMESPACE =
+ " <saml:Attribute AttributeName=''{0}''>" + NL +
+ " <saml:AttributeValue>{1}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>"+ NL;
/**
* Empty constructor
@@ -108,5 +113,26 @@ public class AuthenticationAssertionBuilder {
}
return sb.toString();
}
+
+ /**
+ * Builds the SAML attributes to be appended to the AUTHBlock or to the SAML assertion
+ * delivered to the online application.
+ * The method traverses through the list of given SAML attribute objects and builds an
+ * XML structure (String representation) for each of the attributes.
+ *
+ * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock or
+ * to the SAML assertion delivered to the online application.
+ * @return A string representation including the XML structures of
+ * the SAML attributes.
+ *
+ * @throws ParseException If an error occurs on serializing an SAML attribute.
+ */
+ protected String buildSourceIDSAMLAttributes(String sourceID) throws ParseException {
+ StringBuffer sb = new StringBuffer();
+ if (sourceID!=null)
+ sb.append(MessageFormat.format( SAML_ATTRIBUTE_NO_NAMESPACE, new Object[] {"SourceID", sourceID}));
+
+ return sb.toString();
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index 367116c73..7032e09eb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -69,9 +69,10 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
" <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
" <saml:AttributeValue>{9}</saml:AttributeValue>" + NL +
" </saml:Attribute>" + NL +
- "{10}" +
- "{11}" +
+ "{10}" +
+ "{11}" +
"{12}" +
+ "{13}" +
" </saml:AttributeStatement>" + NL +
"</saml:Assertion>";
@@ -103,9 +104,10 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
" <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
" <saml:AttributeValue>{10}</saml:AttributeValue>" + NL +
" </saml:Attribute>" + NL +
- "{11}" +
- "{12}" +
+ "{11}" +
+ "{12}" +
"{13}" +
+ "{14}" +
" </saml:AttributeStatement>" + NL +
"</saml:Assertion>";
/**
@@ -156,6 +158,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String bkuURL,
String signerCertificateBase64,
boolean businessService,
+ String sourceID,
List extendedSAMLAttributes)
throws BuildException
{
@@ -195,6 +198,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String assertion;
try {
+
assertion = MessageFormat.format(AUTH_DATA, new Object[] {
authData.getAssertionID(),
authData.getIssuer(),
@@ -206,6 +210,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
StringUtils.removeXMLDeclaration(xmlPersonData),
isQualifiedCertificate,
bkuURL,
+ buildSourceIDSAMLAttributes(sourceID),
publicAuthorityAttribute,
signerCertificateAttribute,
buildExtendedSAMLAttributes(extendedSAMLAttributes)});
@@ -244,6 +249,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String bkuURL,
String signerCertificateBase64,
boolean businessService,
+ String sourceID,
List extendedSAMLAttributes)
throws BuildException
{
@@ -295,6 +301,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
StringUtils.removeXMLDeclaration(xmlMandateData),
isQualifiedCertificate,
bkuURL,
+ buildSourceIDSAMLAttributes(sourceID),
publicAuthorityAttribute,
signerCertificateAttribute,
buildExtendedSAMLAttributes(extendedSAMLAttributes)});
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 3ab8ff819..5a18b720b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -62,6 +62,11 @@ public class AuthenticationSession {
* Friendly name for the target, if target is configured via MOA-ID configuration
*/
private String targetFriendlyName;
+
+ /**
+ * SourceID
+ */
+ private String sourceID;
/**
* Indicates if target from configuration is used or not
*/
@@ -155,7 +160,7 @@ public class AuthenticationSession {
private boolean businessService;
/**
- * Signer certificate of the foreign citizen
+ * Signer certificate of the foreign citizen or for mandate mode
*/
private X509Certificate signerCertificate;
/**
@@ -212,11 +217,11 @@ public class AuthenticationSession {
infoboxValidators = new ArrayList();
}
- public X509Certificate getForeignSignerCertificate() {
+ public X509Certificate getSignerCertificate() {
return signerCertificate;
}
- public void setForeignSignerCertificate(X509Certificate signerCertificate) {
+ public void setSignerCertificate(X509Certificate signerCertificate) {
this.signerCertificate = signerCertificate;
}
@@ -285,6 +290,14 @@ public class AuthenticationSession {
}
/**
+ * Returns the sourceID.
+ * @return String
+ */
+ public String getSourceID() {
+ return sourceID;
+ }
+
+ /**
* Returns the target friendly name.
* @return String
*/
@@ -332,6 +345,15 @@ public class AuthenticationSession {
this.target = target;
}
}
+
+ /**
+ * Sets the sourceID
+ * @param sourceID The sourceID to set
+ */
+ public void setSourceID(String sourceID) {
+ this.sourceID = sourceID;
+ }
+
/**
* Sets the target. If the target includes the target prefix, the prefix will be stripped off.
* @param target The target to set
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
index da5ad6ab9..b5c72ef9f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
@@ -87,6 +87,7 @@ public class GetAuthenticationDataService implements Constants {
String statusMessageCode = null;
String statusMessage = null;
String samlAssertion = "";
+ boolean useUTC = false;
if (requests.length > 1) {
// more than 1 request given as parameter
statusCode = "samlp:Requester";
@@ -113,8 +114,11 @@ public class GetAuthenticationDataService implements Constants {
requestID = request.getAttribute("RequestID");
String samlArtifact = DOMUtils.getText(samlArtifactElem);
try {
+
AuthenticationData authData = AuthenticationServer.getInstance().
getAuthenticationData(samlArtifact);
+
+ useUTC = authData.getUseUTC();
// success
samlAssertion = authData.getSamlAssertion();
statusCode = "samlp:Success";
@@ -135,12 +139,13 @@ public class GetAuthenticationDataService implements Constants {
}
}
try {
- String responseID = Random.nextRandom();
- String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
+ String responseID = Random.nextRandom();
+ String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC);
if (statusMessage == null)
statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null);
responses[0] = new SAMLResponseBuilder().build(
responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion);
+
}
catch (MOAIDException e) {
AxisFault fault = AxisFault.makeFault(e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index ca3883dad..431af3c31 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -79,21 +79,22 @@ public class StartAuthenticationServlet extends AuthServlet {
authURL = authURL.concat(req.getContextPath() + "/");
String target = req.getParameter(PARAM_TARGET);
+ String sourceID = req.getParameter(PARAM_SOURCEID);
String oaURL = req.getParameter(PARAM_OA);
String bkuURL = req.getParameter(PARAM_BKU);
String templateURL = req.getParameter(PARAM_TEMPLATE);
String sessionID = req.getParameter(PARAM_SESSIONID);
String useMandate = req.getParameter(PARAM_USEMANDATE);
-
// escape parameter strings
target = StringEscapeUtils.escapeHtml(target);
+ sourceID = StringEscapeUtils.escapeHtml(sourceID);
oaURL = StringEscapeUtils.escapeHtml(oaURL);
bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
templateURL = StringEscapeUtils.escapeHtml(templateURL);
sessionID = StringEscapeUtils.escapeHtml(sessionID);
useMandate = StringEscapeUtils.escapeHtml(useMandate);
-
+
resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
@@ -111,7 +112,9 @@ public class StartAuthenticationServlet extends AuthServlet {
if (!ParamValidatorUtils.isValidSessionID(sessionID))
throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");
if (!ParamValidatorUtils.isValidUseMandate(useMandate))
- throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
+ throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
+ if (!ParamValidatorUtils.isValidSourceID(sourceID))
+ throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
OAAuthParameter oaParam =
AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
@@ -130,11 +133,11 @@ public class StartAuthenticationServlet extends AuthServlet {
if (!ParamValidatorUtils.isValidTarget(target))
throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
- getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme());
+ getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID);
}
else {
// use target from config
- getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, targetConfig, targetFriendlyNameConfig, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme());
+ getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, targetConfig, targetFriendlyNameConfig, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID);
}
resp.setContentType("text/html;charset=UTF-8");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index f7f9d8fed..17cbe7a3d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -24,26 +24,40 @@
package at.gv.egovernment.moa.id.auth.servlet;
+import iaik.pki.PKIException;
+import iaik.x509.X509Certificate;
+
import java.io.IOException;
+import java.security.GeneralSecurityException;
import java.util.Map;
+import javax.net.ssl.SSLSocketFactory;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringEscapeUtils;
+import org.w3c.dom.Element;
+import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.URLEncoder;
/**
@@ -143,27 +157,31 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
String samlArtifactBase64 =
AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+
if (samlArtifactBase64 == null) {
//mandate Mode
+
+ callMISService(session, req, resp);
- Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
+ //Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
- String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+ //String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
// build dataurl
- String dataurl =
- new DataURLBuilder().buildDataURL(
- session.getAuthURL(),
- REQ_VERIFY_CERTIFICATE,
- session.getSessionID());
+// String dataurl =
+// new DataURLBuilder().buildDataURL(
+// session.getAuthURL(),
+// REQ_VERIFY_CERTIFICATE,
+// session.getSessionID());
//Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
//ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
- Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
- ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+ //Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
+ //ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
}
+
if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
redirectURL = session.getOAURLRequested();
if (!session.getBusinessService()) {
@@ -187,6 +205,78 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
}
}
+
+ /**
+ * Calls the MIS Service
+ * @param session
+ * @throws IOException
+ */
+ private void callMISService(AuthenticationSession session, HttpServletRequest req, HttpServletResponse resp) throws IOException {
+
+ try {
+ AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
+ ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
+ SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
+
+ // get identitity link as byte[]
+ Element elem = session.getIdentityLink().getSamlAssertion();
+ String s = DOMUtils.serializeNode(elem);
+
+ System.out.println("IDL: " + s);
+
+ byte[] idl = s.getBytes();
+
+ // redirect url
+ // build redirect(to the GetMISSessionIdSerlvet)
+ String redirectURL =
+ new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ GET_MIS_SESSIONID,
+ session.getSessionID());
+
+ String oaURL = session.getOAURLRequested();
+ OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
+ String profiles = oaParam.getMandateProfiles();
+
+ if (profiles == null) {
+ Logger.error("No Mandate/Profile for OA configured.");
+ throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
+ }
+
+ String profilesArray[] = profiles.split(",");
+ for(int i = 0; i < profilesArray.length; i++) {
+ profilesArray[i] = profilesArray[i].trim();
+ }
+
+ String oaFriendlyName = oaParam.getFriendlyName();
+ String mandateReferenceValue = session.getMandateReferenceValue();
+ X509Certificate cert = session.getSignerCertificate();
+ MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory);
+ String redirectMISGUI = misSessionID.getRedirectURL();
+
+ if (misSessionID == null) {
+ Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
+ throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
+ }
+
+ session.setMISSessionID(misSessionID.getSessiondId());
+
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectMISGUI);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ } catch (GeneralSecurityException ex) {
+ handleError(null, ex, req, resp);
+ } catch (PKIException e) {
+ handleError(null, e, req, resp);
+ } catch (MISSimpleClientException e) {
+ handleError(null, e, req, resp);
+ } catch (TransformerException e) {
+ handleError(null, e, req, resp);
+ }
+ }
/**
* Adds a parameter to a URL.
* @param url the URL
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index acf8b0b64..27f956c40 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -146,56 +146,8 @@ public class VerifyCertificateServlet extends AuthServlet {
if (useMandate) {
- // Mandate Modus
- // make request to MIS
-
- AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
- ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
- SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
-
- // get identitity link as byte[]
- Element elem = session.getIdentityLink().getSamlAssertion();
- String s = DOMUtils.serializeNode(elem);
- byte[] idl = s.getBytes();
-
- // redirect url
- // build redirect(to the GetMISSessionIdSerlvet)
- String redirectURL =
- new DataURLBuilder().buildDataURL(
- session.getAuthURL(),
- GET_MIS_SESSIONID,
- session.getSessionID());
-
- String oaURL = session.getOAURLRequested();
- OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
- String profiles = oaParam.getMandateProfiles();
-
- if (profiles == null) {
- Logger.error("No Mandate/Profile for OA configured.");
- throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
- }
-
- String profilesArray[] = profiles.split(",");
- for(int i = 0; i < profilesArray.length; i++) {
- profilesArray[i] = profilesArray[i].trim();
- }
-
- String oaFriendlyName = oaParam.getFriendlyName();
- String mandateReferenceValue = session.getMandateReferenceValue();
- MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory);
- String redirectMISGUI = misSessionID.getRedirectURL();
-
- if (misSessionID == null) {
- Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
- throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
- }
-
- session.setMISSessionID(misSessionID.getSessiondId());
-
- resp.setStatus(302);
- resp.addHeader("Location", redirectMISGUI);
- Logger.debug("REDIRECT TO: " + redirectURL);
-
+ Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
+ throw new AuthenticationException("auth.13", null);
}
else {
// Foreign Identities Modus
@@ -218,15 +170,7 @@ public class VerifyCertificateServlet extends AuthServlet {
}
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
- } catch (GeneralSecurityException ex) {
- handleError(null, ex, req, resp);
- } catch (PKIException e) {
- handleError(null, e, req, resp);
- } catch (MISSimpleClientException e) {
- handleError(null, e, req, resp);
- } catch (TransformerException e) {
- handleError(null, e, req, resp);
- }
+ }
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 6d4a21674..fc5d82936 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -150,7 +150,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
// create the InfoboxReadRequest to get the certificate
String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
- // build dataurl (to the GetForeignIDSerlvet)
+ // build dataurl (to the VerifyCertificateSerlvet)
String dataurl =
new DataURLBuilder().buildDataURL(
session.getAuthURL(),
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index 7fe85cfae..8cc51bf93 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -579,6 +579,7 @@ public class ConfigurationBuilder {
oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink")));
oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate")));
oap.setProvideFullMandatorData(BoolUtils.valueOf(authComponent.getAttribute("provideFullMandatorData")));
+ oap.setUseUTC(BoolUtils.valueOf(authComponent.getAttribute("useUTC")));
oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL));
oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index f85666acf..65e21cbce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -84,6 +84,9 @@ public class OAAuthParameter extends OAParameter {
* determines whether the full mandator data (i.e. the mandate) is to be included in the authentication data
*/
private boolean provideFullMandatorData;
+
+ /** determines wheter the IssueInstant of the SAML assertion is in UTC or not*/
+ private boolean useUTC;
/**
* url to a template for web page "Auswahl der B&uuml;rgerkartenumgebung"
*/
@@ -191,6 +194,14 @@ public class OAAuthParameter extends OAParameter {
return provideFullMandatorData;
}
+ /**
+ * Returns <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>.
+ * @return <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>.
+ */
+ public boolean getUseUTC() {
+ return useUTC;
+ }
+
/**
* Returns the key box identifier.
@@ -305,6 +316,16 @@ public class OAAuthParameter extends OAParameter {
public void setProvideFullMandatorData(boolean provideFullMandatorData) {
this.provideFullMandatorData = provideFullMandatorData;
}
+
+ /**
+ * Sets the useUTC variable.
+ * @param useUTC The useUTC value to set
+ */
+ public void setUseUTC(boolean useUTC) {
+ this.useUTC = useUTC;
+ }
+
+
/**
* Sets the key box identifier.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index 44eb98dad..79f3b4e30 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -107,6 +107,9 @@ public class AuthenticationData {
* the corresponding <code>lt;saml:Assertion&gt;</code>
*/
private String samlAssertion;
+
+ /** useUTC */
+ private boolean useUTC;
/**
* creation timestamp
*/
@@ -166,6 +169,14 @@ public class AuthenticationData {
public String getWBPK() {
return wbPK;
}
+
+ /**
+ * Returns useUTC
+ * @return useUTC
+ */
+ public boolean getUseUTC() {
+ return useUTC;
+ }
/**
* Sets the minorVersion.
@@ -215,6 +226,10 @@ public class AuthenticationData {
this.wbPK = wbPK;
}
+ public void setUseUTC(boolean useUTC) {
+ this.useUTC = useUTC;
+ }
+
/**
* Returns the assertionID.
* @return String
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java
index 5ce952662..2493f42b8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java
@@ -63,7 +63,7 @@ public class SAMLRequestBuilder implements Constants {
*/
public Element build(String requestID, String samlArtifactBase64) throws BuildException {
try {
- String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
+ String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), true);
String request = MessageFormat.format(REQUEST, new Object[] {requestID, issueInstant, samlArtifactBase64});
Element requestElem = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
return requestElem;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index 8c3bccab3..fa220d13d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -75,6 +75,36 @@ public class ParamValidatorUtils {
return false;
}
+ }
+
+ /**
+ * Checks if the given target is valid
+ * @param sourceID HTTP parameter from request
+ * @return
+ */
+ public static boolean isValidSourceID(String sourceID) {
+
+ Logger.debug("Überprüfe Parameter sourceID");
+
+ // if non parameter is given return true
+ if (sourceID == null) {
+ Logger.debug("Parameter Target ist null");
+ return true;
+ }
+
+
+ Pattern pattern = Pattern.compile("[\\w-_]{1,50}");
+ Matcher matcher = pattern.matcher(sourceID);
+ boolean b = matcher.matches();
+ if (b) {
+ Logger.debug("Parameter sourceID erfolgreich überprüft");
+ return true;
+ }
+ else {
+ Logger.error("Fehler Überprüfung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-50 Zeichen lang)");
+ return false;
+ }
+
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
index 1181253f1..620919c61 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -149,7 +149,8 @@ public class MISSimpleClient {
Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
Element mirElement = doc.createElementNS(MIS_NS, "MandateIssueRequest");
Element idlElement = doc.createElementNS(MIS_NS, "IdentityLink");
-
+
+
idlElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(idl))));
mirElement.appendChild(idlElement);
@@ -237,7 +238,18 @@ public class MISSimpleClient {
}
}
- private static Element sendSOAPRequest(String webServiceURL, Element request) throws MISSimpleClientException {
+ private static Element sendSOAPRequest(String webServiceURL, Element request) throws MISSimpleClientException {
+
+// try {
+// System.out.println("REQUEST-MIS: \n" + DOMUtils.serializeNode(request));
+// } catch (TransformerException e1) {
+// // TODO Auto-generated catch block
+// e1.printStackTrace();
+// } catch (IOException e1) {
+// // TODO Auto-generated catch block
+// e1.printStackTrace();
+// }
+
if (webServiceURL == null) {
throw new NullPointerException("Argument webServiceURL must not be null.");
}
@@ -249,7 +261,8 @@ public class MISSimpleClient {
PostMethod post = new PostMethod(webServiceURL);
StringRequestEntity re = new StringRequestEntity(DOMUtils.serializeNode(packIntoSOAP(request)),"text/xml", "UTF-8");
post.setRequestEntity(re);
- int responseCode = httpclient.executeMethod(post);
+ int responseCode = httpclient.executeMethod(post);
+
if (responseCode != 200) {
throw new MISSimpleClientException("Invalid HTTP response code " + responseCode);
}
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
index fcf7477c5..818773794 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
@@ -47,7 +47,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
"http://localhost:9080/", //oaURL
"file:" + findXmldata("AuthTemplate.html"),
"http://localhost:3495/http-security-layer-request",
- null, null, null);
+ null, null, null, null);
htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
//writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
assertEquals(readXmldata("htmlForm.html"),htmlForm);
@@ -66,7 +66,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
null,
"http://localhost:9080/", //oaURL
null,
- "http://localhost:3495/http-security-layer-request", null, null, null);
+ "http://localhost:3495/http-security-layer-request", null, null, null, null);
htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
//writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
assertEquals(readXmldata("htmlForm.html"),htmlForm);
@@ -87,7 +87,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
"file:" + findXmldata("AuthTemplate.html"),
null,
null,
- null, null);
+ null, null, null);
htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
//writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
assertEquals(readXmldata("htmlForm.html"),htmlForm);
@@ -106,7 +106,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
"gb", //target
null,
"http://localhost:9080/", //oaURL
- null, null, null, null, null);
+ null, null, null, null, null, null);
//assertEquals("",htmlForm);
System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
fail(this.getName() + " hat KEINE FEHLER geworfen");
@@ -126,7 +126,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
try {
server.startAuthentication("http://localhost:8080/auth", //authURL
"gb", null, "http://localhost:9080/", //oaURL
- null, null, null, null, null);
+ null, null, null, null, null, null);
System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
fail(this.getName() + " hat KEINE FEHLER geworfen");
}
@@ -144,7 +144,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
try {
server.startAuthentication("https://localhost:8443/auth", //authURL
"gb", null, "http://host_not_in_config/", //oaURL
- null, null, null, null, null);
+ null, null, null, null, null, null);
System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
fail(this.getName() + " hat KEINE FEHLER geworfen");
}
@@ -163,7 +163,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
try {
server.startAuthentication("https://localhost:8443/auth", //authURL
"gb", null, null, //oaURL
- null, null, null, null, null);
+ null, null, null, null, null, null);
System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
fail(this.getName() + " hat KEINE FEHLER geworfen");
}
@@ -182,7 +182,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
try {
server.startAuthentication("https://localhost:8443/auth", //authURL
null, null, "http://localhost:9080/", //oaURL
- null, null, null, null, null);
+ null, null, null, null, null, null);
System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
fail(this.getName() + " hat KEINE FEHLER geworfen");
}
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java
index 6ebb3cf3e..d9cd13259 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java
@@ -598,7 +598,7 @@ public class Test300VerifyAuthBlock extends AbnahmeTestCase {
authData.setMinorVersion(0);
authData.setAssertionID(Random.nextRandom());
authData.setIssuer(session.getAuthURL());
- authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance()));
+ authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance(), false));
String vpkBase64 = new BPKBuilder().buildBPK(
identityLink.getIdentificationValue(), session.getTarget());
authData.setBPK(vpkBase64);
@@ -619,7 +619,7 @@ public class Test300VerifyAuthBlock extends AbnahmeTestCase {
oaParam.getProvideIdentityLink() ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) : "";
String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : "";
String samlAssertion = new AuthenticationDataAssertionBuilder().build(
- authData, prPerson, authBlock, ilAssertion, session.getBkuURL(), "", false, null);
+ authData, prPerson, authBlock, ilAssertion, session.getBkuURL(), "", false, null, null);
authData.setSamlAssertion(samlAssertion);
return authData;
}
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java
index a66e6072c..fab258e09 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java
@@ -228,7 +228,7 @@ public class Test600GetAuthenticationDataService extends AbnahmeTestCase {
String request =
"<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" RequestID=\"" +
moaSessionID + "\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"" +
- DateTimeUtils.buildDateTime(Calendar.getInstance())+"\">" +
+ DateTimeUtils.buildDateTime(Calendar.getInstance(), false)+"\">" +
"</samlp:Request>";
Element samlPRequest = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
index 69f33f82c..8e38c7673 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
@@ -142,7 +142,7 @@ public class AbnahmeTestCase extends MOAIDTestCase {
null,
null,
null,
- null);
+ null, null);
String sessionID = parseSessionIDFromForm(htmlForm);
return sessionID;
}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
index 052c1fed4..187f577a3 100644
--- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
@@ -54,7 +54,7 @@ public class AuthenticationServerTest extends UnitTestCase {
public void doTest(String testdataDirectory, String authURL, String target, String oaURL, String bkuURL, String templateURL) throws Exception {
String testdataRoot = TESTDATA_ROOT + "xmldata/" + testdataDirectory + "/";
AuthenticationServer server = AuthenticationServer.getInstance();
- String htmlForm = server.startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, null, null, null);
+ String htmlForm = server.startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, null, null, null, null);
String sessionID = parseSessionIDFromForm(htmlForm);
String infoboxReadResponse = readFile(TESTDATA_ROOT + "xmldata/testperson1/" + "InfoboxReadResponse.xml");
HashMap parameters = new HashMap(1);